Microsoft Bug Allowed Hackers to Breach Over Two Dozen Organizations via Forged Azure AD Tokens

Microsoft Bug Allowed Hackers to Breach Over Two Dozen Organizations via Forged Azure AD Tokens,

Microsoft on Friday said a validation error in its source code allowed for Azure Active Directory (Azure AD) tokens to be forged by a malicious actor known as Storm-0558 using a Microsoft account (MSA) consumer signing key to breach two dozen organizations.
« Storm-0558 acquired an inactive MSA consumer signing key and used it to forge authentication tokens for Azure AD enterprise and MSA

,

Microsoft on Friday said a validation error in its source code allowed for Azure Active Directory (Azure AD) tokens to be forged by a malicious actor known as Storm-0558 using a Microsoft account (MSA) consumer signing key to breach two dozen organizations.
« Storm-0558 acquired an inactive MSA consumer signing key and used it to forge authentication tokens for Azure AD enterprise and MSA

, ,
https://thehackernews.com/2023/07/microsoft-bug-allowed-hackers-to-breach.html

Critical Security Flaws Uncovered in Honeywell Experion DCS and QuickBlox Services

Critical Security Flaws Uncovered in Honeywell Experion DCS and QuickBlox Services,

Multiple security vulnerabilities have been discovered in various services, including Honeywell Experion distributed control system (DCS) and QuickBlox, that, if successfully exploited, could result in severe compromise of affected systems.
Dubbed Crit.IX, the nine flaws in the Honeywell Experion DCS platform allow for « unauthorized remote code execution, which means an attacker would have

,

Multiple security vulnerabilities have been discovered in various services, including Honeywell Experion distributed control system (DCS) and QuickBlox, that, if successfully exploited, could result in severe compromise of affected systems.
Dubbed Crit.IX, the nine flaws in the Honeywell Experion DCS platform allow for « unauthorized remote code execution, which means an attacker would have

, ,
https://thehackernews.com/2023/07/critical-security-flaws-uncovered-in.html

Defend Against Insider Threats: Join this Webinar on SaaS Security Posture Management

Defend Against Insider Threats: Join this Webinar on SaaS Security Posture Management,

As security practices continue to evolve, one primary concern persists in the minds of security professionals—the risk of employees unintentionally or deliberately exposing vital information. Insider threats, whether originating from deliberate actions or accidental incidents, pose a significant challenge to safeguarding sensitive data.
To effectively address insider risks, organizations must

,

As security practices continue to evolve, one primary concern persists in the minds of security professionals—the risk of employees unintentionally or deliberately exposing vital information. Insider threats, whether originating from deliberate actions or accidental incidents, pose a significant challenge to safeguarding sensitive data.
To effectively address insider risks, organizations must

, ,
https://thehackernews.com/2023/07/defend-against-insider-threats-join.html

AIOS WordPress Plugin Faces Backlash for Storing User Passwords in Plain Text

AIOS WordPress Plugin Faces Backlash for Storing User Passwords in Plain Text,

All-In-One Security (AIOS), a WordPress plugin installed on over one million sites, has issued a security update after a bug introduced in version 5.1.9 of the software caused users’ passwords being added to the database in plaintext format.
« A malicious site administrator (i.e. a user already logged into the site as an admin) could then have read them, » UpdraftPlus, the maintainers of AIOS, 

,

All-In-One Security (AIOS), a WordPress plugin installed on over one million sites, has issued a security update after a bug introduced in version 5.1.9 of the software caused users’ passwords being added to the database in plaintext format.
« A malicious site administrator (i.e. a user already logged into the site as an admin) could then have read them, » UpdraftPlus, the maintainers of AIOS, 

, ,
https://thehackernews.com/2023/07/aios-wordpress-plugin-faces-backlash.html

TeamTNT’s Cloud Credential Stealing Campaign Now Targets Azure and Google Cloud

TeamTNT’s Cloud Credential Stealing Campaign Now Targets Azure and Google Cloud

,

A malicious actor has been linked to a cloud credential stealing campaign in June 2023 that’s focused on Azure and Google Cloud Platform (GCP) services, marking the adversary’s expansion in targeting beyond Amazon Web Services (AWS).
The findings come from SentinelOne and Permiso, which said the « campaigns share similarity with tools attributed to the notorious TeamTNT cryptojacking crew, »

,

A malicious actor has been linked to a cloud credential stealing campaign in June 2023 that’s focused on Azure and Google Cloud Platform (GCP) services, marking the adversary’s expansion in targeting beyond Amazon Web Services (AWS).
The findings come from SentinelOne and Permiso, which said the « campaigns share similarity with tools attributed to the notorious TeamTNT cryptojacking crew, »

, ,
https://thehackernews.com/2023/07/teamtnts-cloud-credential-stealing.html

New SOHO Router Botnet AVrecon Spreads to 70,000 Devices Across 20 Countries

New SOHO Router Botnet AVrecon Spreads to 70,000 Devices Across 20 Countries,

A new malware strain has been found covertly targeting small office/home office (SOHO) routers for more than two years, infiltrating over 70,000 devices and creating a botnet with 40,000 nodes spanning 20 countries.
Lumen Black Lotus Labs has dubbed the malware AVrecon, making it the third such strain to focus on SOHO routers after ZuoRAT and HiatusRAT over the past year.
« This makes AVrecon one

,

A new malware strain has been found covertly targeting small office/home office (SOHO) routers for more than two years, infiltrating over 70,000 devices and creating a botnet with 40,000 nodes spanning 20 countries.
Lumen Black Lotus Labs has dubbed the malware AVrecon, making it the third such strain to focus on SOHO routers after ZuoRAT and HiatusRAT over the past year.
« This makes AVrecon one

, ,
https://thehackernews.com/2023/07/new-soho-router-botnet-avrecon-spreads.html

Zimbra Warns of Critical Zero-Day Flaw in Email Software Amid Active Exploitation

Zimbra Warns of Critical Zero-Day Flaw in Email Software Amid Active Exploitation,

Zimbra has warned of a critical zero-day security flaw in its email software that has come under active exploitation in the wild.
« A security vulnerability in Zimbra Collaboration Suite Version 8.8.15 that could potentially impact the confidentiality and integrity of your data has surfaced, » the company said in an advisory.
It also said that the issue has been addressed and that it’s expected to

,

Zimbra has warned of a critical zero-day security flaw in its email software that has come under active exploitation in the wild.
« A security vulnerability in Zimbra Collaboration Suite Version 8.8.15 that could potentially impact the confidentiality and integrity of your data has surfaced, » the company said in an advisory.
It also said that the issue has been addressed and that it’s expected to

, ,
https://thehackernews.com/2023/07/zimbra-warns-of-critical-zero-day-flaw.html

PicassoLoader Malware Used in Ongoing Attacks on Ukraine and Poland

PicassoLoader Malware Used in Ongoing Attacks on Ukraine and Poland,

Government entities, military organizations, and civilian users in Ukraine and Poland have been targeted as part of a series of campaigns designed to steal sensitive data and gain persistent remote access to the infected systems.
The intrusion set, which stretches from April 2022 to July 2023, leverages phishing lures and decoy documents to deploy a downloader malware called PicassoLoader, which

,

Government entities, military organizations, and civilian users in Ukraine and Poland have been targeted as part of a series of campaigns designed to steal sensitive data and gain persistent remote access to the infected systems.
The intrusion set, which stretches from April 2022 to July 2023, leverages phishing lures and decoy documents to deploy a downloader malware called PicassoLoader, which

, ,
https://thehackernews.com/2023/07/picassoloader-malware-used-in-ongoing.html

TeamTNT’s Silentbob Botnet Infecting 196 Hosts in Cloud Attack Campaign

TeamTNT’s Silentbob Botnet Infecting 196 Hosts in Cloud Attack Campaign

,

As many as 196 hosts have been infected as part of an aggressive cloud campaign mounted by the TeamTNT group called Silentbob.
« The botnet run by TeamTNT has set its sights on Docker and Kubernetes environments, Redis servers, Postgres databases, Hadoop clusters, Tomcat and Nginx servers, Weave Scope, SSH, and Jupyter applications, » Aqua security researchers Ofek Itach and Assaf Morag said in a

,

As many as 196 hosts have been infected as part of an aggressive cloud campaign mounted by the TeamTNT group called Silentbob.
« The botnet run by TeamTNT has set its sights on Docker and Kubernetes environments, Redis servers, Postgres databases, Hadoop clusters, Tomcat and Nginx servers, Weave Scope, SSH, and Jupyter applications, » Aqua security researchers Ofek Itach and Assaf Morag said in a

, ,
https://thehackernews.com/2023/07/teamtnts-silentbob-botnet-infecting-196.html

Fake PoC for Linux Kernel Vulnerability on GitHub Exposes Researchers to Malware

Fake PoC for Linux Kernel Vulnerability on GitHub Exposes Researchers to Malware,

In a sign that cybersecurity researchers continue to be under the radar of malicious actors, a proof-of-concept (PoC) has been discovered on GitHub, concealing a backdoor with a « crafty » persistence method.
« In this instance, the PoC is a wolf in sheep’s clothing, harboring malicious intent under the guise of a harmless learning tool, » Uptycs researchers Nischay Hegde and Siddartha Malladi said.

,

In a sign that cybersecurity researchers continue to be under the radar of malicious actors, a proof-of-concept (PoC) has been discovered on GitHub, concealing a backdoor with a « crafty » persistence method.
« In this instance, the PoC is a wolf in sheep’s clothing, harboring malicious intent under the guise of a harmless learning tool, » Uptycs researchers Nischay Hegde and Siddartha Malladi said.

, ,
https://thehackernews.com/2023/07/blog-post.html