Security News

Two new critical severity vulnerabilities have been discovered in the MegaRAC Baseboard Management Controller software made by hardware and software company American Megatrends International. MegaRAC BMC provides admins with "Out-of-band" and "Lights-out" remote system management capabilities, enabling them to troubleshoot servers as if they were physically in front of the devices.

An analysis of the indicators of compromise associated with the JumpCloud hack has uncovered evidence pointing to the involvement of North Korean state-sponsored groups, in a style that's reminiscent of the supply chain attack targeting 3CX. The findings come from SentinelOne, which mapped out the infrastructure pertaining to the intrusion to uncover underlying patterns. "The North Korean threat actors demonstrate a high level of creativity and strategic awareness in their targeting strategies," SentinelOne security researcher Tom Hegel told The Hacker News.

US-based enterprise software company JumpCloud was breached by North Korean Lazarus Group hackers, according to security researchers at SentinelOne and CrowdStrike. In a report published on Thursday, SentinelOne Senior Threat Researcher Tom Hegel linked the North Korean threat group to the JumpCloud hack based on multiple indicators of compromise shared by the company in a recent incident report.

The Chinese state-backed APT41 hacking group is targeting Android devices with two newly discovered spyware strains dubbed WyrmSpy and DragonEgg by Lookout security researchers. While APT41 hackers usually breach their targets' networks via vulnerable web apps and Internet-exposed endpoints, Lookout says the group also targets Android devices with WyrmSpy and DragonEgg spyware strains.

Microsoft and the Ukraine CERT warn of new attacks by the Russian state-sponsored Turla hacking group, targeting the defense industry and Microsoft Exchange servers with a new 'DeliveryCheck' malware backdoor. The cyberspies have been associated with a wide array of attacks against Western interests over the years, including the Snake cyber-espionage malware botnet that was recently disrupted in an international law enforcement operation titled Operation MEDUSA. In a coordinated report and Twitter thread published today by CERT-UA and Microsoft, researchers outline a new attack where the Turla threat actors target the defense sector in Ukraine and Eastern Europe.

The prolific China-linked nation-state actor known as APT41 has been linked to two previously undocumented strains of Android spyware called WyrmSpy and DragonEgg. "Known for its exploitation of web-facing applications and infiltration of traditional endpoint devices, an established threat actor like APT 41 including mobile in its arsenal of malware shows how mobile endpoints are high-value targets with coveted corporate and personal data," Lookout said in a report shared with The Hacker News.

A critical design flaw in the Google Cloud Build service discovered by cloud security firm Orca Security can let attackers escalate privileges, providing them with almost nearly-full and unauthorized access to Google Artifact Registry code repositories. Dubbed Bad.Build, this flaw could enable the threat actors to impersonate the service account for the Google Cloud Build managed continuous integration and delivery service to run API calls against the artifact registry and take control over application images.

Hackers are conducting widespread exploitation of a critical WooCommerce Payments plugin to gain the privileges of any users, including administrators, on vulnerable WordPress installation. WooCommerce Payments is a very popular WordPress plugin allowing websites to accept credit and debit cards as payment in WooCommerce stores.

Threat actors are taking advantage of Android's WebAPK technology to trick unsuspecting users into installing malicious web apps on Android phones that are designed to capture sensitive personal information. "The link contained in the message led to a site that used WebAPK technology to install a malicious application on the victim's device."

Ukraine's Computer Emergency Response Team (CERT-UA) is warning that the Gamaredon hacking operates in rapid attacks, stealing data from breached systems in under an hour. [...]