Techniques used in cyber warfare can be sold to anyone — irrespective of borders, authorities, or affiliations. We need to develop strategies to respond at scale. Read More
Related Posts
Severe Vulnerabilities Reported in Microsoft Azure Bastion and Container Registry
Severe Vulnerabilities Reported in Microsoft Azure Bastion and Container Registry
Two "dangerous" security vulnerabilities have been disclosed in Microsoft Azure Bastion and Azure Container Registry that could have been exploited to carry out cross-site scripting (XSS) attacks.
"The vulnerabilities allowed unauthorized access to the victim’s session within the compromised Azure service iframe, which can lead to severe consequences, including unauthorized data access, Read More
The Hacker News | #1 Trusted Cybersecurity News Site
Hackers Use TMChecker Remote Access Tool to Attack Popular VPN & Mail Servers
Hackers Use TMChecker Remote Access Tool to Attack Popular VPN & Mail Servers
[[{“value”:”
A new tool has surfaced on the Dark Web, signaling a shift in cybercriminals’ methods for gaining unauthorized remote access to corporate networks.
TMChecker tool
TMChecker, a tool recently identified by Security, is designed to attack remote-access services and popular e-commerce applications.
It combines corporate access login checking capabilities with a brute-force attack kit.
M762 chat
Developed by a threat actor known as “M762” on the XSS cybercrime forum, TMChecker is available on a monthly subscription basis for $200.
This tool is a step ahead of its counterparts like “ParanoidChecker,” targeting corporate remote access gateways, often the primary intrusion vectors for ransomware infections and other high-level attacks.
According to a report by Security, TMChecker supports 17 different services, including various VPN solutions, enterprise mail servers, database management tools, and e-commerce platforms.
Incident in Ecuador: A Case Study
A notable incident involving TMChecker was targeting an email server of a government organization in Ecuador (gob. ec).
This event underscores the tool’s effectiveness in compromising valid credentials to corporate VPN and email accounts, which can be used by ransomware operators and initial access brokers (IABs).
M762’s Telegram Channel: A Hub for Cybercriminals
The black-hat developer behind TMChecker, M762, operates a Telegram channel with over 3,270 subscribers.
While it’s unclear how many of these subscribers are active customers, the channel’s following provides insight into the profitability of this adversarial Software-as-a-Service (SaaS) model.
Threat actor ‘SGL’ sells remote corporate access via two compromised VPN gateways
TMChecker’s extensive targets range from VPN gateways and hosting administration panels to e-commerce engines like Magento and PrestaShop.
This broad targeting spectrum indicates the tool’s potential to compromise various systems, making it a versatile asset for cybercriminals.
Significance: The Rise of Human-Operated Ransomware Attacks
The emergence of TMChecker aligns with the increase in human-operated ransomware attacks, as reported by Microsoft.
These attacks involve the active abuse of remote monitoring and management tools, allowing hackers to leave behind less evidence compared to automated attacks.
The trend is expected to continue in 2024, with ransomware actors seeking to maximize returns by working for multiple gangs.
The advent of TMChecker represents a significant threat to organizations, particularly in the context of corporate mergers and acquisitions (M&A).
With the tool’s ability to lower the barriers to entry for cybercriminals, the private sector must bolster its cyber-due diligence processes.
ALPHV leader ‘ransom’ announces they are selling their source code and shuttering their operation
Resecurity’s RISKTM platform offers a solution by providing advanced cyber threat intelligence capabilities to help corporate acquirers mitigate the risk of post-acquisition breaches.
As cybercriminals continue to refine their tooling for remote access compromise, organizations must remain vigilant and proactive in their cybersecurity efforts to protect against these evolving threats.
With Perimeter81 malware protection, you can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits. All are incredibly harmful and can wreak havoc on your network.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
The post Hackers Use TMChecker Remote Access Tool to Attack Popular VPN & Mail Servers appeared first on Cyber Security News.
“}]] Read More
Cyber Security News
Zoom Desktop Flaws Let Attackers Launch Privilege Escalation Attacks
Zoom Desktop Flaws Let Attackers Launch Privilege Escalation Attacks
[[{“value”:”
Zoom, a well-known video conferencing software, has patched seven vulnerabilities in its desktop and mobile applications, particularly a critical flaw identified as CVE-2024-24691 impacting Windows software.
Notably, a high-severity escalation of privilege issue affecting Windows software was also fixed by the company and assigned as CVE-2024-24697.
A privilege escalation attack is an attempt to obtain unauthorized access to higher rights, permissions, privileges, or entitlements than those allocated to a particular account, user, or device. This can occur as a result of a system flaw, misconfiguration, or inadequate access controls.
Document
Live Account Takeover Attack Simulation
How do Hackers Bypass 2FA?
Live attack simulation Webinar demonstrates various ways in which account takeover can happen and practices to protect your websites and APIs against ATO attacks
.
CVE-2024-24691- Improper Input Validation
With a CVSS Score of 9.6, this critical severity flaw may enable an unauthorized user to carry out an escalation of privilege via network access due to improper input validation in the Zoom Desktop Client, Zoom VDI Client, and Zoom Meeting SDK for Windows.
Affected Products:
Zoom Desktop Client for Windows before version 5.16.5
Zoom VDI Client for Windows before version 5.16.10 (excluding 5.14.14 and 5.15.12)
Zoom Rooms Client for Windows before version 5.17.0
Zoom Meeting SDK for Windows before version 5.16.5
CVE-2024-24697 – Untrusted Search Path
An untrusted search path in some Zoom 32-bit Windows clients is a high-severity vulnerability with a CVSS score of 7.2 that could enable an authorized user to carry out a local access privilege escalation.
Affected Products:
Zoom Desktop Client for Windows before version 5.17.0
Zoom VDI Client for Windows before version 5.17.5 (excluding 5.15.15 and 5.16.12)
Zoom Meeting SDK for Windows before version 5.17.0
Zoom Rooms Client for Windows before version 5.17.0
Zoom also addressed other significant issues, including:
CVE-2024-24690 – Improper Input Validation in Zoom Clients
CVE-2024-24699 – Business Logic Error in Zoom Clients
CVE-2024-24698 – Improper Authentication in Zoom Clients
CVE-2024-24696– Improper Input Validation in Zoom Desktop Client, Zoom VDI Client, and Zoom Meeting SDK for Windows
CVE-2024-24695 – Improper Input Validation in Zoom Desktop Client, Zoom VDI Client, and Zoom Meeting SDK for Windows
Zoom doesn’t disclose that any of these vulnerabilities have been used in malicious attacks. Thus, the company advises users to update their apps to the most recent available versions as soon as possible.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
The post Zoom Desktop Flaws Let Attackers Launch Privilege Escalation Attacks appeared first on Cyber Security News.
“}]] Read More
Cyber Security News