Hackers are attacking ThinkPHP by injecting payload from remote servers, exploiting known vulnerabilities such as ThinkPHP RCE CVE-2018-20062 and CVE-2019-9082. Attackers are using a Chinese web shell named "Dama" for victim control but it lacks CLI support. The attacks aim for botnet recruitment, ransomware attacks, extortion, and acquiring intelligence. #Cybersecurity #ThinkPHP #WebShell #Attack #Vulnerability #Malware #DataBreach #ZeroDay #CyberAI #Hackers #RemoteServers

Cyber Security News

Hackers Attack ThinkPHP By Injecting Payload From Remote Servers

Threat actors are constantly evolving their TTPs at a rapid pace and also developing new malicious tools to execute their malicious

Huge surge in attacks exploiting Check Point VPN Zero-Day Vulnerability, CVE-2024-24919, critical vulnerability allowing access to sensitive information on Security Gateway. Path traversal vulnerability exploited through crafted POST request. Attacks observed since April 7, 2024, with successful exploitation globally by May 31, 2024. Top exploited paths include etc/fstab, etc/shadow, sysimg/CPwrapper/SU/Products.conf. Urgent need for patching systems to mitigate severe vulnerability. #CyberSecurity #ZeroDay #CheckPointVPN #VulnerabilityExploitation #PatchNow

Cyber Security News

Huge Surge in Attacks Exploiting Check Point VPN Zero-Day Vulnerability

Check Point published an advisory regarding a critical vulnerability, CVE-2024-24919, which has since seen a surge in exploitation attempts.

Chinese hackers exploit old ThinkPHP vulnerabilities in new attacks, Akamai warns of ongoing threat. Patch vulnerabilities urgently to prevent attacks. Chinese threat actor uses web shell to navigate file system and escalate privileges. #Cybersecurity #Threats #Vulnerabilities #ThinkPHP #ChineseHackers

SecurityWeek

Chinese Hackers Exploit Old ThinkPHP Vulnerabilities in New Attacks

A Chinese threat actor is exploiting years-old remote code execution vulnerabilities in ThinkPHP in new attacks.

A bypass flaw in hotel check-in terminals leaks guests' personal data. Vulnerability allows threat actors to access Windows desktop from kiosk mode. Researchers discover weakness in Ariane Allegro Scenario Player. Attackers can crash machine and access PII, reservations, and invoices. Hashtags: CyberSecurity, DataBreaches, Vulnerability, KioskModeBypass, PersonalDataLeak.

Cyber Security News

Kiosk Mode Bypass Flaw On Hotel Check-in Terminal Leaks Guests Personal Data

A new vulnerability has been discovered in Ariane Allegro  Scenario Player in a Kiosk mode that could allow threat actors to bypass the Kiosk

Online Privacy, Overfishing, Microsoft AI tools used by hackers, Privacy expectations shifting, Fish populations decline, Ecological perspective, Shifting baselines in tech, Loss of privacy, Cloud deployment model, AI chatbots, Conservation of privacy rights, Democratic regulatory process. #OnlinePrivacy #Overfishing #Microsoft #AItolls #PrivacyExpectations #ShiftingBaselines #FishPopulations #EcologicalPerspective #CloudModel #AIchatbots #PrivacyRights #RegulatoryProcess

Schneier on Security

Online Privacy and Overfishing - Schneier on Security

Microsoft recently caught state-backed hackers using its generative AI tools to help with their attacks. In the security community, the immediate q...

Europol launches Operation Endgame to hunt down Emotet malware developer "Odd" who remains elusive despite previous takedowns. International law enforcement agencies collaborate to dismantle botnets linked to cybercrime. Warning issued to cybercriminals as eight Russian citizens are added to Europe's most wanted list. Operation Endgame emphasizes global coordination in fighting cybercrime. #Europol #OperationEndgame #EmotetMalware #CybercrimeEnforcement

Cyber Security News

Europol Starts Hunting For Emotet Malware Developer And Mastermind

The Europol-led Operation Endgame is presently focusing on the individual threat actors operating behind the botnets.

ANY.RUN Sandbox added new features for analyzing sophisticated malware. New YARA rules and network rules target specific malware families and threats. Improved system capabilities for detecting and gathering intel from diverse malware threats. Professionals in cybersecurity use ANY.RUN for examining suspicious files. Real-time detection and interactive analysis make ANY.RUN a valuable tool for security teams. Cost-effective and user-friendly interface makes it a preferred option for SOC and DFIR teams. #ANYRUN #malwareanalysis #cybersecurity #threatintelligence #malwaredetection

Cyber Security News

ANY RUN Sandbox Added New Features to Analyse Sophisticated Malware

ANY.RUN revamped their user interface for a more streamlined workflow, as the sandbox homepage now features shortcut buttons.

Vidar Stealer employs advanced tactics to evade defense solutions, making it a potent and sophisticated malware posing risks to organizations and individuals. #VidarStealer #AdvancedTactics #Cybersecurity Sold on the dark web, Vidar Stealer targets a wide range of data using obfuscation techniques and leveraging social media platforms for command-and-control infrastructure. #DarkWeb #DataBreaches #InfoStealing The malware collaborates with other strains, uses social media for updates, and employs evasion techniques like injecting code into legitimate processes, emphasizing the need for robust cybersecurity measures. #Collaboration #Evasion #CyberAwareness

Cyber Security News

Vidar Stealer Employs Advanced Tactics to Evade Defense Solutions

The Vidar Stealer has emerged as a potent and sophisticated malware, posing significant risks to both organizations and individuals.

Ticketmaster confirms breach impacting 560 million users, ShinyHunters involved, Live Nation downplays financial impact, Snowflake targeted #Ticketmaster #Breach #ShinyHunters #SecurityBreach #DataBreach #Snowflake #LiveNation #CyberAttack

Infosecurity Magazine

Ticketmaster Confirms Breach Potentially Impacting 560 Million Users

Ticketing giant Live Nation has confirmed a May data breach involving tech supplier Snowflake

#HunterKillerMalware #MalwareAttacks #CybersecurityTactics #EvasionTechniques #CyberThreats

SecurityWeek

Hunter-Killer Malware Tactic Growing: Stealthy, Persistent and Aggressive

A malware tactic dubbed ‘hunter-killer’ is growing and may become the standard approach for advanced attacks.

"Hunter-Killer" malware detections have increased by 333% annually, accounting for 26% of all detections in 2023. #malware #cybersecurity These malware attacks are designed to evade security tools and disable enterprise security defenses. #cybercrime #security The surge in hunter-killer malware can be linked to three main MITRE ATT&CK techniques: process injection, command and scripting interpreter, and impairing defenses. #MITRE #cyberattacks Malware attackers are repurposing cybersecurity utilities to launch aggressive attacks, abusing anti-rootkit utilities and other endpoint defenses. #ransomware #cybersecurity Defenders must be proactive in simulating attacks to assess the response of their defensive systems against hunter-killer malware. #incidentresponse #networksecurity

Infosecurity Magazine

Stealthy “Hunter-Killer” Malware Detections Surge 333% Annually

Picus Security sees huge uptick in malware designed to detect and disrupt security tooling

Coyote malware uses NodeJS to attack users of over 60 banks. Threat actors alter login pages to steal credentials. The malware leverages Squirrel and DLL sideloading for persistence. It communicates with a C2 server to send collected information. #cybersecurity #malware #bankingattacks

Cyber Security News

Coyote Malware Leverage NodeJS to Attack Users of 60+ Bank Users

Cybersecurity analysts at Kaspersky Labs recently discovered Coyote malware that leverages the NodeJS to attack users of more than 60 banks.

Summary: - Matt Burgess discusses the usability of passkeys and mentions that the results are mixed, highlighting the issue of account recovery. - Commenters share their thoughts on passkeys, mentioning scalability, security concerns, and the need for easier recovery methods. - Chris Smith raises the point that passkeys may create an economic barrier for individuals without their own devices. - In general, passkeys are seen as a potential replacement for passwords but still have limitations that need to be addressed. Hashtags: #Passkeys #Usability #Passwords #AccountRecovery #Security #Scalability

Schneier on Security

On Passkey Usability - Schneier on Security

Matt Burgess tries to only use passkeys. The results are mixed.

Stealthy Cyberespionage Campaign Remained Undiscovered for Two Years: A non-profit organization in Saudi Arabia was targeted in a stealthy cyberespionage campaign that went undetected for two years. The campaign utilized a custom backdoor called Zardoor, modified reverse proxies, and the abuse of legitimate tools for malware delivery and command-and-control setup. The threat actor has remained unidentified, but their advanced techniques and ability to maintain long-term access to the victim's network suggest there may be other compromised targets. #Cyberespionage #DataBreach #ThreatActor Note: I have created a 2-sentence summary based on the provided text. Please adjust the number of sentences and hashtags as needed.

SecurityWeek

Stealthy Cyberespionage Campaign Remained Undiscovered for Two Years

A possibly China-linked threat actor uses a custom backdoor in a cyberespionage campaign ongoing since at least 2021.

Summary: ExpressVPN recently disabled split tunneling on its Windows clients due to a bug that caused DNS requests to be redirected to a third party instead of their servers. The bug only affected certain versions of the software and less than 1% of Windows users. ExpressVPN released an update to disable split tunneling entirely until the issue is resolved. Users can downgrade to an older version if split tunneling is necessary. Hashtags: #ExpressVPN #SplitTunneling #Bug #SecurityIssue

SecurityWeek

ExpressVPN User Data Exposed Due to Bug

ExpressVPN disables split tunneling on Windows after learning that DNS requests were not properly directed.

Ongoing Azure Cloud Account Takeover Campaign Targeting Senior Personnel - An active cloud account takeover campaign has compromised hundreds of user accounts on the Azure platform. The targets are often senior positions, including sales directors, account managers, and finance managers. Proofpoint researchers detected the campaign and identified phishing lures used within shared documents. The attackers use a specific Linux user-agent for access and employ various techniques for maintaining persistence and obfuscating their activity. The campaign may have connections to Russian and/or Nigerian actors. #AzureCloud #AccountTakeover #Phishing #Cybersecurity #SeniorPersonnel Summary: An active Azure cloud account takeover campaign has compromised user accounts, particularly targeting senior personnel. Proofpoint researchers have identified phishing lures and techniques used by the attackers. The campaign is ongoing and may involve Russian and/or Nigerian actors. #Azure #CloudAccountTakeover #PhishingCampaign #SeniorPersonnel

SecurityWeek

Ongoing Azure Cloud Account Takeover Campaign Targeting Senior Personnel

An active cloud account takeover campaign has impacted dozens of Azure environments and compromised hundreds of user accounts.

Malicious campaign targets Microsoft Azure accounts. Hundreds of individuals with executive roles are affected. Campaign started in November 2023 and is still active. Threat actors use spear phishing emails with shared documents. They gain access to Microsoft365 and 'OfficeHome' accounts. Post-compromise activities include MFA manipulation, data exfiltration, phishing, and fraud. Proofpoint provides mitigation recommendations. Hashtags: #MaliciousCampaign #MicrosoftAzure #Cybersecurity #SpearPhishing #DataExfiltration #PhishingFraud

Infosecurity Magazine

Malicious Campaign Impacts Hundreds of Microsoft Azure Accounts

Proofpoint has observed an ongoing campaign targeting the Microsoft Azure applications of hundreds of individuals with operational and executive roles

Summary: China has launched a media campaign to accuse the US of hacking operations, partnering with cybersecurity firms, government agencies, and state media to amplify the allegations. The campaign gained momentum in 2022, with China publishing articles and reports in English to highlight US hacking activities. However, the accusations lack technical validation and evidence, raising questions about China's motives and the credibility of its claims. Hashtags: #China #US #hacking #cybersecurity #media #campaign

Infosecurity Magazine

China Targets US Hacking Ops in Media Offensive

Claims include allegations of US hacking into seismic sensors at the Wuhan Earthquake Monitoring Center

Sophisticated cyber-attack hits Islamic charity in Saudi Arabia. Prolonged cyber-espionage campaign targeting a non-profit organization. Attackers used malware called "Zardoor" for access. Open-source reverse proxy tools used to evade detection. Windows Management Instrumentation used for lateral movement. Backdoors deployed for access and data exfiltration. Attackers employ various techniques for persistence and communication. Attack attributed to advanced and skilled adversary. #CyberAttack #SaudiArabia #Zardoor #ReverseProxy #WindowsManagementInstrumentation

Infosecurity Magazine

Sophisticated Cyber-Attack Hits Islamic Charity in Saudi Arabia

Talos said the attacker utilized new “Zardoor” malware to establish persistence

Rise of Black Hat AI Tools That Shifts The Nature Of Cyber Warfare - Malicious versions of LLMs, like dark variants of ChatGPT, are escalating cyber warfare - These models generate convincing phishing emails, spread disinformation, and craft targeted social engineering messages - Illicit capabilities pose a significant threat to online security and challenge distinguishing genuine and malicious content - Rise in using malicious versions of ChatGPT and other dark LLMs discovered by cybersecurity researchers - Dark LLMs empower beginner attackers and challenge advanced security frameworks - Known dark LLMs include XXXGPT, Wolf GPT, WormGPT, and DarkBARD - Dark LLMs are involved in illicit activities such as targeted research synthesis, enhancing phishing schemes, and voice-based AI fraud - AI-driven attacks automate vulnerability discovery and malware spread, requiring a re-evaluation of cybersecurity defenses - Traditional defenses and phishing recognition are no longer sufficient - Rethinking of phishing detection and awareness training is necessary in response to the shift in AI's capacity to simulate convincing emails. Hashtags: #CyberAI #CyberSecurity #CyberSecurityNews

Cyber Security News

Rise of Malicious Black Hat AI Tools That Shifts The Nature Of Cyber Warfare

The rise of malicious versions of LLMs, like dark variants of ChatGPT is escalating cyber warfare by enabling more sophisticated and automated atta...