A previously unknown campaign involving the Hotabot botnet malware has targeted Spanish-speaking users in Latin America since at least November 2020, infecting them with a banking trojan and spam tool.
The all in one place for non-profit security aid.
A previously unknown campaign involving the Hotabot botnet malware has targeted Spanish-speaking users in Latin America since at least November 2020, infecting them with a banking trojan and spam tool.
CISA Warns Of Hackers Actively Attacking GitLab Password Reset Vulnerability
[[{“value”:”
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert concerning a newly identified vulnerability in GitLab, a widely used cloud-based, open-source Git repository platform.
The vulnerability cataloged as CVE-2023-7028, involves improper access control mechanisms in both the Community and Enterprise editions of GitLab.
Cybercriminals exploit this flaw to bypass password reset protocols, posing a significant threat to thousands of organizations globally.
GitLab is integral to the operations of over 38,000 companies worldwide, serving as a crucial tool for software development, continuous integration, and continuous deployment (CI/CD) processes.
Exploiting CVE-2023-7028 allows attackers to gain unauthorized access to private projects and sensitive data, leading to potential intellectual property theft and operational disruption.
Document
Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:
Real-time Detection
Interactive Malware Analysis
Easy to Learn by New Security Team members
Get detailed reports with maximum data
Set Up Virtual Machine in Linux & all Windows OS Versions
Interact with Malware Safely
If you want to test all these features now with completely free access to the sandbox:
This vulnerability compromises the security of the affected systems and threatens the integrity of the software development and deployment pipeline, which can have cascading effects on the reliability and security of applications being developed using GitLab.
In response to the active exploitation of this vulnerability, CISA has recommended several urgent mitigation strategies to protect against potential attacks:
Immediate Patching: Organizations using GitLab are urged to apply the latest security patches provided by GitLab.
These updates address the CVE-2023-7028 vulnerability by correcting the flawed access control mechanisms.
Enhanced Monitoring: Companies should enhance monitoring of their GitLab environments to detect any unusual activities that might indicate an exploitation attempt.
This includes monitoring login patterns and file access behaviors.
Strengthening Authentication: Implementing multi-factor authentication (MFA) for accessing GitLab can significantly reduce the risk of unauthorized access through compromised credentials.
Regular Audits: Conduct regular audits of GitLab configurations and user roles to ensure that permissions are appropriately set and that no unauthorized changes have been made.
GitLab has been the target of various security threats in the past, with vulnerabilities such as CVE-2023-5356, CVE-2023-4812, CVE-2023-6955, and CVE-2023-2030 previously identified.
These vulnerabilities ranged from issues allowing unauthorized file access to weaknesses that could enable an attacker to execute arbitrary code.
The recurrent nature of these vulnerabilities highlights the necessity for ongoing vigilance and robust security practices in managing and securing GitLab installations.
The discovery and active exploitation of CVE-2023-7028 underscore the critical importance of cybersecurity diligence for organizations utilizing GitLab.
As cyber threats continue to evolve, maintaining up-to-date security measures and promptly addressing known vulnerabilities is paramount to safeguarding valuable digital assets and ensuring the continuity of business operations.
CISA’s alert serves as a timely reminder for all GitLab users to reassess their security posture and implement recommended protections without delay.
Is Your Network Under Attack? – Read CISO’s Guide to Avoiding the Next Breach – Download Free Guide
The post CISA Warns Of Hackers Actively Attacking GitLab Password Reset Vulnerability appeared first on Cyber Security News.
“}]] Read More
Cyber Security News
What are the Hidden Dangers of .zip Domains and How Can they Mislead Users?
Google introduced eight new top-level domains at the beginning of May, such as .dad, .phd, .prof, .esq, .foo, .zip, .mov, and .nexus.
Over time, the nonprofit Internet Corporation for Assigned Names and Numbers (ICANN) has lifted limitations on TLDs, allowing businesses like Google to bid to sell access to more of them.
ICANN is the organization that is responsible for these TLD registrations. Domains ending with any characters like .xyz, .top, etc., are being registered by this ICANN.
The two TLDs “.mov” and “.zip” are particularly well-suited for taking phishing and other types of online fraud.
Cybercriminals have already begun using.zip names to trick people into believing they are downloadable files rather than URLs.
Avast analysis reveals that one-third of the top 30.zip domains blocked by their threat detection engines misuse the names of well-known IT firms like Microsoft, Google, Amazon, and Paypal to deceive users into thinking they are files from reputable businesses.
A few TLDs that Avast comes across practically raise some suspicion. These include, among others,.xyz,.online,.biz,.info,.ru,.life, and.site.
Mimicking Legitimate Companies
According to Avast, a big issue here is the possibility of file confusion and the resulting difficulties in distinguishing between local and remote sources, which might represent a security risk.
For educational reasons, if a prototype email is created that makes use of the fact that the attachment and the link might refer to entirely separate destinations.
Experts say utilizing a.zip domain to trick visitors is rather simple. Furthermore, the link preview can be altered to conceal the protocol, such as HTTP(S).
The most appealing domains are those that are strongly associated with well-known, significant service providers.
These include microsoft-office[.]zip, microsoft[.]zip, csgo[.]zip, google-drive[.]zip, microsoftonedrive[.]zip, googlechrome[.]zip, and amazons3[.]zip.
Other perfect examples with a pdf keyword combined with a subdomain. Namely 226×227.pdf[.]zip, 2023-05.pdf[.].zip, cv3.pdf[.]zip, temp1_rsbu_12m2021.pdf[.]zip.
The zip domains are attractive and perhaps enticing for fraudsters to utilize, but they create an audit trail and are simple to block.
Using old WordPress installations or insecure web servers is undoubtedly more difficult than registering a domain. This is also the cause of the lesser number of prevented attacks than anticipated.
Given the enormous amount of.com domains registered, it seems reasonable that their web shield blocks the majority of.com domains. A few domains jump out when they look at the remaining data, though.
A new phishing kit, “file archiver in the browser,” exploits ZIP domains by presenting fraudulent WinRAR or Windows File Explorer windows in the browser, tricking users into executing malicious files.
Security researcher mr.d0x revealed a phishing attack that involved mimicking a browser-based file archiver software like WinRAR using a .zip domain to enhance its credibility.
The toolkit enables embedding a counterfeit WinRar window in the browser, creating the illusion of opening a ZIP archive and displaying its contents when accessing a .zip domain.
This phishing toolkit may be used by threat actors to steal credentials and spread malware.
Hackers also Use “chatgpt5 [.]zip” to Trick Users into Downloading Malware. Threat actors employ creative names to disguise phishing attacks, with a new TLD ‘ .ZIP’ introducing a potential threat by chatgpt5 leading to malicious sites.
With internet evolution, countless gTLDs emerged for personalized web addresses, offering branding chances but also phishing opportunities that demand alertness.
The inclusion of ‘.ZIP’ as a gTLD adds complexity to phishing detection, particularly due to its association with compressed files, increasing confusion and providing phishers with a potent new tool for their attacks.
The hype around ChatGPT lead to the creation and registration of “chatgpt5 [.]zip ” on May 20th, supposedly for the next GPT iteration, but surprisingly, it holds a neutral text message instead of malware.
To trick the users by claiming to safeguard students from malware, “assignment[.]zip” was registered by the threat actors, redirecting visitors to a download of a ZIP archive containing completely safe files.
Exploiting the widespread use of the. ZIP extension, malicious actors create campaigns and websites reminiscent of early domain squatting techniques.
The cybersecurity company, Arctic Wolf has also detected some.zip domains that are being utilized for successful phishing attempts using popular office software suite filenames.
Based on previous phishing campaign tactics, methods, and procedures (TTPs), they anticipate that further threat actors will continue to employ these TLDs for their phishing domains in the foreseeable future.
According to Talos, domains using the “.zip” and related TLDs enhance the risk of sensitive information exposure due to accidental DNS requests or web requests.
As soon as the new “.zip” TLDs became available, internet browsers or messaging applications like Telegram started recognizing strings that ended in “.zip” as URLs and automatically hyperlinking them.
A DNS or web request may occasionally be made in chat applications to display a thumbnail of the connected website, which is particularly troublesome.
Additionally, abuse of these domains is not theoretical, with cyber intel firm Silent Push Labs already discovering what appears to be a phishing page at microsoft-office[.]zip attempting to steal Microsoft Account credentials.
These developments have sparked a debate among developers, security researchers, and IT admins, with some feeling the fears are not warranted and others feeling that the ZIP and MOV TLDs add unnecessary risk to an already risky online environment.
Any.zip Top-Level Domains (TLDs) should be used with caution.
Keep a tight check on the online traffic for your business, especially on the lookout for any odd activity connected to it.TLDs in zip.
Consider putting in place extra filters for emails that include to further safeguard against possible dangers.TLDs in their content using zip.
To guarantee that it is as effective as possible against the most recent threats, always keep your antivirus software updated.
To keep ahead of potential risks, read security alerts and updates about developing threats frequently.
Keep yourself informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.
The post What are the Hidden Dangers of .zip Domains and How Can they Mislead Users? appeared first on Cyber Security News.
Cyber Security News
Experts Detail Multi-Million Dollar Licensing Model of Predator Spyware
A new analysis of the sophisticated commercial spyware called Predator has revealed that its ability to persist between reboots is offered as an "add-on feature" and that it depends on the licensing options opted by a customer.
"In 2021, Predator spyware couldn’t survive a reboot on the infected Android system (it had it on iOS)," Cisco Talos researchers Mike Gentile, Asheer Malhotra, and Vitor Read More
The Hacker News | #1 Trusted Cybersecurity News Site