For roughly six months, the North Korean Lazarus hacking group has been targeting energy companies in Canada, the US, and Japan with three remote access trojans (RATs), Cisco reports. Active since at least 2009, also referred to as Hidden Cobra, and believed to be backed by the North Korean government, Lazarus has orchestrated various high-profile attacks, including the Ronin $600 million cryptocurrency heist and the $100 million hack of Harmony's Horizon Bridge. READ MORE...
Cryptocurrency analytics firm Chainalysis said on Thursday that it helped the US government seize $30 million worth of digital coins that North Korean-backed hackers stole earlier this year from the developer of the non-fungible token-based game Axie Infinite. When accounting for the more than 50 percent fall in cryptocurrency prices since the theft occurred in March, the seizure represents only about 12 percent of the total funds stolen. READ MORE...
ConnectWise has fixed a vulnerability in ConnectWise Automate, a popular remote monitoring and management tool, which could allow attackers to compromise confidential data or other processing resources. The severity of the vulnerability is merely "important", as its exploitation requires additional access and/or privilege, but ConnectWise recommends administrators of on-premise instances to patch as soon as possible. READ MORE...
Cisco patched three security vulnerabilities in its products this week, and said it will leave unpatched a VPN-hijacking flaw that affects four small business routers. Those small-biz routers - the RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router - have reached their end-of-life (EoL) and the networking vendor is recommending customers upgrade to devices that aren't vulnerable. READ MORE...
A new version of the Bumblebee malware loader has been spotted in the wild, featuring a new infection chain that uses the PowerSploit framework for stealthy reflective injection of a DLL payload into memory. Bumblebee was discovered in April, involved in phishing campaigns believed to be orchestrated by the same actors behind BazarLoader and TrickBot, i.e., the Conti syndicate. READ MORE...
Security researchers with AT&T Alien Labs are warning of a new piece of malware that can take full control of infected Linux systems, including Internet of Things (IoT) devices. Dubbed Shikitega, the threat is delivered as part of a multi-stage infection chain, where each step is responsible for a part of the payload and fetches and executes the next module. READ MORE...
Security researchers have found that roughly eight out of ten websites featuring a search bar will leak their visitor's search terms to online advertisers like Google. This practice has the implication of breaching the users' privacy and leaking sensitive information to a massive network of third parties who can then use this data to deliver targeted advertisements or track your behavior on the web. READ MORE...
Threat actors are exploiting vulnerabilities in D-Link routers to spread a variant of Mirai malware called MooBot, which targets exposed networking devices running Linux, according to research released Tuesday from Palo Alto Networks' Unit 42. Though the manufacturer has published security bulletins for the vulnerabilities, users may be running older or unpatched versions of D-Link devices, according to the report. READ MORE...