Security News > 2024 > May

Security researchers discovered two previously unseen backdoors dubbed LunarWeb and LunarMail that were used to compromise a European government's diplomatic institutions abroad. The pieces of malware have been used to breach the Ministry of Foreign Affairs of a European country with diplomatic missions in the Middle East and have been active since at least 2020. Researchers at cybersecurity company ESET believe that the backdoors may be connected to the Russian state-sponsored hacker group Turla, although attribution has medium confidence at this point.

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

That's not to say Russia is in the background - far from it - but more of a focus is being placed on China and the "Epoch-defining challenge" it presents. It's a major U-turn on the agency's attitudes toward cybersecurity from as recently as 2021, when former NCSC CEO Lindy Cameron said ransomware was the foremost threat to the UK. The people of China have contributed so much to the UK, AKB acknowledged, alongside its signing of the declaration on AI at Bletchley Park in November, but make no mistake: "China poses a genuine and increasing cyber risk to the UK.".

Microsoft has acknowledged a new known issue causing this month's KB5037765 security update for Windows Server 2019 to fail to install with 0x800f0982 errors. This confirmation comes after many Windows admins reported seeing install failures when trying to deploy cumulative updates released during the May 2024 Patch Tuesday on Windows Server 2019 systems.

The North Korea-linked Kimsuky hacking group has been attributed to a new social engineering attack that employs fictitious Facebook accounts to targets via Messenger and ultimately delivers...

The North Korean hacker group Kimsuki has been using a new Linux malware called Gomir that is a version of the GoBear backdoor delivered via trojanized software installers. In early February 2024, researchers at the SW2 threat intelligence company reported about a campaign where Kimsuky used trojanized versions of various software solutions, e.g. TrustPKI and NX PRNMAN from SGA Solutions, Wizvera VeraPort, to infect South Korean targets with Troll Stealer and the Go-based Windows malware GoBear.

The North Korean hacker group Kimsuki has been using trojanized software packages to deliver a new Linux malware called Gomir in cyberespionage campaigns against targets in South Korea. In early February 2024, researchers at the SW2 threat intelligence company reported about a campaign where Kimsuky used trojanized versions of various software solutions, e.g. TrustPKI and NX PRNMAN from SGA Solutions, Wizvera VeraPort, to infect targets with the Troll Stealer variant of the Go-based Windows malware GoBear.

Craig Bates, Splunk vice president of Australia and New Zealand, said the deal will help customers defend against modern threats by tooling security operations centres up with end-to-end security and observability. He added security data unification will be key to organisations in the future as they battle threats increasingly launched with the aid of AI. What does the Cisco and Splunk combination mean for cyber security software customers?

New versions of Git are out, with fixes for five vulnerabilities, the most critical of which can be used by attackers to remotely execute code during a "Clone" operation.CVE-2024-32002 is a critical vulnerability that allows specially crafted Git repositories with submodules to trick Git into writing files into a.git/ directory instead of the submodule's worktree.

ZTDNS aims to solve this decades-old problem by integrating the Windows DNS engine with the Windows Filtering Platform-the core component of the Windows Firewall-directly into client devices. Jake Williams, VP of research and development at consultancy Hunter Strategy, said the union of these previously disparate engines would allow updates to be made to the Windows firewall on a per-domain name basis.