ITCurated, Author at Cyber Security Minute

State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage

Issued by: The Hacker News

A new malware campaign leveraged two zero-day flaws in Cisco networking gear to deliver custom malware and facilitate covert data collection on target environments. Cisco Talos, which dubbed the activity ArcaneDoor, attributing it as the handiwork of a previously undocumented sophisticated state-sponsored actor it tracks under the name UAT4356 (aka Storm-1849 by Microsoft). “UAT4356 deployed…

Malware & Threats

North Korean Hackers Hijack Antivirus Updates for Malware Delivery

Issued by: SecurityWeek

As part of the malware operation, referred to as GuptiMiner, the threat actor exploited a vulnerability in the eScan antivirus update mechanism and performed a man-in-the-middle (MitM) attack to replace the legitimate update package with a malicious one. eScan is a brand of India-based MicroWorld. Once the antivirus unpacks and loads the malicious payload, a…

U.S. Treasury Sanctions Iranian Firms and Individuals Tied to Cyber Attacks

Issued by: The Hacker News

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) on Monday sanctioned two firms and four individuals for their involvement in malicious cyber activities on behalf of the Iranian Islamic Revolutionary Guard Corps Cyber Electronic Command (IRGC-CEC) from at least 2016 to April 2021. This includes the front companies Mehrsam Andisheh Saz Nik (MASN)…

Vulnerabilities

FBI Director Wray Issues Dire Warning on China’s Cybersecurity Threat

Issued by: Dark Reading

FBI Director Christopher Wray this week delivered what might be the starkest warning yet on the threat that China-backed hackers pose to US national and economic security. In remarks at a Vanderbilt University-hosted summit on modern conflict and emerging threats, Wray described Chinese hackers as outnumbering FBI personnel by at least 50 to 1 and…

Mobile Security

A renewed espionage campaign targets South Asia with iOS spyware LightSpy

Issued by: Security Affairs

Blackberry researchers discovered a renewed cyber espionage campaign targeting South Asia with an Apple iOS spyware called LightSpy. The sophisticated mobile spyware has resurfaced after several months of inactivity, the new version of LightSpy, dubbed “F_Warehouse”, supports a modular framework with extensive spying capabilities.

Vulnerabilities

Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack

Issued by: The Hacker News

Threat actors have been exploiting the newly disclosed zero-day flaw in Palo Alto Networks PAN-OS software dating back to March 26, 2024, nearly three weeks before it came to light yesterday. The network security company’s Unit 42 division is tracking the activity under the name Operation MidnightEclipse, attributing it as the work of a single…

Roku disclosed a new security breach impacting 576,000 accounts

Issued by: Security Affairs

Roku announced that 576,000 accounts were hacked in new credential stuffing attacks, threat actors used credentials stolen from third-party platforms. “Credential stuffing is a type of attack in which hackers use automation and lists of compromised usernames and passwords to defeat authentication and authorization mechanisms, with the end goal of account takeover (ATO) and/or data…

Network Security

CISA orders US government agencies to check email systems for signs of Russian compromise

Issued by: CSO Online

Russian nation-state hackers have exploited a recent Microsoft email compromise to steal the emails of government agencies, the US Cybersecurity and Infrastructure Security Agency (CISA) has reiterated in a new alert. The warning ordered agencies to urgently check their email systems for signs of compromise and report back by April 30 if they believe specific…

Malware & Threats

DOJ-Collected Information Exposed in Data Breach Affecting 340,000

Issued by: SecurityWeek

The incident was detected on May 30, 2023, but it took the firm roughly eight months to investigate and determine what type of information was compromised and to identify the impacted individuals. According to GMA’s notification letter to the affected individuals, a copy of which was submitted to the Maine Attorney General’s Office, both personal…

Malware & Threats

Attackers Using Obfuscation Tools to Deliver Multi-Stage Malware via Invoice Phishing

Issued by: The Hacker News

Cybersecurity researchers have discovered an intricate multi-stage attack that leverages invoice-themed phishing decoys to deliver a wide range of malware such as Venom RAT, Remcos RAT, XWorm, NanoCore RAT, and a stealer that targets crypto wallets. The email messages come with Scalable Vector Graphics (SVG) file attachments that, when clicked, activate the infection sequence, Fortinet…