Security News > 2023 > May

A stealthy remote access trojan named 'SeroXen' has recently gained popularity as cybercriminals begin using it for its low detection rates and powerful capabilities. AT&T reports that the malware is sold under the guise of a legitimate remote access tool for Windows 11 and 10 for $15/month or a single "Lifetime" license payment of $60. While marketed as a legitimate program, the Flare Systems cyber intel platform has shown that SeroXen is promoted as a remote access trojan on hacking forums.

Application security is one of the most important components of an overall security program, yet some organizations struggle to identify and address their application security risks partly because...

A financially motivated threat actor is actively scouring the internet for unprotected Apache NiFi instances to covertly install a cryptocurrency miner and facilitate lateral movement. "The attack script is not saved to the system. The attack scripts are kept in memory only."

Everyone is writing about an interagency and international report on Chinese hacking of US critical infrastructure. Lots of interesting details about how the group, called Volt Typhoon, accesses target networks and evades detection.

Toyota Motor Corporation has discovered two additional misconfigured cloud services that leaked car owners' personal information for over seven years. This finding came after the Japanese carmaker conducted a thorough investigation on all cloud environments managed by Toyota Connected Corporation after previously discovering a misconfigured server that exposed the location data of over 2 million customers for ten years.

Botnets are also getting easier to build and deploy because, much like legitimate software development, malicious botnets can be created using existing codebases. One example of how little technical sophistication is required is evinced by a botnet dubbed Dark Frost by researchers at Akamai web services.

One common way of identifying security vulnerabilities is through penetration testing or pen testing. Once the application and all its components have been identified, it is important to configure it for testing by setting up appropriate user accounts and access control lists.

If you're running an Apache NiFi instance exposed on the internet and you have not secured access to it, the underlying host may already be covertly cryptomining on someone else's behalf. "Routers make bad cryptomining servers. Cryptomining may be what they end up doing if the lateral movement doesn't get them anywhere."

SGI may be no more but people are still using its code - and some more of that code may be about to enjoy a revival. In December, we reported that Linux kernel 6.2 would receive some bug fixes to XFS, the filesystem from SGI's IRIX proprietary Unix.

Cybersecurity researchers have found "Backdoor-like behavior" within Gigabyte systems, which they say enables the UEFI firmware of the devices to drop a Windows executable and retrieve updates in an unsecure format. "Most Gigabyte firmware includes a Windows Native Binary executable embedded inside of the UEFI firmware," John Loucaides, senior vice president of strategy at Eclypsium, told The Hacker News.