Hackers Exploiting Recently Reported Windows Print Spooler Vulnerability in the Wild

Hackers Exploiting Recently Reported Windows Print Spooler Vulnerability in the Wild,

A security flaw in the Windows Print Spooler component that was patched by Microsoft in February is being actively exploited in the wild, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned.
To that end, the agency has added the shortcoming to its Known Exploited Vulnerabilities Catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to address the issues by

,

A security flaw in the Windows Print Spooler component that was patched by Microsoft in February is being actively exploited in the wild, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned.
To that end, the agency has added the shortcoming to its Known Exploited Vulnerabilities Catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to address the issues by

, ,
https://thehackernews.com/2022/04/hackers-exploiting-recently-reported.html

New Lenovo UEFI Firmware Vulnerabilities Affect Millions of Laptops

New Lenovo UEFI Firmware Vulnerabilities Affect Millions of Laptops,

Three high-impact Unified Extensible Firmware Interface (UEFI) security vulnerabilities have been discovered impacting various Lenovo consumer laptop models, enabling malicious actors to deploy and execute firmware implants on the affected devices.
Tracked as CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972, the latter two « affect firmware drivers originally meant to be used only during the

,

Three high-impact Unified Extensible Firmware Interface (UEFI) security vulnerabilities have been discovered impacting various Lenovo consumer laptop models, enabling malicious actors to deploy and execute firmware implants on the affected devices.
Tracked as CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972, the latter two « affect firmware drivers originally meant to be used only during the

, ,
https://thehackernews.com/2022/04/new-lenovo-uefi-firmware.html

Experts Uncover Spyware Attacks Against Catalan Politicians and Activists

Experts Uncover Spyware Attacks Against Catalan Politicians and Activists,

A previously unknown zero-click exploit in Apple’s iMessage was used to install mercenary spyware from NSO Group and Candiru against at least 65 individuals as part of a « multi-year clandestine operation. »
« Victims included Members of the European Parliament, Catalan Presidents, legislators, jurists, and members of civil society organizations, » the University of Toronto’s Citizen Lab said in a

,

A previously unknown zero-click exploit in Apple’s iMessage was used to install mercenary spyware from NSO Group and Candiru against at least 65 individuals as part of a « multi-year clandestine operation. »
« Victims included Members of the European Parliament, Catalan Presidents, legislators, jurists, and members of civil society organizations, » the University of Toronto’s Citizen Lab said in a

, ,
https://thehackernews.com/2022/04/experts-uncover-spyware-attacks-against.html

FBI, U.S. Treasury and CISA Warn of North Korean Hackers Targeting Blockchain Companies

FBI, U.S. Treasury and CISA Warn of North Korean Hackers Targeting Blockchain Companies,

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Federal Bureau of Investigation (FBI) and the Treasury Department, warned of a new set of ongoing cyber attacks carried out by the Lazarus Group targeting blockchain companies.
Calling the activity cluster TraderTraitor, the infiltrations involve the North Korean state-sponsored advanced persistent threat (APT)

,

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Federal Bureau of Investigation (FBI) and the Treasury Department, warned of a new set of ongoing cyber attacks carried out by the Lazarus Group targeting blockchain companies.
Calling the activity cluster TraderTraitor, the infiltrations involve the North Korean state-sponsored advanced persistent threat (APT)

, ,
https://thehackernews.com/2022/04/fbi-us-treasury-and-cisa-warns-of-north.html

GitHub Notifies Victims Whose Private Data Was Accessed Using OAuth Tokens

GitHub Notifies Victims Whose Private Data Was Accessed Using OAuth Tokens,

GitHub on Monday noted that it had notified all victims of an attack campaign, which involved an unauthorized party downloading private repository contents by taking advantage of third-party OAuth user tokens maintained by Heroku and Travis CI.
« Customers should also continue to monitor Heroku and Travis CI for updates on their own investigations into the affected OAuth applications, » the

,

GitHub on Monday noted that it had notified all victims of an attack campaign, which involved an unauthorized party downloading private repository contents by taking advantage of third-party OAuth user tokens maintained by Heroku and Travis CI.
« Customers should also continue to monitor Heroku and Travis CI for updates on their own investigations into the affected OAuth applications, » the

, ,
https://thehackernews.com/2022/04/github-notifies-victims-whose-private.html

Researchers Share In-Depth Analysis of PYSA Ransomware Group

Researchers Share In-Depth Analysis of PYSA Ransomware Group,

An 18-month-long analysis of the PYSA ransomware operation has revealed that the cybercrime cartel followed a five-stage software development cycle from August 2020, with the malware authors prioritizing features to improve the efficiency of its workflows.
This included a user-friendly tool like a full-text search engine to facilitate the extraction of metadata and enable the threat actors to

,

An 18-month-long analysis of the PYSA ransomware operation has revealed that the cybercrime cartel followed a five-stage software development cycle from August 2020, with the malware authors prioritizing features to improve the efficiency of its workflows.
This included a user-friendly tool like a full-text search engine to facilitate the extraction of metadata and enable the threat actors to

, ,
https://thehackernews.com/2022/04/researchers-share-in-depth-analysis-of.html

Benchmarking Linux Security – Latest Research Findings

Benchmarking Linux Security – Latest Research Findings,

How well do your Linux security practices stack up in today’s challenging operating environment? Are you following the correct processes to keep systems up-to-date and protected against the latest threats? Now you can find out thanks to research independently conducted by the Ponemon Institute.
The research sponsored by TuxCare sought to understand better how organizations are currently managing

,

How well do your Linux security practices stack up in today’s challenging operating environment? Are you following the correct processes to keep systems up-to-date and protected against the latest threats? Now you can find out thanks to research independently conducted by the Ponemon Institute.
The research sponsored by TuxCare sought to understand better how organizations are currently managing

, ,
https://thehackernews.com/2022/04/benchmarking-linux-security-latest.html

New SolarMarker Malware Variant Using Updated Techniques to Stay Under the Radar

New SolarMarker Malware Variant Using Updated Techniques to Stay Under the Radar,

Cybersecurity researchers have disclosed a new version of the SolarMarker malware that packs in new improvements with the goal of updating its defense evasion abilities and staying under the radar.
« The recent version demonstrated an evolution from Windows Portable Executables (EXE files) to working with Windows installer package files (MSI files), » Palo Alto Networks Unit 42 researchers said in

,

Cybersecurity researchers have disclosed a new version of the SolarMarker malware that packs in new improvements with the goal of updating its defense evasion abilities and staying under the radar.
« The recent version demonstrated an evolution from Windows Portable Executables (EXE files) to working with Windows installer package files (MSI files), » Palo Alto Networks Unit 42 researchers said in

, ,
https://thehackernews.com/2022/04/new-solarmarker-malware-variant-using.html

New Hacking Campaign Targeting Ukrainian Government with IcedID Malware

New Hacking Campaign Targeting Ukrainian Government with IcedID Malware,

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new wave of social engineering campaigns delivering IcedID malware and leveraging Zimbra exploits with the goal of stealing sensitive information.
Attributing the IcedID phishing attacks to a threat cluster named UAC-0041, the agency said the infection sequence begins with an email containing a Microsoft Excel document (

,

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new wave of social engineering campaigns delivering IcedID malware and leveraging Zimbra exploits with the goal of stealing sensitive information.
Attributing the IcedID phishing attacks to a threat cluster named UAC-0041, the agency said the infection sequence begins with an email containing a Microsoft Excel document (

, ,
https://thehackernews.com/2022/04/new-hacking-campaign-targeting.html

Critical RCE Flaw Reported in WordPress Elementor Website Builder Plugin

Critical RCE Flaw Reported in WordPress Elementor Website Builder Plugin,

Elementor, a WordPress website builder plugin with over five million active installations, has been found to be vulnerable to an authenticated remote code execution flaw that could be abused to take over affected websites.
Plugin Vulnerabilities, which disclosed the flaw last week, said the bug was introduced in version 3.6.0 that was released on March 22, 2022. Roughly 37% of users of the

,

Elementor, a WordPress website builder plugin with over five million active installations, has been found to be vulnerable to an authenticated remote code execution flaw that could be abused to take over affected websites.
Plugin Vulnerabilities, which disclosed the flaw last week, said the bug was introduced in version 3.6.0 that was released on March 22, 2022. Roughly 37% of users of the

, ,
https://thehackernews.com/2022/04/critical-rce-flaw-reported-in-wordpress.html