Security News

North Korean Hackers Exploit Zero-Day Bug to Target Cybersecurity Researchers
2023-09-08 08:52

Threat actors associated with North Korea are continuing to target the cybersecurity community using a zero-day bug in unspecified software over the past several weeks to infiltrate their machines. A search on X shows that the now-suspended account has been active since at least October 2022, with the actor releasing proof-of-concept exploit code for high-severity privilege escalation flaws in the Windows Kernel such as CVE-2021-34514 and CVE-2022-21881.

Google: State hackers attack security researchers with new zero-day
2023-09-07 16:48

Google's Threat Analysis Group says North Korean state hackers are again targeting security researchers in attacks using at least one zero-day in an undisclosed popular software. Researchers attacked in this campaign are involved in vulnerability research and development, according to Google's team of security experts that protects the company's users from state-sponsored attacks.

Researchers Warn of Cyber Weapons Used by Lazarus Group's Andariel Cluster
2023-09-05 10:15

The North Korean threat actor known as Andariel has been observed employing an arsenal of malicious tools in its cyber assaults against corporations and organizations in the southern counterpart. Ariel, also known by the names Nicket Hyatt or Silent Chollima, is a sub-cluster of the Lazarus Group that's known to be active since at least 2008.

Apple offers security researchers specialized iPhones to tinker with
2023-08-31 09:50

Apple is inviting security researchers to apply for the Apple Security Research Device Program again, to discover vulnerabilities and earn bug bounties. In the intervening years, participating researchers have identified 130 security-critical vulnerabilities and have indirectly helped Apple implement security improvements in the XNU kernel, kernel extensions, and XPC services around the system.

Taiwanese infosec researchers challenge Microsoft's China espionage finding
2023-08-28 02:58

PLUS: India calls for global action on AI and crypto; Vietnam seeks cybersecurity independence; China bans AI prescribing drugs Asia In Brief Taiwan-based infosec consultancy Team T5 has disputed...

Researchers Uncover Years-Long Cyber Espionage on Foreign Embassies in Belarus
2023-08-11 14:23

A hitherto undocumented threat actor operating for nearly a decade and codenamed MoustachedBouncer has been attributed to cyber espionage attacks aimed at foreign embassies in Belarus. "To compromise their targets, MoustachedBouncer operators tamper with their victims' internet access, probably at the ISP level, to make Windows believe it's behind a captive portal," Faou said.

Researchers Shed Light on APT31's Advanced Backdoors and Data Exfiltration Tactics
2023-08-11 10:12

"The attackers aimed to establish a permanent channel for data exfiltration, including data stored on air-gapped systems," Kaspersky said in an analysis spotlighting APT31's previously undocumented tradecraft. Some variants of the second-stage backdoors also come with features designed to look up file names in the Microsoft Outlook folder, execute remote commands, and employ the third-step component to complete the data exfiltration step in the form of RAR archive files.

North Korean hackers had access to Russian missile maker for months, say researchers
2023-08-08 06:27

Two North Korean hacker groups had access to the internal systems of Russian missile and satellite developer NPO Mashinostoyeniya for five to six months, cyber security firm SentinelOne asserted on Monday. The attack illustrates potential North Korean efforts to advance development of missile and other military tech via cyber espionage.

Researchers Uncover New High-Severity Vulnerability in PaperCut Software
2023-08-05 04:13

Cybersecurity researchers have discovered a new high-severity security flaw in PaperCut print management software for Windows that could result in remote code execution under specific circumstances. Tracked as CVE-2023-39143, the flaw impacts PaperCut NG/MF prior to version 22.1.3.

Researchers Discover Bypass for Recently Patched Critical Ivanti EPMM Vulnerability
2023-08-03 04:06

Cybersecurity researchers have discovered a bypass for a recently fixed actively exploited vulnerability in some versions of Ivanti Endpoint Manager Mobile, prompting Ivanti to urge users to update to the latest version of the software. Tracked as CVE-2023-35082 and discovered by Rapid7, the issue "Allows unauthenticated attackers to access the API in older unsupported versions of MobileIron Core.".