Faronics patches critical-severity remote code execution (RCE) vulnerabilities in the Insight education software.
The post Critical Vulnerabilities Found in Faronics Education Software appeared first on SecurityWeek.
The all in one place for non-profit security aid.
Faronics patches critical-severity remote code execution (RCE) vulnerabilities in the Insight education software.
The post Critical Vulnerabilities Found in Faronics Education Software appeared first on SecurityWeek.
What up in the underworld’s C2C markets. An update on the Sony hack claims. Notes on cyberespionage, from Russia, China, and parts unknown. And there’s a market for bugs.
A Joint Advisory warns of Beijing’s “BlackTech” threat activity. ShadowSyndicate is a new ransomware as a service operation. A Smishing Triad in the UAE. Openfire flaw actively exploited against servers. AtlasCross is technically capable and, above all, “cautious.” Xenomorph malware in the wild. DDoS and API attacks hit the financial sector. In our Industry Voices segment, Joe DePlato from Bluestone Analytics demystified dark net drug markets. Our guest is Richard Hummel from Netscout with the latest trending DDoS vectors. And the FCC chair announces plans to restore net neutrality. Read More
The CyberWire
Threat Actors Claiming Breach of Nokia Database
Threat actors have claimed responsibility for a breach of Nokia’s database.
The announcement was made via a tweet from the notorious hacker group H4ckManac, known for their previous cyber exploits.
The tweet, 2024, reads: “We have successfully breached Nokia’s database. Sensitive information is now in our hands. #NokiaHack #DataBreach”.
– Nokia
A potential data breach has been detected on a hacking forum: After Shopify, the threat actor is claiming a data breach at Nokia.
According to the post, in July 2024, Nokia suffered a data breach from a third party that exposed 7,622 rows of… pic.twitter.com/WgOGrIdUNi
— HackManac (@H4ckManac) July 9, 2024
According to cybersecurity experts, the breach appears to have compromised a substantial amount of sensitive data, including customer information, internal communications, and proprietary technology details.
Join our free webinar to learn about combating slow DDoS attacks, a major threat today.
The exact breach method remains unclear, but initial analyses suggest that the hackers may have exploited vulnerabilities in Nokia’s network infrastructure.
The hacker group has a history of targeting large corporations and has previously been linked to breaches involving financial institutions and tech companies.
This latest incident raises serious concerns about the security measures at Nokia, a global leader in telecommunications technology.
Nokia has yet to release an official statement regarding the breach.
However, sources within the company indicate that an internal investigation is underway.
The company is expected to collaborate with cybersecurity firms and law enforcement agencies to mitigate the damage and prevent further unauthorized access.
In the meantime, experts advise Nokia customers to remain vigilant and monitor their accounts for any unusual activity.
Users should also change their passwords and enable two-factor authentication where possible.
This code demonstrates how to generate and verify a Time-based One-Time Password (TOTP), adding an extra security layer to user authentication processes. Cybersecurity.
As the investigation into the Nokia breach continues, it serves as a stark reminder of the ever-present threats in the digital age.
Organizations must remain vigilant and proactive in their cybersecurity efforts to protect sensitive data and maintain customer trust.
“Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!”- Free Demo
The post Threat Actors Claiming Breach of Nokia Database appeared first on Cyber Security News.
Hackers using Weaponized PDF Files to Deliver Remcos RAT
[[{“value”:”
Cybercriminals have launched a sophisticated campaign targeting individuals and organizations across Latin America, utilizing weaponized PDF files to deploy dangerous Remote Access Trojans (RATs) such as Remcos.
This alarming development has raised concerns about cybersecurity preparedness in the region.
The attackers initiate the infection by impersonating Colombian government agencies and sending out PDF documents that falsely accuse recipients of traffic violations or other legal issues.
These documents contain links that, when clicked, prompt the download of a ZIP file.
This file includes a Visual Basic Script (VBS) obfuscated with dead code to evade detection.
The campaign cleverly masquerades as official communication from entities like the COLOMBIANA DE MUNICIPIOS, leveraging the trust in government institutions to deceive victims.
The attackers’ choice of lures indicates a calculated approach to target individuals and potentially organizations that interact with or are part of the Colombian government infrastructure.
Upon execution, the VBS script triggers a PowerShell script that performs two critical actions:
It first retrieves the payload’s address from a legitimate storage service, such as textbin.net, and then downloads it.
It executes the payload from the provided address.
This could include various legitimate services like cdn.discordapp.com, pasteio.com, hidrive.ionos.com, and wtools.io.
According to a recent tweet by ANY.RUN, there’s an ongoing cyber attack campaign in Latin America.
The attackers employ a technique where they coerce users into initiating malware infections.
An ongoing campaign targeting #LATAM: Attackers are forcing users to initiate infections
The #attackers impersonate Colombian government agencies (e.g., COLOMBIANA DE MUNICIPIOS) by sending PDFs, accusing the recipients of traffic violations or other legal issues.
These… pic.twitter.com/t0RcNtJuH3
— ANY.RUN (@anyrun_app) March 14, 2024
This intricate execution chain delivers a RAT as the final payload, and the attackers employ several notorious RATs, including AsyncRAT, NjRAT, and Remcos.
These RATs grant cybercriminals remote control over infected systems, allowing them to steal sensitive information, monitor user actions, and potentially deploy further malware.
The image above illustrates the execution chain of the ongoing LATAM-targeted campaign, showcasing the step-by-step process from the initial PDF lure to the execution of the RAT.
Cybersecurity experts warn that while this campaign focuses on Latin America, similar tactics could be employed against targets in other regions.
Organizations and individuals must remain vigilant, educate themselves on these threats, and employ robust security measures to protect against such sophisticated attacks.
With Perimeter81 malware protection, you can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits. All are incredibly harmful and can wreak havoc on your network.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
The post Hackers using Weaponized PDF Files to Deliver Remcos RAT appeared first on Cyber Security News.
“}]] Read More
Cyber Security News