Azure AD Token Forging Technique in Microsoft Attack Extends Beyond Outlook, Wiz Reports

Azure AD Token Forging Technique in Microsoft Attack Extends Beyond Outlook, Wiz Reports,

The recent attack against Microsoft’s email infrastructure by a Chinese nation-state actor referred to as Storm-0558 is said to have a broader scope than previously thought.
According to cloud security company Wiz, the inactive Microsoft account (MSA) consumer signing key used to forge Azure Active Directory (Azure AD or AAD) tokens to gain illicit access to Outlook Web Access (OWA) and

,

The recent attack against Microsoft’s email infrastructure by a Chinese nation-state actor referred to as Storm-0558 is said to have a broader scope than previously thought.
According to cloud security company Wiz, the inactive Microsoft account (MSA) consumer signing key used to forge Azure Active Directory (Azure AD or AAD) tokens to gain illicit access to Outlook Web Access (OWA) and

, ,
https://thehackernews.com/2023/07/azure-ad-token-forging-technique-in.html

HotRat: New Variant of AsyncRAT Malware Spreading Through Pirated Software

HotRat: New Variant of AsyncRAT Malware Spreading Through Pirated Software,

A new variant of AsyncRAT malware dubbed HotRat is being distributed via free, pirated versions of popular software and utilities such as video games, image and sound editing software, and Microsoft Office.
« HotRat malware equips attackers with a wide array of capabilities, such as stealing login credentials, cryptocurrency wallets, screen capturing, keylogging, installing more malware, and

,

A new variant of AsyncRAT malware dubbed HotRat is being distributed via free, pirated versions of popular software and utilities such as video games, image and sound editing software, and Microsoft Office.
« HotRat malware equips attackers with a wide array of capabilities, such as stealing login credentials, cryptocurrency wallets, screen capturing, keylogging, installing more malware, and

, ,
https://thehackernews.com/2023/07/hotrat-new-variant-of-asyncrat-malware.html

Sophisticated BundleBot Malware Disguised as Google AI Chatbot and Utilities

Sophisticated BundleBot Malware Disguised as Google AI Chatbot and Utilities,

A new malware strain known as BundleBot has been stealthily operating under the radar by taking advantage of .NET single-file deployment techniques, enabling threat actors to capture sensitive information from compromised hosts.
« BundleBot is abusing the dotnet bundle (single-file), self-contained format that results in very low or no static detection at all, » Check Point said in a report

,

A new malware strain known as BundleBot has been stealthily operating under the radar by taking advantage of .NET single-file deployment techniques, enabling threat actors to capture sensitive information from compromised hosts.
« BundleBot is abusing the dotnet bundle (single-file), self-contained format that results in very low or no static detection at all, » Check Point said in a report

, ,
https://thehackernews.com/2023/07/sophisticated-bundlebot-malware.html

Local Governments Targeted for Ransomware – How to Prevent Falling Victim

Local Governments Targeted for Ransomware – How to Prevent Falling Victim,

Regardless of the country, local government is essential in most citizens’ lives. It provides many day-to-day services and handles various issues. Therefore, their effects can be far-reaching and deeply felt when security failures occur.
In early 2023, Oakland, California, fell victim to a ransomware attack. Although city officials have not disclosed how the attack occurred, experts suspect a

,

Regardless of the country, local government is essential in most citizens’ lives. It provides many day-to-day services and handles various issues. Therefore, their effects can be far-reaching and deeply felt when security failures occur.
In early 2023, Oakland, California, fell victim to a ransomware attack. Although city officials have not disclosed how the attack occurred, experts suspect a

, ,
https://thehackernews.com/2023/07/local-governments-targeted-for.html

DDoS Botnets Hijacking Zyxel Devices to Launch Devastating Attacks

DDoS Botnets Hijacking Zyxel Devices to Launch Devastating Attacks,

Several distributed denial-of-service (DDoS) botnets have been observed exploiting a critical flaw in Zyxel devices that came to light in April 2023 to gain remote control of vulnerable systems.
« Through the capture of exploit traffic, the attacker’s IP address was identified, and it was determined that the attacks were occurring in multiple regions, including Central America, North America,

,

Several distributed denial-of-service (DDoS) botnets have been observed exploiting a critical flaw in Zyxel devices that came to light in April 2023 to gain remote control of vulnerable systems.
« Through the capture of exploit traffic, the attacker’s IP address was identified, and it was determined that the attacks were occurring in multiple regions, including Central America, North America,

, ,
https://thehackernews.com/2023/07/ddos-botnets-hijacking-zyxel-devices-to.html

Citrix NetScaler ADC and Gateway Devices Under Attack: CISA Urges Immediate Action

Citrix NetScaler ADC and Gateway Devices Under Attack: CISA Urges Immediate Action,

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory on Thursday warning that the newly disclosed critical security flaw in Citrix NetScaler Application Delivery Controller (ADC) and Gateway devices is being abused to drop web shells on vulnerable systems.
« In June 2023, threat actors exploited this vulnerability as a zero-day to drop a web shell on a critical

,

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory on Thursday warning that the newly disclosed critical security flaw in Citrix NetScaler Application Delivery Controller (ADC) and Gateway devices is being abused to drop web shells on vulnerable systems.
« In June 2023, threat actors exploited this vulnerability as a zero-day to drop a web shell on a critical

, ,
https://thehackernews.com/2023/07/citrix-netscaler-adc-and-gateway.html

Mallox Ransomware Exploits Weak MS-SQL Servers to Breach Networks

Mallox Ransomware Exploits Weak MS-SQL Servers to Breach Networks,

Mallox ransomware activities in 2023 have witnessed a 174% increase when compared to the previous year, new findings from Palo Alto Networks Unit 42 reveal.
« Mallox ransomware, like many other ransomware threat actors, follows the double extortion trend: stealing data before encrypting an organization’s files, and then threatening to publish the stolen data on a leak site as leverage to convince

,

Mallox ransomware activities in 2023 have witnessed a 174% increase when compared to the previous year, new findings from Palo Alto Networks Unit 42 reveal.
« Mallox ransomware, like many other ransomware threat actors, follows the double extortion trend: stealing data before encrypting an organization’s files, and then threatening to publish the stolen data on a leak site as leverage to convince

, ,
https://thehackernews.com/2023/07/mallox-ransomware-exploits-weak-ms-sql.html

Critical Flaws in AMI MegaRAC BMC Software Expose Servers to Remote Attacks

Critical Flaws in AMI MegaRAC BMC Software Expose Servers to Remote Attacks,

Two more security flaws have been disclosed in AMI MegaRAC Baseboard Management Controller (BMC) software that, if successfully exploited, could allow threat actors to remotely commandeer vulnerable servers and deploy malware.
« These new vulnerabilities range in severity from High to Critical, including unauthenticated remote code execution and unauthorized device access with superuser

,

Two more security flaws have been disclosed in AMI MegaRAC Baseboard Management Controller (BMC) software that, if successfully exploited, could allow threat actors to remotely commandeer vulnerable servers and deploy malware.
« These new vulnerabilities range in severity from High to Critical, including unauthenticated remote code execution and unauthorized device access with superuser

, ,
https://thehackernews.com/2023/07/critical-flaws-in-ami-megarac-bmc.html

Mallox Ransomware Exploits Weak MS-SQL Servers to Breach Networks

Mallox Ransomware Exploits Weak MS-SQL Servers to Breach Networks,

Mallox ransomware activities in 2023 have witnessed a 174% increase when compared to the previous year, new findings from Palo Alto Networks Unit 42 reveal.
« Mallox ransomware, like many other ransomware threat actors, follows the double extortion trend: stealing data before encrypting an organization’s files, and then threatening to publish the stolen data on a leak site as leverage to convince

,

Mallox ransomware activities in 2023 have witnessed a 174% increase when compared to the previous year, new findings from Palo Alto Networks Unit 42 reveal.
« Mallox ransomware, like many other ransomware threat actors, follows the double extortion trend: stealing data before encrypting an organization’s files, and then threatening to publish the stolen data on a leak site as leverage to convince

, ,
https://thehackernews.com/2023/07/mallox-ransomware-exploits-weak-ms-sql.html

Apache OpenMeetings Web Conferencing Tool Exposed to Critical Vulnerabilities

Apache OpenMeetings Web Conferencing Tool Exposed to Critical Vulnerabilities,

Multiple security flaws have been disclosed in Apache OpenMeetings, a web conferencing solution, that could be potentially exploited by malicious actors to seize control of admin accounts and run malicious code on susceptible servers.
« Attackers can bring the application into an unexpected state, which allows them to take over any user account, including the admin account, » Sonar vulnerability

,

Multiple security flaws have been disclosed in Apache OpenMeetings, a web conferencing solution, that could be potentially exploited by malicious actors to seize control of admin accounts and run malicious code on susceptible servers.
« Attackers can bring the application into an unexpected state, which allows them to take over any user account, including the admin account, » Sonar vulnerability

, ,
https://thehackernews.com/2023/07/apache-openmeetings-web-conferencing.html