A security researcher has publicly disclosed an exploit for a Windows local privilege elevation vulnerability that allows anyone to gain admin privileges in Windows 10. Using this vulnerability, threat actors with limited access to a compromised device can easily elevate their privileges to help spread laterally within the network, create new administrative users, or perform privileged commands. READ MORE...
The WhisperGate attack is not the only operation believed to have been conducted by Russia-linked threat actors against Ukraine in recent months. Symantec on Monday disclosed the details of an espionage operation that it has tied to a known group. For years, Russian advanced persistent threat (APT) actors have been observed launching various cyberattacks against Ukrainian targets, with some of these groups believed to be part of or under the direct supervision of Moscow's secret service. READ MORE...
Qubit, a decentralized finance (DeFi) platform, has publicly offered $2,000,000 to a hacker who stole $80 million worth of cryptocurrency from it last week. Late on the evening of 27 January, according to an incident report published by Qubit Finance, a hacker exploited a vulnerability to steal over 206,000 Binance coins from the company's QBridge protocol. READ MORE...
Lazarus Group is using Windows Update to spray malware in a campaign powered by a GitHub command-and-control (C2) server, researchers have found. On Thursday, the Malwarebytes Threat Intelligence team reported that they discovered the North Korean state advanced persistent threat (APT) group's latest living-off-the-land technique while analyzing a spear-phishing campaign that its researchers discovered 10 days ago, on Jan. 18. READ MORE...
Researchers have found over 20,000 instances of publicly exposed data center infrastructure management (DCIM) software that monitor devices, HVAC control systems, and power distribution units, which could be used for a range of catastrophic attacks. Data centers house costly systems that support business storage solutions, operational systems, website hosting, data processing, and more. READ MORE...
A malicious campaign known as 'Eternal Silence' is abusing Universal Plug and Play (UPnP) turns your router into a proxy server used to launch malicious attacks while hiding the location of the threat actors. UPnP is a connectivity protocol optionally available in most modern routers that allows other devices on a network to create port forwarding rules on a router automatically. This allows remote devices to access a particular software feature or device as necessary. READ MORE...