North Korean State-Sponsored Hackers Suspected in JumpCloud Supply Chain Attack

North Korean State-Sponsored Hackers Suspected in JumpCloud Supply Chain Attack,

An analysis of the indicators of compromise (IoCs) associated with the JumpCloud hack has uncovered evidence pointing to the involvement of North Korean state-sponsored groups, in a style that’s reminiscent of the supply chain attack targeting 3CX.
The findings come from SentinelOne, which mapped out the infrastructure pertaining to the intrusion to uncover underlying patterns. It’s worth noting

,

An analysis of the indicators of compromise (IoCs) associated with the JumpCloud hack has uncovered evidence pointing to the involvement of North Korean state-sponsored groups, in a style that’s reminiscent of the supply chain attack targeting 3CX.
The findings come from SentinelOne, which mapped out the infrastructure pertaining to the intrusion to uncover underlying patterns. It’s worth noting

, ,
https://thehackernews.com/2023/07/north-korean-state-sponsored-hackers.html

A Few More Reasons Why RDP is Insecure (Surprise!)

A Few More Reasons Why RDP is Insecure (Surprise!),

If it seems like Remote Desktop Protocol (RDP) has been around forever, it’s because it has (at least compared to the many technologies that rise and fall within just a few years.) The initial version, known as « Remote Desktop Protocol 4.0, » was released in 1996 as part of the Windows NT 4.0 Terminal Server edition and allowed users to remotely access and control Windows-based computers over a

,

If it seems like Remote Desktop Protocol (RDP) has been around forever, it’s because it has (at least compared to the many technologies that rise and fall within just a few years.) The initial version, known as « Remote Desktop Protocol 4.0, » was released in 1996 as part of the Windows NT 4.0 Terminal Server edition and allowed users to remotely access and control Windows-based computers over a

, ,
https://thehackernews.com/2023/07/a-few-more-reasons-why-rdp-is-insecure.html

Turla’s New DeliveryCheck Backdoor Breaches Ukrainian Defense Sector

Turla’s New DeliveryCheck Backdoor Breaches Ukrainian Defense Sector

,

The defense sector in Ukraine and Eastern Europe has been targeted by a novel .NET-based backdoor called DeliveryCheck (aka CAPIBAR or GAMEDAY) that’s capable of delivering next-stage payloads.
The Microsoft threat intelligence team, in collaboration with the Computer Emergency Response Team of Ukraine (CERT-UA), attributed the attacks to a Russian nation-state actor known as Turla, which is

,

The defense sector in Ukraine and Eastern Europe has been targeted by a novel .NET-based backdoor called DeliveryCheck (aka CAPIBAR or GAMEDAY) that’s capable of delivering next-stage payloads.
The Microsoft threat intelligence team, in collaboration with the Computer Emergency Response Team of Ukraine (CERT-UA), attributed the attacks to a Russian nation-state actor known as Turla, which is

, ,
https://thehackernews.com/2023/07/turlas-new-deliverycheck-backdoor.html

New P2PInfect Worm Targeting Redis Servers on Linux and Windows Systems

New P2PInfect Worm Targeting Redis Servers on Linux and Windows Systems,

Cybersecurity researchers have uncovered a new cloud targeting, peer-to-peer (P2P) worm called P2PInfect that targets vulnerable Redis instances for follow-on exploitation.
« P2PInfect exploits Redis servers running on both Linux and Windows Operating Systems making it more scalable and potent than other worms, » Palo Alto Networks Unit 42 researchers William Gamazo and Nathaniel Quist said. « This

,

Cybersecurity researchers have uncovered a new cloud targeting, peer-to-peer (P2P) worm called P2PInfect that targets vulnerable Redis instances for follow-on exploitation.
« P2PInfect exploits Redis servers running on both Linux and Windows Operating Systems making it more scalable and potent than other worms, » Palo Alto Networks Unit 42 researchers William Gamazo and Nathaniel Quist said. « This

, ,
https://thehackernews.com/2023/07/new-p2pinfect-worm-targeting-redis.html

Microsoft Expands Cloud Logging to Counter Rising Nation-State Cyber Threats

Microsoft Expands Cloud Logging to Counter Rising Nation-State Cyber Threats,

Microsoft on Wednesday announced that it’s expanding cloud logging capabilities to help organizations investigate cybersecurity incidents and gain more visibility after facing criticism in the wake of a recent espionage attack campaign aimed at its email infrastructure.
The tech giant said it’s making the change in direct response to increasing frequency and evolution of nation-state cyber

,

Microsoft on Wednesday announced that it’s expanding cloud logging capabilities to help organizations investigate cybersecurity incidents and gain more visibility after facing criticism in the wake of a recent espionage attack campaign aimed at its email infrastructure.
The tech giant said it’s making the change in direct response to increasing frequency and evolution of nation-state cyber

, ,
https://thehackernews.com/2023/07/microsoft-expands-cloud-logging-to.html

Adobe Rolls Out New Patches for Actively Exploited ColdFusion Vulnerability

Adobe Rolls Out New Patches for Actively Exploited ColdFusion Vulnerability,

Adobe has released a fresh round of updates to address an incomplete fix for a recently disclosed ColdFusion flaw that has come under active exploitation in the wild.
The critical shortcoming, tracked as CVE-2023-38205 (CVSS score: 7.5), has been described as an instance of improper access control that could result in a security bypass. It impacts the following versions:

ColdFusion 2023 (Update

,

Adobe has released a fresh round of updates to address an incomplete fix for a recently disclosed ColdFusion flaw that has come under active exploitation in the wild.
The critical shortcoming, tracked as CVE-2023-38205 (CVSS score: 7.5), has been described as an instance of improper access control that could result in a security bypass. It impacts the following versions:

ColdFusion 2023 (Update

, ,
https://thehackernews.com/2023/07/adobe-rolls-out-new-patches-for.html

How to Manage Your Attack Surface?

How to Manage Your Attack Surface?,

Attack surfaces are growing faster than security teams can keep up. To stay ahead, you need to know what’s exposed and where attackers are most likely to strike. With cloud migration dramatically increasing the number of internal and external targets, prioritizing threats and managing your attack surface from an attacker’s perspective has never been more important. Let’s look at why it’s growing

,

Attack surfaces are growing faster than security teams can keep up. To stay ahead, you need to know what’s exposed and where attackers are most likely to strike. With cloud migration dramatically increasing the number of internal and external targets, prioritizing threats and managing your attack surface from an attacker’s perspective has never been more important. Let’s look at why it’s growing

, ,
https://thehackernews.com/2023/07/how-to-manage-your-attack-surface.html

CISA and NSA Issue New Guidance to Strengthen 5G Network Slicing Against Threats

CISA and NSA Issue New Guidance to Strengthen 5G Network Slicing Against Threats,

U.S. cybersecurity and intelligence agencies have released a set of recommendations to address security concerns with 5G standalone network slicing and harden them against possible threats.
« The threat landscape in 5G is dynamic; due to this, advanced monitoring, auditing, and other analytical capabilities are required to meet certain levels of network slicing service level requirements over

,

U.S. cybersecurity and intelligence agencies have released a set of recommendations to address security concerns with 5G standalone network slicing and harden them against possible threats.
« The threat landscape in 5G is dynamic; due to this, advanced monitoring, auditing, and other analytical capabilities are required to meet certain levels of network slicing service level requirements over

, ,
https://thehackernews.com/2023/07/cisa-and-nsa-issue-new-guidance-to.html

Chinese APT41 Hackers Target Mobile Devices with New WyrmSpy and DragonEgg Spyware

Chinese APT41 Hackers Target Mobile Devices with New WyrmSpy and DragonEgg Spyware,

The prolific China-linked nation-state actor known as APT41 has been linked to two previously undocumented strains of Android spyware called WyrmSpy and DragonEgg.
« Known for its exploitation of web-facing applications and infiltration of traditional endpoint devices, an established threat actor like APT 41 including mobile in its arsenal of malware shows how mobile endpoints are high-value

,

The prolific China-linked nation-state actor known as APT41 has been linked to two previously undocumented strains of Android spyware called WyrmSpy and DragonEgg.
« Known for its exploitation of web-facing applications and infiltration of traditional endpoint devices, an established threat actor like APT 41 including mobile in its arsenal of malware shows how mobile endpoints are high-value

, ,
https://thehackernews.com/2023/07/chinese-apt41-hackers-target-mobile.html

Exploring the Dark Side: OSINT Tools and Techniques for Unmasking Dark Web Operations

Exploring the Dark Side: OSINT Tools and Techniques for Unmasking Dark Web Operations,

On April 5, 2023, the FBI and Dutch National Police announced the takedown of Genesis Market, one of the largest dark web marketplaces. The operation, dubbed « Operation Cookie Monster, » resulted in the arrest of 119 people and the seizure of over $1M in cryptocurrency. You can read the FBI’s warrant here for details specific to this case. In light of these events, I’d like to discuss how OSINT

,

On April 5, 2023, the FBI and Dutch National Police announced the takedown of Genesis Market, one of the largest dark web marketplaces. The operation, dubbed « Operation Cookie Monster, » resulted in the arrest of 119 people and the seizure of over $1M in cryptocurrency. You can read the FBI’s warrant here for details specific to this case. In light of these events, I’d like to discuss how OSINT

, ,
https://thehackernews.com/2023/07/exploring-dark-side-osint-tools-and.html