Security News

FileWave's mobile device management system has been found vulnerable to two critical security flaws that could be leveraged to carry out remote attacks and seize control of a fleet of devices connected to it. "The vulnerabilities are remotely exploitable and enable an attacker to bypass authentication mechanisms and gain full control over the MDM platform and its managed devices," Claroty security researcher Noam Moshe said in a Monday report.

An unknown Chinese-speaking threat actor has been attributed to a new kind of sophisticated UEFI firmware rootkit called CosmicStrand. "The rootkit is located in the firmware images of Gigabyte or ASUS motherboards, and we noticed that all these images are related to designs using the H81 chipset," Kaspersky researchers said in a new report published today.

The mobile threat campaign tracked as Roaming Mantis has been linked to a new wave of compromises directed against French mobile phone users, months after it expanded its targeting to include European countries. Attack chains involving Roaming Mantis, a financially motivated Chinese threat actor, are known to either deploy a piece of banking trojan named MoqHao or redirect iPhone users to credential harvesting landing pages that mimic the iCloud login page.

The source code for an information-stealing malware coded in Rust has been released for free on hacking forums, with security analysts already reporting that the malware is actively used in attacks. The malware, which the author claims to have developed in just six hours, is quite stealthy, with VirusTotal returning a detection rate of around 22%. As the info-stealer is written in Rust, a cross-platform language, it allows threat actors to target multiple operating systems.

Hackers are targeting websites using the PrestaShop platform, leveraging a previously unknown vulnerability chain to perform code execution and potentially steal customers' payment information. The PrestaShop team issued an urgent warning last Friday, urging the admins of 300,000 shops using its software to review their security stance after cyberattacks were discovered targeting the platform.

Threat analysts have uncovered a new campaign attributed to APT37, a North Korean group of hackers, targeting high-value organizations in the Czech Republic, Poland, and other European countries. In this campaign, the hackers use malware known as Konni, a remote access trojan capable of establishing persistence and performing privilege escalation on the host.

Twitter has suffered a data breach after threat actors used a vulnerability to build a database of phone numbers and email addresses belonging to 5.4 million accounts, with the data now up for sale on a hacker forum for $30,000. "Hello, today I present you data collected on multiple users who use Twitter via a vulnerability.," reads the forums post selling the Twitter data.

On Thursday, Ukrainian media group TAVR Media confirmed that it was hacked to spread fake news about President Zelenskiy being in critical condition and under intensive care. SSSCIP added that the attackers breached TAVR Media's servers and broadcasting systems to spread fake news suggesting that the Ukrainian President is allegedly under intensive care, in critical condition, with Parliament Chairman Ruslan Stefanchuk acting in his stead. Zelenskyi also refuted the reports in a video shared on his official Instagram account, saying they were fake news spread by Russian-linked threat actors.

A large software development company whose software is used by different state entities in Ukraine was at the receiving end of an "Uncommon" piece of malware, new research has found. The malware, first observed on the morning of May 19, 2022, is a custom variant of the open source backdoor known as GoMet and is designed for maintaining persistent access to the network.

Dubbed Atlas Intelligence Group, the cybergang has been spotted by security researchers recruiting independent black-hat hackers to execute specific aspects of its own campaigns. The threat group markets services that include data leaks, distributed denial of service, remote desktop protocol hijacking and additional network penetration services, according to a Thursday report by threat intelligence firm Cyberint.