AVRecon Botnet Leveraging Compromised Routers to Fuel Illegal Proxy Service

AVRecon Botnet Leveraging Compromised Routers to Fuel Illegal Proxy Service,

More details have emerged about a botnet called AVRecon, which has been observed making use of compromised small office/home office (SOHO) routers as part of a multi-year campaign active since at least May 2021.
AVRecon was first disclosed by Lumen Black Lotus Labs earlier this month as malware capable of executing additional commands and stealing victim’s bandwidth for what appears to be an

,

More details have emerged about a botnet called AVRecon, which has been observed making use of compromised small office/home office (SOHO) routers as part of a multi-year campaign active since at least May 2021.
AVRecon was first disclosed by Lumen Black Lotus Labs earlier this month as malware capable of executing additional commands and stealing victim’s bandwidth for what appears to be an

, ,
https://thehackernews.com/2023/07/avrecon-botnet-leveraging-compromised.html

Fruity Trojan Uses Deceptive Software Installers to Spread Remcos RAT

Fruity Trojan Uses Deceptive Software Installers to Spread Remcos RAT,

Threat actors are creating fake websites hosting trojanized software installers to trick unsuspecting users into downloading a downloader malware called Fruity with the goal of installing remote trojans tools like Remcos RAT.
« Among the software in question are various instruments for fine-tuning CPUs, graphic cards, and BIOS; PC hardware-monitoring tools; and some other apps, » cybersecurity

,

Threat actors are creating fake websites hosting trojanized software installers to trick unsuspecting users into downloading a downloader malware called Fruity with the goal of installing remote trojans tools like Remcos RAT.
« Among the software in question are various instruments for fine-tuning CPUs, graphic cards, and BIOS; PC hardware-monitoring tools; and some other apps, » cybersecurity

, ,
https://thehackernews.com/2023/07/fruity-trojan-uses-deceptive-software.html

Multiple Flaws Found in Ninja Forms Plugin Leave 800,000 Sites Vulnerable

Multiple Flaws Found in Ninja Forms Plugin Leave 800,000 Sites Vulnerable,

Multiple security vulnerabilities have been disclosed in the Ninja Forms plugin for WordPress that could be exploited by threat actors to escalate privileges and steal sensitive data.
The flaws, tracked as CVE-2023-37979, CVE-2023-38386, and CVE-2023-38393, impact versions 3.6.25 and below, Patchstack said in a report last week. Ninja Forms is installed on over 800,000 sites.
A brief description

,

Multiple security vulnerabilities have been disclosed in the Ninja Forms plugin for WordPress that could be exploited by threat actors to escalate privileges and steal sensitive data.
The flaws, tracked as CVE-2023-37979, CVE-2023-38386, and CVE-2023-38393, impact versions 3.6.25 and below, Patchstack said in a report last week. Ninja Forms is installed on over 800,000 sites.
A brief description

, ,
https://thehackernews.com/2023/07/multiple-flaws-found-in-ninja-forms.html

New Android Malware CherryBlos Utilizing OCR to Steal Sensitive Data

New Android Malware CherryBlos Utilizing OCR to Steal Sensitive Data,

A new Android malware strain called CherryBlos has been observed making use of optical character recognition (OCR) techniques to gather sensitive data stored in pictures.
CherryBlos, per Trend Micro, is distributed via bogus posts on social media platforms and comes with capabilities to steal cryptocurrency wallet-related credentials and act as a clipper to substitute wallet addresses when a

,

A new Android malware strain called CherryBlos has been observed making use of optical character recognition (OCR) techniques to gather sensitive data stored in pictures.
CherryBlos, per Trend Micro, is distributed via bogus posts on social media platforms and comes with capabilities to steal cryptocurrency wallet-related credentials and act as a clipper to substitute wallet addresses when a

, ,
https://thehackernews.com/2023/07/new-android-malware-cherryblos.html

RFP Template for Browser Security

RFP Template for Browser Security,

Increasing cyber threats and attacks have made protecting organizational data a paramount concern for businesses of all sizes. A group of experts have recognized the pressing need for comprehensive browser security solutions and collaborated to develop « The Definitive Browser Security RFP Template. » This resource helps streamline the process of evaluating and procuring browser security platforms

,

Increasing cyber threats and attacks have made protecting organizational data a paramount concern for businesses of all sizes. A group of experts have recognized the pressing need for comprehensive browser security solutions and collaborated to develop « The Definitive Browser Security RFP Template. » This resource helps streamline the process of evaluating and procuring browser security platforms

, ,
https://thehackernews.com/2023/07/rfp-template-for-browser-security.html

Apple Sets New Rules for Developers to Prevent Fingerprinting and Data Misuse

Apple Sets New Rules for Developers to Prevent Fingerprinting and Data Misuse,

Apple has announced plans to require developers to submit reasons to use certain APIs in their apps starting later this year with the release of iOS 17, iPadOS 17, macOS Sonoma, tvOS 17, and watchOS 10 to prevent their abuse for data collection.
« This will help ensure that apps only use these APIs for their intended purpose, » the company said in a statement. « As part of this process, you’ll need

,

Apple has announced plans to require developers to submit reasons to use certain APIs in their apps starting later this year with the release of iOS 17, iPadOS 17, macOS Sonoma, tvOS 17, and watchOS 10 to prevent their abuse for data collection.
« This will help ensure that apps only use these APIs for their intended purpose, » the company said in a statement. « As part of this process, you’ll need

, ,
https://thehackernews.com/2023/07/apple-sets-new-rules-for-developers-to.html

Hackers Deploy « SUBMARINE » Backdoor in Barracuda Email Security Gateway Attacks

Hackers Deploy « SUBMARINE » Backdoor in Barracuda Email Security Gateway Attacks

,

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday disclosed details of a « novel persistent backdoor » called SUBMARINE deployed by threat actors in connection with the hack on Barracuda Email Security Gateway (ESG) appliances.
« SUBMARINE comprises multiple artifacts — including a SQL trigger, shell scripts, and a loaded library for a Linux daemon — that together enable

,

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday disclosed details of a « novel persistent backdoor » called SUBMARINE deployed by threat actors in connection with the hack on Barracuda Email Security Gateway (ESG) appliances.
« SUBMARINE comprises multiple artifacts — including a SQL trigger, shell scripts, and a loaded library for a Linux daemon — that together enable

, ,
https://thehackernews.com/2023/07/hackers-deploy-submarine-backdoor-in.html

Ivanti Warns of Another Endpoint Manager Mobile Vulnerability Under Active Attack

Ivanti Warns of Another Endpoint Manager Mobile Vulnerability Under Active Attack,

Ivanti has disclosed yet another security flaw impacting Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core, that it said has been weaponized as part of an exploit chain by malicious actors in the wild.
The new vulnerability, tracked as CVE-2023-35081 (CVSS score: 7.8), impacts supported versions 11.10, 11.9, and 11.8, as well as those that are currently end-of-life (EoL).
« 

,

Ivanti has disclosed yet another security flaw impacting Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core, that it said has been weaponized as part of an exploit chain by malicious actors in the wild.
The new vulnerability, tracked as CVE-2023-35081 (CVSS score: 7.8), impacts supported versions 11.10, 11.9, and 11.8, as well as those that are currently end-of-life (EoL).
« 

, ,
https://thehackernews.com/2023/07/ivanti-warns-of-another-endpoint.html

IcedID Malware Adapts and Expands Threat with Updated BackConnect Module

IcedID Malware Adapts and Expands Threat with Updated BackConnect Module,

The threat actors linked to the malware loader known as IcedID have made updates to the BackConnect (BC) module that’s used for post-compromise activity on hacked systems, new findings from Team Cymru reveal.
IcedID, also called BokBot, is a strain of malware similar to Emotet and QakBot that started off as a banking trojan in 2017, before switching to the role of an initial access facilitator

,

The threat actors linked to the malware loader known as IcedID have made updates to the BackConnect (BC) module that’s used for post-compromise activity on hacked systems, new findings from Team Cymru reveal.
IcedID, also called BokBot, is a strain of malware similar to Emotet and QakBot that started off as a banking trojan in 2017, before switching to the role of an initial access facilitator

, ,
https://thehackernews.com/2023/07/icedid-malware-adapts-and-expands.html

STARK#MULE Targets Koreans with U.S. Military-themed Document Lures

STARK#MULE Targets Koreans with U.S. Military-themed Document Lures,

An ongoing cyber attack campaign has set its sights on Korean-speaking individuals by employing U.S. Military-themed document lures to trick them into running malware on compromised systems.
Cybersecurity firm Securonix is tracking the activity under the name STARK#MULE.
« Based on the source and likely targets, these types of attacks are on par with past attacks stemming from typical North

,

An ongoing cyber attack campaign has set its sights on Korean-speaking individuals by employing U.S. Military-themed document lures to trick them into running malware on compromised systems.
Cybersecurity firm Securonix is tracking the activity under the name STARK#MULE.
« Based on the source and likely targets, these types of attacks are on par with past attacks stemming from typical North

, ,
https://thehackernews.com/2023/07/starkmule-targets-koreans-with-us.html