The Hacker News

The advanced persistent threat (APT) actor known as Winter Vivern is now targeting officials in Europe and the U.S. as part of an ongoing cyber espionage campaign. "TA473 since at least February 2023 has continuously leveraged an unpatched Zimbra vulnerability in publicly facing webmail portals that allows them to gain access to the email mailboxes of government entities in Europe," Proofpoint Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.comCyber Espionage / APT37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641

The Cyber Police of Ukraine, in collaboration with law enforcement officials from Czechia, has arrested several members of a cybercriminal gang that set up phishing sites to target European users. Two of the apprehended affiliates are believed to be organizers, with 10 others detained in other territories across the European Union. The suspects are alleged to have created more than 100 phishing Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.comCyber Crime / Hacking News37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641

Organizations rely on Incident response to ensure they are immediately aware of security incidents, allowing for quick action to minimize damage. They also aim to avoid follow on attacks or future related incidents. The SANS Institute provides research and education on information security. In the upcoming webinar, we’ll outline, in detail, six components of a SANS incident response plan, The Hacker Newshttp://www.blogger.com/profile/16801458706306167627noreply@blogger.comWebinar / Incident response37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641

Enterprise communications software maker 3CX on Thursday confirmed that multiple versions of its desktop app for Windows and macOS are affected by a supply chain attack. The version numbers include 18.12.407 and 18.12.416 for Windows and 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 for macOS. The company said it's engaging the services of Google-owned Mandiant to review the incident. In the Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.comCyber Threat / Supply Chain Attack37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641

Details have emerged about a now-patched vulnerability in Azure Service Fabric Explorer (SFX) that could lead to unauthenticated remote code execution. Tracked as CVE-2023-23383 (CVSS score: 8.2), the issue has been dubbed "Super FabriXss" by Orca Security, a nod to the FabriXss flaw (CVE-2022-35829, CVSS score: 6.2) that was fixed by Microsoft in October 2022. "The Super FabriXss vulnerability Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.comCloud Security / Vulnerability37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641

A Chinese state-sponsored threat activity group tracked as RedGolf has been attributed to the use of a custom Windows and Linux backdoor called KEYPLUG. "RedGolf is a particularly prolific Chinese state-sponsored threat actor group that has likely been active for many years against a wide range of industries globally," Recorded Future told The Hacker News. "The group has shown the ability to Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.comEndpoint Security / Malware37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641

A group of academics from Northeastern University and KU Leuven has disclosed a fundamental design flaw in the IEEE 802.11 Wi-Fi protocol standard, impacting a wide range of devices running Linux, FreeBSD, Android, and iOS. Successful exploitation of the shortcoming could be abused to hijack TCP connections or intercept client and web traffic, researchers Domien Schepers, Aanjhan Ranganathan, Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.comNetwork Security37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641

Multi-cloud data storage, once merely a byproduct of the great cloud migration, has now become a strategy for data management. "Multi-cloud by design," and its companion the supercloud, is an ecosystem in which several cloud systems work together to provide many organizational benefits, including increased scale and overall resiliency.And now, even security teams who have long been the holdout The Hacker Newshttp://www.blogger.com/profile/16801458706306167627noreply@blogger.comData Security / Encryption37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641

A new "comprehensive toolset" called AlienFox is being distributed on Telegram as a way for threat actors to harvest credentials from API keys and secrets from popular cloud service providers. "The spread of AlienFox represents an unreported trend towards attacking more minimal cloud services, unsuitable for crypto mining, in order to enable and expand subsequent campaigns," SentinelOne securityRavie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.comCloud Security / Cyber Threat 37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641

3CX said it's working on a software update for its desktop app after multiple cybersecurity vendors sounded the alarm on what appears to be an active supply chain attack that's using digitally signed and rigged installers of the popular voice and video conferencing software to target downstream customers. "The trojanized 3CX desktop app is the first stage in a multi-stage attack chain that pullsRavie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.comSupply Chain / Software Security37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641

A number of zero-day vulnerabilities that were addressed last year were exploited by commercial spyware vendors to target Android and iOS devices, Google's Threat Analysis Group (TAG) has revealed. The two distinct campaigns were both limited and highly targeted, taking advantage of the patch gap between the release of a fix and when it was actually deployed on the targeted devices. The scale ofRavie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.comZero-Day / Mobile Security37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641

An unknown Chinese state-sponsored hacking group has been linked to a novel piece of malware aimed at Linux servers. French cybersecurity firm ExaTrack, which found three samples of the previously documented malicious software that date back to early 2022, dubbed it Mélofée. The newest of the three artifacts is designed to drop a kernel-mode rootkit that's based on an open source project Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.comLinux / Cyber Threat37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641

Malware analysis is an essential part of security researcher's work. But working with malicious samples can be dangerous — it requires specialized tools to record their activity, and a secure environment to prevent unintended damage. However, manual lab setup and configuration can prove to be a laborious and time-consuming process. In this article, we'll look at 4 ways to create a reverse The Hacker Newshttp://www.blogger.com/profile/16801458706306167627noreply@blogger.comMalware Analysis / Cybersecurity37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641

The emergence of smart mobility services and applications has led to a sharp increase in the use of APIs in the automotive industry. However, this increased reliance on APIs has also made them one of the most common attack vectors. According to Gartner, APIs account for 90% of the web application attack surface areas.  With no surprise, similar trends are emerging also in the smart mobility The Hacker Newshttp://www.blogger.com/profile/16801458706306167627noreply@blogger.comAPI Security / Automotive Security37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641

Trojanized installers for the TOR anonymity browser are being used to target users in Russia and Eastern Europe with clipper malware designed to siphon cryptocurrencies since September 2022. "Clipboard injectors [...] can be silent for years, show no network activity or any other signs of presence until the disastrous day when they replace a crypto wallet address," Vitaly Kamluk, director of Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.comCryptocurrency / Malware37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641

A new North Korean nation-state cyber operator has been attributed to a series of campaigns orchestrated to gather strategic intelligence that aligns with Pyongyang's geopolitical interests since 2018. Google-owned Mandiant, which is tracking the activity cluster under the moniker APT43, said the group's motives are both espionage- and financially-motivated, leveraging techniques like credentialRavie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.comCyber Threat / Espionage37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641

Microsoft on Tuesday unveiled Security Copilot in limited preview, marking its continued quest to embed AI-oriented features in an attempt to offer "end-to-end defense at machine speed and scale." Powered by OpenAI's GPT-4 generative AI and its own security-specific model, it's billed as a security analysis tool that enables cybersecurity analysts to quickly respond to threats, process signals, Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.comArtificial Intelligence / Cyber Threat37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641

An advanced persistent threat (APT) group that has a track record of targeting India and Afghanistan has been linked to a new phishing campaign that delivers Action RAT. According to Cyble, which attributed the operation to SideCopy, the activity cluster is designed to target the Defence Research and Development Organization (DRDO), the research and development wing of India's Ministry of Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.comAdvanced Persistent Threat37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641

Multiple threat actors have been observed using two new variants of the IcedID malware in the wild with more limited functionality that removes functionality related to online banking fraud. IcedID, also known as BokBot, started off as a banking trojan in 2017. It's also capable of delivering additional malware, including ransomware. "The well-known IcedID version consists of an initial loader Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.comRansomware / Endpoint Security37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641

Malicious actors are constantly adapting their tactics, techniques, and procedures (TTPs) to adapt to political, technological, and regulatory changes quickly. A few emerging threats that organizations of all sizes should be aware of include the following: Increased use of Artificial Intelligence and Machine Learning: Malicious actors are increasingly leveraging AI and machine learning to The Hacker Newshttp://www.blogger.com/profile/16801458706306167627noreply@blogger.comPen Testing / Artificial Intelligence37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641