Security News

Sentinel Labs has previously seen spreadsheet files with malicious macros that launch PowerShell being dropped on cloned sites used by the APT. Deploying fake virus scanners. One example of Winter Vivern's resourcefulness in the Sentinel Labs report is the use of Windows batch files to impersonate antivirus scanners while, in reality, downloading malicious payloads.

Multiple threat actors, including a nation-state group, exploited a critical three-year-old security flaw in Progress Telerik to break into an unnamed federal entity in the U.S. The disclosure comes from a joint advisory issued by the Cybersecurity and Infrastructure Security Agency, Federal Bureau of Investigation, and Multi-State Information Sharing and Analysis Center. "Exploitation of this vulnerability allowed malicious actors to successfully execute remote code on a federal civilian executive branch agency's Microsoft Internet Information Services web server," the agencies said.

A threat actor is selling on a Russian-speaking hacking forum what they claim to be hundreds of gigabytes of data allegedly stolen from U.S. Marshals Service servers. The announcement, titled "350 GB from US Marshal Service law enforcement confidential information," was added earlier today using an account registered yesterday afternoon.

Microsoft has patched an Outlook zero-day vulnerability exploited by a hacking group linked to Russia's military intelligence service GRU to target European organizations. Microsoft shared this info in a private threat analytics report seen by BleepingComputer and available to customers with Microsoft 365 Defender, Microsoft Defender for Business, or Microsoft Defender for Endpoint Plan 2 subscriptions.

Lending protocol Euler Finance was hit by a cryptocurrency flash loan attack on Sunday, with the threat actor stealing $197 million in multiple digital assets. The cryptocurrency theft involved multiple tokens, including $8.75 million worth of DAI, $18.5 million in WBTC, $33.85 million in USDC, and $135.8 million in stETH. The attacker's ETH wallet used to store the stolen funds is being tracked, so it will be challenging for the perpetrator to move the stolen funds around and convert them to a usable form.

An elephant uses its right-of-way privileges to stop sugar-cane trucks and grab food.

A suspecting China-linked hacking campaign has been observed targeting unpatched SonicWall Secure Mobile Access 100 appliances to drop malware and establish long-term persistence. "The malware has functionality to steal user credentials, provide shell access, and persist through firmware upgrades," cybersecurity company Mandiant said in a technical report published this week.

A North Korean espionage group tracked as UNC2970 has been observed employing previously undocumented malware families as part of a spear-phishing campaign targeting U.S. and European media and technology organizations since June 2022. UNC2970 is the new moniker designated by the threat intelligence firm to a set of North Korean cyber activity that maps to UNC577, and which also comprises another nascent threat cluster tracked as UNC4034.

Security vulnerabilities in remote desktop programs such as Sunlogin and AweSun are being exploited by threat actors to deploy the PlugX malware. AhnLab Security Emergency Response Center, in a new analysis, said it marks the continued abuse of the flaws to deliver a variety of payloads on compromised systems.

"Notably the targets in this instance were all women who are actively involved in political affairs and human rights in the Middle East region," Secureworks Counter Threat Unit said in a report shared with The Hacker News. Another bespoke malware linked to the group is a C++-based Telegram "Grabber" tool that facilitates data harvesting on a large scale from Telegram accounts after obtaining the target's credentials.