OpenSSH Releases Patch for New Pre-Auth Double Free Vulnerability

OpenSSH Releases Patch for New Pre-Auth Double Free Vulnerability,

The maintainers of OpenSSH have released OpenSSH 9.2 to address a number of security bugs, including a memory safety vulnerability in the OpenSSH server (sshd).
Tracked as CVE-2023-25136, the shortcoming has been classified as a pre-authentication double free vulnerability that was introduced in version 9.1.
« This is not believed to be exploitable, and it occurs in the unprivileged pre-auth

,

The maintainers of OpenSSH have released OpenSSH 9.2 to address a number of security bugs, including a memory safety vulnerability in the OpenSSH server (sshd).
Tracked as CVE-2023-25136, the shortcoming has been classified as a pre-authentication double free vulnerability that was introduced in version 9.1.
« This is not believed to be exploitable, and it occurs in the unprivileged pre-auth

, ,
https://thehackernews.com/2023/02/openssh-releases-patch-for-new-pre-auth.html

FormBook Malware Spreads via Malvertising Using MalVirt Loader to Evade Detection

FormBook Malware Spreads via Malvertising Using MalVirt Loader to Evade Detection,

An ongoing malvertising campaign is being used to distribute virtualized .NET loaders that are designed to deploy the FormBook information-stealing malware.
« The loaders, dubbed MalVirt, use obfuscated virtualization for anti-analysis and evasion along with the Windows Process Explorer driver for terminating processes, » SentinelOne researchers Aleksandar Milenkoski and Tom Hegel said in a

,

An ongoing malvertising campaign is being used to distribute virtualized .NET loaders that are designed to deploy the FormBook information-stealing malware.
« The loaders, dubbed MalVirt, use obfuscated virtualization for anti-analysis and evasion along with the Windows Process Explorer driver for terminating processes, » SentinelOne researchers Aleksandar Milenkoski and Tom Hegel said in a

, ,
https://thehackernews.com/2023/02/formbook-malware-spreads-via.html

PixPirate: New Android Banking Trojan Targeting Brazilian Financial Institutions

PixPirate: New Android Banking Trojan Targeting Brazilian Financial Institutions,

A new Android banking trojan has set its eyes on Brazilian financial institutions to commit fraud by leveraging the PIX payments platform.
Italian cybersecurity company Cleafy, which discovered the malware between the end of 2022 and the beginning of 2023, is tracking it under the name PixPirate.
« PixPirate belongs to the newest generation of Android banking trojan, as it can perform ATS (

,

A new Android banking trojan has set its eyes on Brazilian financial institutions to commit fraud by leveraging the PIX payments platform.
Italian cybersecurity company Cleafy, which discovered the malware between the end of 2022 and the beginning of 2023, is tracking it under the name PixPirate.
« PixPirate belongs to the newest generation of Android banking trojan, as it can perform ATS (

, ,
https://thehackernews.com/2023/02/pixpirate-new-android-banking-trojan.html

New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers

New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers,

VMware ESXi hypervisors are the target of a new wave of attacks designed to deploy ransomware on compromised systems.
« These attack campaigns appear to exploit CVE-2021-21974, for which a patch has been available since February 23, 2021, » the Computer Emergency Response Team (CERT) of France said in an advisory on Friday.
VMware, in its own alert released at the time, described the issue as an 

,

VMware ESXi hypervisors are the target of a new wave of attacks designed to deploy ransomware on compromised systems.
« These attack campaigns appear to exploit CVE-2021-21974, for which a patch has been available since February 23, 2021, » the Computer Emergency Response Team (CERT) of France said in an advisory on Friday.
VMware, in its own alert released at the time, described the issue as an 

, ,
https://thehackernews.com/2023/02/new-wave-of-ransomware-attacks.html

Warning: Hackers Actively Exploiting Zero-Day in Fortra’s GoAnywhere MFT

Warning: Hackers Actively Exploiting Zero-Day in Fortra’s GoAnywhere MFT

,

A zero-day vulnerability affecting Fortra’s GoAnywhere MFT managed file transfer application is being actively exploited in the wild.
Details of the flaw were first publicly shared by security reporter Brian Krebs on Mastodon. No public advisory has been published by Fortra.
The vulnerability is a case of remote code injection that requires access to the administrative console of the application

,

A zero-day vulnerability affecting Fortra’s GoAnywhere MFT managed file transfer application is being actively exploited in the wild.
Details of the flaw were first publicly shared by security reporter Brian Krebs on Mastodon. No public advisory has been published by Fortra.
The vulnerability is a case of remote code injection that requires access to the administrative console of the application

, ,
https://thehackernews.com/2023/02/warning-hackers-actively-exploiting.html

Is Your EV Charging Station Safe? New Security Vulnerabilities Uncovered

Is Your EV Charging Station Safe? New Security Vulnerabilities Uncovered,

Two new security weaknesses discovered in several electric vehicle (EV) charging systems could be exploited to remotely shut down charging stations and even expose them to data and energy theft.
The findings, which come from Israel-based SaiFlow, once again demonstrate the potential risks facing the EV charging infrastructure.
The issues have been identified in version 1.6J of the Open Charge

,

Two new security weaknesses discovered in several electric vehicle (EV) charging systems could be exploited to remotely shut down charging stations and even expose them to data and energy theft.
The findings, which come from Israel-based SaiFlow, once again demonstrate the potential risks facing the EV charging infrastructure.
The issues have been identified in version 1.6J of the Open Charge

, ,
https://thehackernews.com/2023/02/is-your-ev-charging-station-safe-new.html

Post-Macro World Sees Rise in Microsoft OneNote Documents Delivering Malware

Post-Macro World Sees Rise in Microsoft OneNote Documents Delivering Malware,

In a continuing sign that threat actors are adapting well to a post-macro world, it has emerged that the use of Microsoft OneNote documents to deliver malware via phishing attacks is on the rise.
Some of the notable malware families that are being distributed using this method include AsyncRAT, RedLine Stealer, Agent Tesla, DOUBLEBACK, Quasar RAT, XWorm, Qakbot, BATLOADER, and FormBook.

,

In a continuing sign that threat actors are adapting well to a post-macro world, it has emerged that the use of Microsoft OneNote documents to deliver malware via phishing attacks is on the rise.
Some of the notable malware families that are being distributed using this method include AsyncRAT, RedLine Stealer, Agent Tesla, DOUBLEBACK, Quasar RAT, XWorm, Qakbot, BATLOADER, and FormBook.

, ,
https://thehackernews.com/2023/02/post-macro-world-sees-rise-in-microsoft.html

Iranian OilRig Hackers Using New Backdoor to Exfiltrate Data from Govt. Organizations

Iranian OilRig Hackers Using New Backdoor to Exfiltrate Data from Govt. Organizations,

The Iranian nation-state hacking group known as OilRig has continued to target government organizations in the Middle East as part of a cyber espionage campaign that leverages a new backdoor to exfiltrate data.
« The campaign abuses legitimate but compromised email accounts to send stolen data to external mail accounts controlled by the attackers, » Trend Micro researchers Mohamed Fahmy, Sherif

,

The Iranian nation-state hacking group known as OilRig has continued to target government organizations in the Middle East as part of a cyber espionage campaign that leverages a new backdoor to exfiltrate data.
« The campaign abuses legitimate but compromised email accounts to send stolen data to external mail accounts controlled by the attackers, » Trend Micro researchers Mohamed Fahmy, Sherif

, ,
https://thehackernews.com/2023/02/iranian-oilrig-hackers-using-new.html

The Pivot: How MSPs Can Turn a Challenge Into a Once-in-a-Decade Opportunity

The Pivot: How MSPs Can Turn a Challenge Into a Once-in-a-Decade Opportunity,

Cybersecurity is quickly becoming one of the most significant growth drivers for Managed Service Providers (MSPs). That’s the main insight from a recent study from Lumu: in North America, more than 80% of MSPs cite cybersecurity as a primary growth driver of their business. Service providers have a huge opportunity to expand their business and win new customers by developing their cybersecurity

,

Cybersecurity is quickly becoming one of the most significant growth drivers for Managed Service Providers (MSPs). That’s the main insight from a recent study from Lumu: in North America, more than 80% of MSPs cite cybersecurity as a primary growth driver of their business. Service providers have a huge opportunity to expand their business and win new customers by developing their cybersecurity

, ,
https://thehackernews.com/2023/02/the-pivot-how-msps-can-turn-challenge.html

Record historique pour les cryptomonnaies : pourquoi les pirates n’ont jamais gagné autant

Record historique pour les cryptomonnaies : pourquoi les pirates n’ont jamais gagné autant,

crypto

L’an dernier, le secteur des cryptomonnaies a battu un triste record. Pour la première fois, les pirates sont parvenus à dérober près de 4 milliards de dollars. Les hackers, dont les sbires de Kim Jong Un, ont exploité la fragilité de certains protocoles…

,

crypto

L’an dernier, le secteur des cryptomonnaies a battu un triste record. Pour la première fois, les pirates sont parvenus à dérober près de 4 milliards de dollars. Les hackers, dont les sbires de Kim Jong Un, ont exploité la fragilité de certains protocoles…

, ,
https://www.01net.com/actualites/record-historique-cryptomonnaies-pirates-jamais-gagne-autant.html