Android Trojan MMRat Exploits Accessibility Feature for Remote Financial Fraud
The Android banking trojan known as MMRat has emerged as a significant threat, primarily targeting users in Southeast Asia since late June 2023. This trojan, operating inconspicuously under the package name com.mm.user, has garnered attention for its capability to manipulate… Read more
Earth Estries’ Espionage Campaign Targets Governments and Tech Titans Across Continents
A cyber espionage campaign has been attributed to a hacking group referred to as Earth Estries. This group has been targeting government and technology sectors in various countries, including the Philippines, Taiwan, Malaysia, South Africa, Germany, and the U.S. Notably, Earth Estries demonstrates a high level of sophistication in its operations, leveraging extensive resources and expertise in cyber espionage and… Read more
Hackers Leverage Brute Force Attacks on Cisco VPNs for Network Breaches
Hackers are turning their focus towards exploiting security vulnerabilities within Cisco Adaptive Security Appliance (ASA) SSL VPNs. The attacks, employing tactics like credential stuffing and brute-force techniques, have identified a gap in defense strategies… Read more
Malicious Python Packages in PyPI Repository Traced Back to North Korean Hackers
ReversingLabs, a leading security research firm, unearthed three new malicious Python packages within the widely used Package Index (PyPI) repository. The campaign, identified as VMConnect, is suspected to be orchestrated by North Korean state-sponsored threat actors. The malevolent packages in question are dubbed tablediter, request-plus, and requestspro. VMConnect, originally disclosed earlier… Read more
Cybercriminals Target VMware Aria Operations Networks Exploiting Critical Vulnerability
VMware has recently issued crucial software updates to rectify security vulnerabilities identified within Aria Operations for Networks. These vulnerabilities bear the potential to be exploited for circumventing authentication protocols and gaining unauthorized remote code execution. The first flaw, designated as CVE-2023-34039 with a CVSS score of 9.8, stems from an instance of authentication bypass attributed to the… Read more
Malicious Rust Libraries Detected Transmitting OS Information to Telegram
A series of malicious packages has come to light in the Rust programming language’s crate registry, signaling yet another instance of software supply chain attacks targeting developers. The reported discovery points to a timeline spanning August 14 to 16, 2023, during which “amaperf,” an identified user, uploaded these libraries. This incident raises concerns about the security of the software supply chain, as the said packages—namely… Read more
Chinese APT Group Targets Government, Military, and Telecom Sectors with Barracuda Zero-Day Exploit
A hacking group with ties to China has capitalized on a recently exposed zero-day vulnerability in Barracuda Networks Email Security Gateway (ESG) devices, effectively breaching critical sectors including government, military, defense, aerospace, high-tech industry, and telecommunications.
The operation, monitored by Mandiant and codenamed UNC4841, portrays the threat actor as highly adaptive to defensive measures, demonstrating the ability to adjust tactics to ensure continuous access to targeted systems. Read more
Microsoft Issues Advisory on AI-Enhanced Phishing-as-a-Service Attacks
Microsoft has issued a warning about a surge in adversary-in-the-middle (AiTM) phishing tactics, aligning with the burgeoning trend of phishing-as-a-service (PhaaS). This trend has also found its way into established phishing services such as PerSwaysion, which are now incorporating AiTM functionalities. AiTM-equipped phishing kits operate through two distinct approaches. The first involves… Read more
Upgraded KmsdBot Malware Targets IoT Devices with Advanced Features
KmsdBot, a botnet malware, has set its sights on a new frontier – Internet of Things (IoT) devices. In a detailed analysis presented by Akamai security researcher Larry W. Cashdollar, it was revealed that the updated binary of KmsdBot now boasts enhanced features, including Telnet scanning capabilities and compatibility with an expanded array of CPU architectures. Read more
Critical Vulnerability in Citrix NetScaler Exploited by Ransomware Groups
Unpatched Citrix NetScaler systems exposed to the online sphere have fallen prey to targeted actions initiated by unidentified threat actors, suggesting a probable ransomware incursion. Cybersecurity firm Sophos is diligently monitoring the pattern of activities, attributing them to the STAC4663 cluster. These incidents are characterized by an intricate chain of attack, centering on the exploitation of CVE-2023-3519, a high-severity code injection vulnerability that… Read more
Rhysida Gang Claims Prospect Medical Ransomware Attack
In a recent turn of events, the Rhysida ransomware group has come forward as the orchestrator of the extensive cyber assault on Prospect Medical Holdings. The breach, which transpired on August 3rd, has sent shockwaves through the healthcare industry. Initial findings suggest that the attackers managed to gain unauthorized access to sensitive information, including 500,000 social security numbers, crucial corporate files, and… Read more
