24 Dec, 2024

Hackers increasingly use Winos4.0 post-exploitation kit in attacks

Hackers are increasingly targeting Windows users with the malicious Winos4.0 framework, distributed via seemingly benign game-related apps. The toolkit is the equivalent of Sliver and Cobalt Strike post-exploitation frameworks and it was documented by Trend Micro this summer in a report on attacks against Chinese users. At the time, a threat actor tracked as Void Arachne/Silver Fox lured victims […]

2 mins read

New SteelFox malware hijacks Windows PCs using vulnerable driver

A new malicious package called ‘SteelFox’ mines for cryptocurrency and steals credit card data by using the “bring your own vulnerable driver” technique to get SYSTEM privileges on Windows machines. The malware bundle dropper is distributed through forums and torrent trackers as a crack tool that activates legitimate versions of various software like Foxit PDF Editor, JetBrains and […]

3 mins read

Cisco bug lets hackers run commands as root on UWRB access points

Cisco has fixed a maximum severity vulnerability that allows attackers to run commands with root privileges on vulnerable Ultra-Reliable Wireless Backhaul (URWB) access points that provide connectivity for industrial wireless automation. Tracked as CVE-2024-20418, this security flaw was found in Cisco’s Unified Industrial Wireless Software’s web-based management interface. Unauthenticated threat actors can exploit it in low-complexity […]

2 mins read

Washington courts’ systems offline following weekend cyberattack

​​Court systems across Washington state have been down since Sunday when officials said “unauthorized activity” was detected on their networks. This ongoing data system outage affects all state courts’ judicial information systems, websites, and associated services. According to statements from affected state courts, the Administrative Office of the Courts (AOC) acted quickly after discovering the […]

2 mins read

Interpol disrupts cybercrime activity on 22,000 IP addresses, arrests 41

Interpol announced it arrested 41 individuals and taken down 1,037 servers and infrastructure running on 22,000 IP addresses facilitating cybercrime in an international law enforcement action titled Operation Synergia II. The operation took place between April and August 2024, spanning 95 countries and resulting in 41 arrests of those linked to various crimes, including ransomware, […]

2 mins read

Windows infected with backdoored Linux VMs in new phishing attacks

A new phishing campaign dubbed ‘CRON#TRAP’ infects Windows with a Linux virtual machine that contains a built-in backdoor to give stealthy access to corporate networks. Using virtual machines to conduct attacks is nothing new, with ransomware gangs and cryptominers using them to stealthily perform malicious activity. However, threat actors commonly install these manually after they breach a network. A […]

3 mins read

Custom “Pygmy Goat” malware used in Sophos Firewall hack on govt network

UK’s National Cyber Security Centre (NCSC) has published an analysis of a Linux malware named “Pigmy Goat” created to backdoor Sophos XG firewall devices as part of recently disclosed attacks by Chinese threat actors. Last week, Sophos published a series of reports dubbed “Pacific Rim” that detailed five-year attacks by Chinese threat actors on edge networking devices. One […]

3 mins read

Nokia investigates breach after hacker claims to steal source code

Nokia is investigating whether a third-party vendor was breached after a hacker claimed to be selling the company’s stolen source code. “Nokia is aware of reports that an unauthorized actor has alleged to have gained access to certain third-party contractor data and possibly data of Nokia,” the company told GeekFeed. “Nokia takes this allegation seriously […]

1 min read

Google fixes two Android zero-days used in targeted attacks

Google fixed two actively exploited Android zero-day flaws as part of its November security updates, addressing a total of 51 vulnerabilities. Tracked as CVE-2024-43047 and CVE-2024-43093, the two issues are marked as exploited in limited, targeted attacks. “There are indications that the following may be under limited, targeted exploitation,” says Google’s advisory. The CVE-2024-43047 flaw is […]

2 mins read

Suspect behind Snowflake data-theft attacks arrested in Canada

Canadian authorities have arrested a man suspected of having stolen the data of hundreds of millions after targeting over 165 organizations, all of them customers of cloud storage company Snowflake. According to Canada’s Department of Justice, Alexander “Connor” Moucka (aka “Waifu” and “Judische”) was taken into custody on Wednesday at the request of the United States […]

2 mins read