Hackers Use Rare Stealth Techniques To Down Asian Military, Govt Orgs
Cyber attackers resembling APT41 are leveraging two rare techniques—GrimResource and AppDomainManager Injection—to compromise high-level organizations in Southeast Asia, including government and military entities. GrimResource exploits a six-year-old XSS vulnerability in the Microsoft Management Console (MMC) to execute arbitrary code, while AppDomainManager Injection simplifies malicious DLL loading, making it easier than traditional sideloading. These techniques enable the deployment of Cobalt Strike, emphasizing the need for proactive defenses, particularly in preventing the initial execution of these payloads via spear-phishing attacks.
FBI: North Korea Aggressively Hacking Cryptocurrency Firms
North Korean hackers are increasingly targeting the cryptocurrency industry through sophisticated social engineering techniques, aiming to deploy malware and steal virtual assets. The FBI warns that these attacks involve extensive research and elaborate impersonation tactics, making even cybersecurity professionals vulnerable. Organizations are advised to implement strict identity verification measures, limit sensitive access, and remain vigilant against requests involving non-standard code or unsolicited contacts.
Crypto Vulnerability Allows Cloning Of Yubikey Security Keys
YubiKey devices are vulnerable to cloning through a side-channel attack, known as Eucleak, which exploits a flaw in an Infineon cryptographic library. This attack requires physical access to the YubiKey, allowing attackers to extract cryptographic keys using electromagnetic measurements, though it can only target specific accounts associated with the compromised key. Yubico has since released firmware updates for newer devices that mitigate this vulnerability, while older versions remain at risk.
Zyxel Patches Critical Os Command Injection Flaw In Access Points And Routers
Zyxel has issued patches for a critical OS command injection vulnerability (CVE-2024-7261, CVSS score: 9.8) in certain access points and security routers, which allows unauthenticated attackers to execute unauthorized commands via a crafted cookie. Additionally, Zyxel addressed seven other vulnerabilities in its routers and firewalls, including high-severity issues that could lead to OS command execution, denial-of-service, or cross-site scripting (XSS). Meanwhile, D-Link announced that it will not patch four vulnerabilities in its DIR-846 router, as the device has reached its end-of-life, urging users to upgrade to supported versions.
White House Addresses Bgp Vulnerabilities In New Internet Routing Security Roadmap
The White House has released a new roadmap to address vulnerabilities in the Border Gateway Protocol (BGP), focusing on the adoption of Resource Public Key Infrastructure (RPKI) to improve internet routing security. The roadmap outlines baseline actions for network operators, additional steps for service providers, and collaborative efforts between the government and the IT sector, emphasizing the need for widespread adoption of Route Origin Authorizations (ROA) and Route Origin Validation (ROV). Despite global progress, the United States lags in RPKI implementation, particularly among large networks, highlighting the critical need for increased participation to enhance BGP security and resilience.
2.5 Million Reward Offered For Cyber Criminal Linked To Notorious Angler Exploit Kit
The U.S. government has announced a $2.5 million reward for information leading to the arrest of Vladimir Kadariya, a Belarusian hacker linked to the notorious Angler Exploit Kit, which has been instrumental in widespread malvertising and malware distribution since 2013. Kadariya, indicted in 2023 but only recently identified, is accused of defrauding millions through malicious ads that redirected users to harmful sites, stealing sensitive data, and spreading malware. His current location remains unknown, and the U.S. Secret Service is actively seeking global cooperation to apprehend him.
Revival Hijack Supply-Chain Attack Threatens 22,000 Pypi Packages
The “Revival Hijack” attack exploits the availability of deleted PyPI package names to inject malicious code into widely-used projects. By registering new projects with names of removed packages, threat actors can potentially compromise 22,000 packages, leading to significant security risks. JFrog researchers have intervened by reserving popular deleted package names to prevent misuse, but developers should implement package pinning, verify integrity, and monitor for unusual changes to protect against this threat.
Cisco Fixes Root Escalation Vulnerability With Public Exploit Code
Cisco has addressed a command injection vulnerability (CVE-2024-20469) in its Identity Services Engine (ISE), which allows local attackers with administrator access to escalate privileges to root through crafted CLI commands. The flaw arises from insufficient validation of user inputs, and while public exploit code exists, successful exploitation requires administrator privileges on unpatched systems. Cisco has released patches for affected versions and also resolved additional security issues in its Smart Licensing Utility and Integrated Management Controller (IMC) software.
Microsoft Tackling Windows Logfile Flaws With New Hmac-Based Security Mitigation
Microsoft is developing a new security mitigation for the Windows Common Log File System (CLFS) to counter frequent cyberattacks, including APTs and ransomware, exploiting its vulnerabilities. The mitigation, implemented via Hash-based Message Authentication Codes (HMAC), detects unauthorized modifications to logfiles by ensuring only CLFS or system administrators can access the cryptographic key used for verification. To improve performance, Microsoft is using a Merkle tree structure to reduce the overhead of HMAC calculations for large log files.
Cybercriminals Tap Greasy Opal To Create 750M Fake Microsoft Accounts
Cybercriminals are leveraging the Greasy Opal tool to conduct large-scale bot attacks, particularly bypassing CAPTCHA systems and creating 750 million fake Microsoft accounts, as seen in a recent attack by the Vietnam-based Storm-1152 group. This tool uses machine-learning algorithms and advanced computer vision to simplify the process, lowering the barrier for less-experienced attackers to exploit businesses’ defenses. To combat these evolving AI-powered threats, security professionals are urged to implement advanced AI-based mitigation strategies and robust defense-in-depth approaches to protect against fake accounts and bot-driven traffic.
North Korean Hackers Targets Job Seekers With Fake FreeConference App
North Korean hackers, under the campaign Contagious Interview (tracked as DEV#POPPER), are targeting job seekers by distributing a fake FreeConference app, leveraging malicious installers for Windows and macOS to deploy malware. The campaign, attributed to Lazarus Group, tricks victims into downloading BeaverTail malware through job interview processes, delivering cross-platform backdoors like InvisibleFerret for remote control, keylogging, and data theft, including cryptocurrency wallets and browser information. These attacks, evolving with new techniques and tools like CivetQ, are part of North Korea’s broader strategy to infiltrate and exploit cryptocurrency-related businesses via sophisticated social engineering.
Massive Ddos Poured 3.15 Billion Packets Per Second On Microsoft Server
Global Secure Layer mitigated the largest packet-rate DDoS attack recorded, peaking at 3.15 billion packets per second (Gpps) against a Minecraft server, outpacing prior attacks by 3.2-3.5 times. Despite the attack’s magnitude, with a relatively low bitrate of 849 Gbps, the company’s Goliath platform successfully auto-mitigated the attack, which involved compromised devices from Russia, Vietnam, and South Korea. The attack used a “Carpet Bomb” technique targeting network subnets, exploiting vulnerabilities in devices such as DrayTek Vigor and Hikvision IP cameras, a growing trend after the discovery of flaws in the HTTP/2 protocol last year.
Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.