NoviSpy Spyware Installed on Journalist’s Phone After Unlocking It With Cellebrite Tool https://firewall.firm.in/wp-content/uploads/2024/12/spyware.png A Serbian journalist had his phone first unlocked by a Cellebrite tool and subsequently compromised by a previously undocumented spyware codenamed NoviSpy, according to a new report published by Amnesty International. “NoviSpy allows for capturing sensitive personal data from a target’s phone after infection and provides the ...

Thai Officials Targeted in Yokai Backdoor Campaign Using DLL Side-Loading Techniques https://firewall.firm.in/wp-content/uploads/2024/12/malware.png Dec 14, 2024Ravie LakshmananMalware / Cyber Threat Thai government officials have emerged as the target of a new campaign that leverages a technique called DLL side-loading to deliver a previously undocumented backdoor dubbed Yokai. “The target of the threat actors were Thailand officials based on the nature of ...

Germany Disrupts BADBOX Malware on 30,000 Devices Using Sinkhole Action https://firewall.firm.in/wp-content/uploads/2024/12/badbox.png Dec 14, 2024Ravie LakshmananBotnet / Ad Fraud Germany’s Federal Office of Information Security (BSI) has announced that it has disrupted a malware operation called BADBOX that came preloaded on at least 30,000 internet-connected devices sold across the country. In a statement published earlier this week, authorities said they severed ...

How to Generate a CrowdStrike RFM Report With AI in Tines https://firewall.firm.in/wp-content/uploads/2024/12/main.png Run by the team at orchestration, AI, and automation platform Tines, the Tines library contains pre-built workflows shared by real security practitioners from across the community, all of which are free to import and deploy via the Community Edition of the platform. Their bi-annual “You Did What with ...

Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms https://firewall.firm.in/wp-content/uploads/2024/12/exploit.png Dec 13, 2024The Hacker NewsIoT Security / Operational Technology Iran-affiliated threat actors have been linked to a new custom malware that’s geared toward IoT and operational technology (OT) environments in Israel and the United States. The malware has been codenamed IOCONTROL by OT cybersecurity company Claroty, highlighting its ability to ...

Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection https://firewall.firm.in/wp-content/uploads/2024/12/openwrt.png Dec 13, 2024The Hacker NewsLinux / Vulnerability A security flaw has been disclosed in OpenWrt’s Attended Sysupgrade (ASU) feature that, if successfully exploited, could have been abused to distribute malicious firmware packages. The vulnerability, tracked as CVE-2024-54143, carries a CVSS score of 9.3 out of a maximum of 10, indicating ...

390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits https://firewall.firm.in/wp-content/uploads/2024/12/github.png Dec 13, 2024Ravie LakshmananCyber Attack / Malware A now-removed GitHub repository that advertised a WordPress tool to publish posts to the online content management system (CMS) is estimated to have enabled the exfiltration of over 390,000 credentials. The malicious activity is part of a broader attack campaign undertaken ...

DoJ Indicts 14 North Koreans for $88M IT Worker Fraud Scheme Over Six Years https://firewall.firm.in/wp-content/uploads/2024/12/fbi.jpg The U.S. Department of Justice (DoJ) has indicted 14 nationals belonging to the Democratic People’s Republic of Korea (DPRK or North Korea) for their alleged involvement in a long-running conspiracy to violate sanctions and commit wire fraud, money laundering, and identity theft by illegally seeking ...

Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking Online https://firewall.firm.in/wp-content/uploads/2024/12/serves-hacking.png Dec 12, 2024Ravie LakshmananVulnerability / Cloud Security Cybersecurity researchers are warning that thousands of servers hosting the Prometheus monitoring and alerting toolkit are at risk of information leakage and exposure to denial-of-service (DoS) as well as remote code execution (RCE) attacks. “Prometheus servers or exporters, often lacking proper ...

Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service https://firewall.firm.in/wp-content/uploads/2024/12/hacking.png Dec 11, 2024Ravie LakshmananMalware / Cyber Espionage The Russian nation-state actor tracked as Secret Blizzard has been observed leveraging malware associated with other threat actors to deploy a known backdoor called Kazuar on target devices located in Ukraine. The new findings come from the Microsoft threat intelligence team, which ...