Kazakh Organizations Targeted by ‘Bloody Wolf’ Cyber Attacks https://firewall.firm.in/wp-content/uploads/2024/08/cyberattack.png Aug 05, 2024Ravie LakshmananNetwork Security / Threat Intelligence Organizations in Kazakhstan are the target of a threat activity cluster dubbed Bloody Wolf that delivers a commodity malware called STRRAT (aka Strigoi Master). “The program selling for as little as $80 on underground resources allows the adversaries to take control of corporate ...

Researchers Uncover Flaws in Windows Smart App Control and SmartScreen https://firewall.firm.in/wp-content/uploads/2024/08/main.gif Aug 05, 2024Ravie LakshmananThreat Intelligence / Vulnerability Cybersecurity researchers have uncovered design weaknesses in Microsoft’s Windows Smart App Control and SmartScreen that could enable threat actors to gain initial access to target environments without raising any warnings. Smart App Control (SAC) is a cloud-powered security feature introduced by Microsoft ...

New Windows Backdoor BITSLOTH Exploits BITS for Stealthy Communication https://firewall.firm.in/wp-content/uploads/2024/08/hacking.png Aug 02, 2024Ravie LakshmananCyber Attack / Windows Security Cybersecurity researchers have discovered a previously undocumented Windows backdoor that leverages a built-in feature called Background Intelligent Transfer Service (BITS) as a command-and-control (C2) mechanism. The newly identified malware strain has been codenamed BITSLOTH by Elastic Security Labs, which made the discovery ...

Mirai Botnet targeting OFBiz Servers Vulnerable to Directory Traversal https://firewall.firm.in/wp-content/uploads/2024/08/sans.jpg Aug 02, 2024The Hacker NewsVulnerability / Network Security Enterprise Resource Planning (ERP) Software is at the heart of many enterprising supporting human resources, accounting, shipping, and manufacturing. These systems can become very complex and difficult to maintain. They are often highly customized, which can make patching difficult. However, critical vulnerabilities ...

DOJ and FTC Sue TikTok for Violating Children’s Privacy Laws https://firewall.firm.in/wp-content/uploads/2024/08/tiktok.jpg Aug 03, 2024Ravie LakshmananPrivacy / Data Protection The U.S. Department of Justice (DoJ), along with the Federal Trade Commission (FTC), filed a lawsuit against popular video-sharing platform TikTok for “flagrantly violating” children’s privacy laws in the country. The agencies claimed the company knowingly permitted children to create TikTok accounts ...

Hackers Exploit Misconfigured Jupyter Notebooks with Repurposed Minecraft DDoS Tool https://firewall.firm.in/wp-content/uploads/2024/08/ddos.png Aug 03, 2024Ravie LakshmananDDoS Attack / Server Security Cybersecurity researchers have disclosed details of a new distributed denial-of-service (DDoS) attack campaign targeting misconfigured Jupyter Notebooks. The activity, codenamed Panamorfi by cloud security firm Aqua, utilizes a Java-based tool called mineping to launch a TCP flood DDoS attack. Mineping is ...

Webinar: Discover the All-in-One Cybersecurity Solution for SMBs https://firewall.firm.in/wp-content/uploads/2024/08/cynet.png Aug 02, 2024The Hacker News In today’s digital battlefield, small and medium businesses (SMBs) face the same cyber threats as large corporations, but with fewer resources. Managed service providers (MSPs) are struggling to keep up with the demand for protection. If your current cybersecurity strategy feels like a house of cards ...

APT28 Targets Diplomats with HeadLace Malware via Car Sale Phishing Lure https://firewall.firm.in/wp-content/uploads/2024/08/malware (2).jpg Aug 02, 2024Ravie LakshmananCyber Espionage / Malware A Russia-linked threat actor has been linked to a new campaign that employed a car for sale as a phishing lure to deliver a modular Windows backdoor called HeadLace. “The campaign likely targeted diplomats and began as early as March ...

APT41 Hackers Use ShadowPad, Cobalt Strike in Taiwanese Institute Cyber Attack https://firewall.firm.in/wp-content/uploads/2024/08/china.jpg Aug 02, 2024Ravie LakshmananCyber Espionage / Malware A Taiwanese government-affiliated research institute that specializes in computing and associated technologies was breached by nation-state threat actors with ties to China, according to new findings from Cisco Talos. The unnamed organization was targeted as early as mid-July 2023 to deliver ...

Over 1 Million Domains at Risk of ‘Sitting Ducks’ Domain Hijacking Technique https://firewall.firm.in/wp-content/uploads/2024/08/domain.png Aug 01, 2024Ravie LakshmananVulnerability / Threat Intelligence Over a million domains are susceptible to takeover by malicious actors by means of what has been called a Sitting Ducks attack. The powerful attack vector, which exploits weaknesses in the domain name system (DNS), is being exploited by over ...