Ivanti Warns of Another Endpoint Manager Mobile Vulnerability Under Active Attack

Ivanti Warns of Another Endpoint Manager Mobile Vulnerability Under Active Attack,

Ivanti has disclosed yet another security flaw impacting Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core, that it said has been weaponized as part of an exploit chain by malicious actors in the wild.
The new vulnerability, tracked as CVE-2023-35081 (CVSS score: 7.8), impacts supported versions 11.10, 11.9, and 11.8, as well as those that are currently end-of-life (EoL).
« 

,

Ivanti has disclosed yet another security flaw impacting Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core, that it said has been weaponized as part of an exploit chain by malicious actors in the wild.
The new vulnerability, tracked as CVE-2023-35081 (CVSS score: 7.8), impacts supported versions 11.10, 11.9, and 11.8, as well as those that are currently end-of-life (EoL).
« 

, ,
https://thehackernews.com/2023/07/ivanti-warns-of-another-endpoint.html

IcedID Malware Adapts and Expands Threat with Updated BackConnect Module

IcedID Malware Adapts and Expands Threat with Updated BackConnect Module,

The threat actors linked to the malware loader known as IcedID have made updates to the BackConnect (BC) module that’s used for post-compromise activity on hacked systems, new findings from Team Cymru reveal.
IcedID, also called BokBot, is a strain of malware similar to Emotet and QakBot that started off as a banking trojan in 2017, before switching to the role of an initial access facilitator

,

The threat actors linked to the malware loader known as IcedID have made updates to the BackConnect (BC) module that’s used for post-compromise activity on hacked systems, new findings from Team Cymru reveal.
IcedID, also called BokBot, is a strain of malware similar to Emotet and QakBot that started off as a banking trojan in 2017, before switching to the role of an initial access facilitator

, ,
https://thehackernews.com/2023/07/icedid-malware-adapts-and-expands.html

STARK#MULE Targets Koreans with U.S. Military-themed Document Lures

STARK#MULE Targets Koreans with U.S. Military-themed Document Lures,

An ongoing cyber attack campaign has set its sights on Korean-speaking individuals by employing U.S. Military-themed document lures to trick them into running malware on compromised systems.
Cybersecurity firm Securonix is tracking the activity under the name STARK#MULE.
« Based on the source and likely targets, these types of attacks are on par with past attacks stemming from typical North

,

An ongoing cyber attack campaign has set its sights on Korean-speaking individuals by employing U.S. Military-themed document lures to trick them into running malware on compromised systems.
Cybersecurity firm Securonix is tracking the activity under the name STARK#MULE.
« Based on the source and likely targets, these types of attacks are on par with past attacks stemming from typical North

, ,
https://thehackernews.com/2023/07/starkmule-targets-koreans-with-us.html

A Data Exfiltration Attack Scenario: The Porsche Experience

A Data Exfiltration Attack Scenario: The Porsche Experience,

As part of Checkmarx’s mission to help organizations develop and deploy secure software, the Security Research team started looking at the security posture of major car manufacturers. Porsche has a well-established Vulnerability Reporting Policy (Disclosure Policy)[1], it was considered in scope for our research, so we decided to start there, and see what we could find.
What we found is an

,

As part of Checkmarx’s mission to help organizations develop and deploy secure software, the Security Research team started looking at the security posture of major car manufacturers. Porsche has a well-established Vulnerability Reporting Policy (Disclosure Policy)[1], it was considered in scope for our research, so we decided to start there, and see what we could find.
What we found is an

, ,
https://thehackernews.com/2023/07/a-data-exfiltration-attack-scenario.html

Hackers Abusing Windows Search Feature to Install Remote Access Trojans

Hackers Abusing Windows Search Feature to Install Remote Access Trojans,

A legitimate Windows search feature is being exploited by malicious actors to download arbitrary payloads from remote servers and compromise targeted systems with remote access trojans such as AsyncRAT and Remcos RAT.
The novel attack technique, per Trellix, takes advantage of the « search-ms: » URI protocol handler, which offers the ability for applications and HTML links to launch custom local

,

A legitimate Windows search feature is being exploited by malicious actors to download arbitrary payloads from remote servers and compromise targeted systems with remote access trojans such as AsyncRAT and Remcos RAT.
The novel attack technique, per Trellix, takes advantage of the « search-ms: » URI protocol handler, which offers the ability for applications and HTML links to launch custom local

, ,
https://thehackernews.com/2023/07/hackers-abusing-windows-search-feature.html

BlueBravo Deploys GraphicalProton Backdoor Against European Diplomatic Entities

BlueBravo Deploys GraphicalProton Backdoor Against European Diplomatic Entities,

The Russian nation-state actor known as BlueBravo has been observed targeting diplomatic entities throughout Eastern Europe with the goal of delivering a new backdoor called GraphicalProton, exemplifying the continuous evolution of the threat.
The phishing campaign is characterized by the use of legitimate internet services (LIS) for command-and-control (C2) obfuscation, Recorded Future said in

,

The Russian nation-state actor known as BlueBravo has been observed targeting diplomatic entities throughout Eastern Europe with the goal of delivering a new backdoor called GraphicalProton, exemplifying the continuous evolution of the threat.
The phishing campaign is characterized by the use of legitimate internet services (LIS) for command-and-control (C2) obfuscation, Recorded Future said in

, ,
https://thehackernews.com/2023/07/bluebravo-deploys-graphicalproton.html

Major Security Flaw Discovered in Metabase BI Software – Urgent Update Required

Major Security Flaw Discovered in Metabase BI Software – Urgent Update Required,

Users of Metabase, a popular business intelligence and data visualization software package, are being advised to update to the latest version following the discovery of an « extremely severe » flaw that could result in pre-authenticated remote code execution on affected installations.
Tracked as CVE-2023-38646, the issue impacts open-source editions prior to 0.46.6.1 and Metabase Enterprise

,

Users of Metabase, a popular business intelligence and data visualization software package, are being advised to update to the latest version following the discovery of an « extremely severe » flaw that could result in pre-authenticated remote code execution on affected installations.
Tracked as CVE-2023-38646, the issue impacts open-source editions prior to 0.46.6.1 and Metabase Enterprise

, ,
https://thehackernews.com/2023/07/major-security-flaw-discovered-in.html

Cybersecurity Agencies Warn Against IDOR Bugs Exploited for Data Breaches

Cybersecurity Agencies Warn Against IDOR Bugs Exploited for Data Breaches,

Cybersecurity agencies in Australia and the U.S. have published a joint cybersecurity advisory warning against security flaws in web applications that could be exploited by malicious actors to orchestrate data breach incidents and steal confidential data.
This includes a specific class of bugs called Insecure Direct Object Reference (IDOR), a type of access control flaw that occurs when an

,

Cybersecurity agencies in Australia and the U.S. have published a joint cybersecurity advisory warning against security flaws in web applications that could be exploited by malicious actors to orchestrate data breach incidents and steal confidential data.
This includes a specific class of bugs called Insecure Direct Object Reference (IDOR), a type of access control flaw that occurs when an

, ,
https://thehackernews.com/2023/07/cybersecurity-agencies-warn-against.html

GameOver(lay): Two Severe Linux Vulnerabilities Impact 40% of Ubuntu Users

GameOver(lay): Two Severe Linux Vulnerabilities Impact 40% of Ubuntu Users,

Cybersecurity researchers have disclosed two high-severity security flaws in the Ubuntu kernel that could pave the way for local privilege escalation attacks.
Cloud security firm Wiz, in a report shared with The Hacker News, said the easy-to-exploit shortcomings have the potential to impact 40% of Ubuntu users.
« The impacted Ubuntu versions are prevalent in the cloud as they serve as the default

,

Cybersecurity researchers have disclosed two high-severity security flaws in the Ubuntu kernel that could pave the way for local privilege escalation attacks.
Cloud security firm Wiz, in a report shared with The Hacker News, said the easy-to-exploit shortcomings have the potential to impact 40% of Ubuntu users.
« The impacted Ubuntu versions are prevalent in the cloud as they serve as the default

, ,
https://thehackernews.com/2023/07/gameoverlay-two-severe-linux.html

New Malvertising Campaign Distributing Trojanized IT Tools via Google and Bing Search Ads

New Malvertising Campaign Distributing Trojanized IT Tools via Google and Bing Search Ads,

A new malvertising campaign has been observed leveraging ads on Google Search and Bing to target users seeking IT tools like AnyDesk, Cisco AnyConnect VPN, and WinSCP, and trick them into downloading trojanized installers with an aim to breach enterprise networks and likely carry out future ransomware attacks.
Dubbed Nitrogen, the « opportunistic » activity is designed to deploy second-stage

,

A new malvertising campaign has been observed leveraging ads on Google Search and Bing to target users seeking IT tools like AnyDesk, Cisco AnyConnect VPN, and WinSCP, and trick them into downloading trojanized installers with an aim to breach enterprise networks and likely carry out future ransomware attacks.
Dubbed Nitrogen, the « opportunistic » activity is designed to deploy second-stage

, ,
https://thehackernews.com/2023/07/new-malvertising-campaign-distributing.html