Researchers Uncover AWS SSM Agent Misuse as a Covert Remote Access Trojan

Researchers Uncover AWS SSM Agent Misuse as a Covert Remote Access Trojan,

Cybersecurity researchers have discovered a new post-exploitation technique in Amazon Web Services (AWS) that allows the AWS Systems Manager Agent (SSM Agent) to be run as a remote access trojan on Windows and Linux environments
« The SSM agent, a legitimate tool used by admins to manage their instances, can be re-purposed by an attacker who has achieved high privilege access on an endpoint with

,

Cybersecurity researchers have discovered a new post-exploitation technique in Amazon Web Services (AWS) that allows the AWS Systems Manager Agent (SSM Agent) to be run as a remote access trojan on Windows and Linux environments
« The SSM agent, a legitimate tool used by admins to manage their instances, can be re-purposed by an attacker who has achieved high privilege access on an endpoint with

, ,
https://thehackernews.com/2023/08/researchers-uncover-aws-ssm-agent.html

Iranian Company Cloudzy Accused of Aiding Cybercriminals and Nation-State Hackers

Iranian Company Cloudzy Accused of Aiding Cybercriminals and Nation-State Hackers,

Services offered by an obscure Iranian company known as Cloudzy are being leveraged by multiple threat actors, including cybercrime groups and nation-state crews.
« Although Cloudzy is incorporated in the United States, it almost certainly operates out of Tehran, Iran – in possible violation of U.S. sanctions – under the direction of someone 
going by the name Hassan Nozari, » Halcyon said in a

,

Services offered by an obscure Iranian company known as Cloudzy are being leveraged by multiple threat actors, including cybercrime groups and nation-state crews.
« Although Cloudzy is incorporated in the United States, it almost certainly operates out of Tehran, Iran – in possible violation of U.S. sanctions – under the direction of someone 
going by the name Hassan Nozari, » Halcyon said in a

, ,
https://thehackernews.com/2023/08/iranian-company-cloudzy-accused-of.html

Norwegian Entities Targeted in Ongoing Attacks Exploiting Ivanti EPMM Vulnerability

Norwegian Entities Targeted in Ongoing Attacks Exploiting Ivanti EPMM Vulnerability,

Advanced persistent threat (APT) actors exploited a recently disclosed critical flaw impacting Ivanti Endpoint Manager Mobile (EPMM) as a zero-day since at least April 2023 in attacks directed against Norwegian entities, including a government network.
The disclosure comes as part of a new joint advisory released by the Cybersecurity and Infrastructure Security Agency (CISA) and the Norwegian

,

Advanced persistent threat (APT) actors exploited a recently disclosed critical flaw impacting Ivanti Endpoint Manager Mobile (EPMM) as a zero-day since at least April 2023 in attacks directed against Norwegian entities, including a government network.
The disclosure comes as part of a new joint advisory released by the Cybersecurity and Infrastructure Security Agency (CISA) and the Norwegian

, ,
https://thehackernews.com/2023/08/norwegian-entities-targeted-in-ongoing.html

New NodeStealer Targeting Facebook Business Accounts and Crypto Wallets

New NodeStealer Targeting Facebook Business Accounts and Crypto Wallets,

Cybersecurity researchers have unearthed a Python variant of a stealer malware NodeStealer that’s equipped to fully take over Facebook business accounts as well as siphon cryptocurrency.
Palo Alto Network Unit 42 said it detected the previously undocumented strain as part of a campaign that commenced in December 2022.
NodeStealer was first exposed by Meta in May 2023, describing it as a stealer

,

Cybersecurity researchers have unearthed a Python variant of a stealer malware NodeStealer that’s equipped to fully take over Facebook business accounts as well as siphon cryptocurrency.
Palo Alto Network Unit 42 said it detected the previously undocumented strain as part of a campaign that commenced in December 2022.
NodeStealer was first exposed by Meta in May 2023, describing it as a stealer

, ,
https://thehackernews.com/2023/08/new-nodestealer-targeting-facebook.html

European Bank Customers Targeted in SpyNote Android Trojan Campaign

European Bank Customers Targeted in SpyNote Android Trojan Campaign,

Various European customers of different banks are being targeted by an Android banking trojan called SpyNote as part of an aggressive campaign detected in June and July 2023.
« The spyware is distributed through email phishing or smishing campaigns and the fraudulent activities are executed with a combination of remote access trojan (RAT) capabilities and vishing attack, » Italian cybersecurity

,

Various European customers of different banks are being targeted by an Android banking trojan called SpyNote as part of an aggressive campaign detected in June and July 2023.
« The spyware is distributed through email phishing or smishing campaigns and the fraudulent activities are executed with a combination of remote access trojan (RAT) capabilities and vishing attack, » Italian cybersecurity

, ,
https://thehackernews.com/2023/08/european-bank-customers-targeted-in.html

What is Data Security Posture Management (DSPM)?

What is Data Security Posture Management (DSPM)?,

Data Security Posture Management is an approach to securing cloud data by ensuring that sensitive data always has the correct security posture – regardless of where it’s been duplicated or moved to.
So, what is DSPM? Here’s a quick example:
Let’s say you’ve built an excellent security posture for your cloud data. For the sake of this example, your data is in production, it’s protected behind a

,

Data Security Posture Management is an approach to securing cloud data by ensuring that sensitive data always has the correct security posture – regardless of where it’s been duplicated or moved to.
So, what is DSPM? Here’s a quick example:
Let’s say you’ve built an excellent security posture for your cloud data. For the sake of this example, your data is in production, it’s protected behind a

, ,
https://thehackernews.com/2023/08/what-is-data-security-posture.html

Researchers Expose Space Pirates’ Cyber Campaign Across Russia and Serbia

Researchers Expose Space Pirates’ Cyber Campaign Across Russia and Serbia

,

The threat actor known as Space Pirates has been linked to attacks against at least 16 organizations in Russia and Serbia over the past year by employing novel tactics and adding new cyber weapons to its arsenal.
« The cybercriminals’ main goals are still espionage and theft of confidential information, but the group has expanded its interests and the geography of its attacks, » Positive

,

The threat actor known as Space Pirates has been linked to attacks against at least 16 organizations in Russia and Serbia over the past year by employing novel tactics and adding new cyber weapons to its arsenal.
« The cybercriminals’ main goals are still espionage and theft of confidential information, but the group has expanded its interests and the geography of its attacks, » Positive

, ,
https://thehackernews.com/2023/08/researchers-expose-space-pirate-cyber.html

China’s APT31 Suspected in Attacks on Air-Gapped Systems in Eastern Europe

China’s APT31 Suspected in Attacks on Air-Gapped Systems in Eastern Europe

,

A nation-state actor with links to China is suspected of being behind a series of attacks against industrial organizations in Eastern Europe that took place last year to siphon data stored on air-gapped systems.
Cybersecurity company Kaspersky attributed the intrusions with medium to high confidence to a hacking crew called APT31, which is also tracked under the monikers Bronze Vinewood,

,

A nation-state actor with links to China is suspected of being behind a series of attacks against industrial organizations in Eastern Europe that took place last year to siphon data stored on air-gapped systems.
Cybersecurity company Kaspersky attributed the intrusions with medium to high confidence to a hacking crew called APT31, which is also tracked under the monikers Bronze Vinewood,

, ,
https://thehackernews.com/2023/08/chinas-apt31-suspected-in-attacks-on.html

Cybercriminals Renting WikiLoader to Target Italian Organizations with Banking Trojan

Cybercriminals Renting WikiLoader to Target Italian Organizations with Banking Trojan,

Organizations in Italy are the target of a new phishing campaign that leverages a new strain of malware called WikiLoader with an ultimate aim to install a banking trojan, stealer, and spyware called Ursnif (aka Gozi).
« It is a sophisticated downloader with the objective of installing a second malware payload, » Proofpoint said in a technical report. « The malware uses multiple mechanisms to evade

,

Organizations in Italy are the target of a new phishing campaign that leverages a new strain of malware called WikiLoader with an ultimate aim to install a banking trojan, stealer, and spyware called Ursnif (aka Gozi).
« It is a sophisticated downloader with the objective of installing a second malware payload, » Proofpoint said in a technical report. « The malware uses multiple mechanisms to evade

, ,
https://thehackernews.com/2023/08/cybercriminals-renting-wikiloader-to.html

New P2PInfect Worm Targets Redis Servers with Undocumented Breach Methods

New P2PInfect Worm Targets Redis Servers with Undocumented Breach Methods,

The P2PInfect peer-to-peer (P2) worm has been observed employing previously undocumented initial access methods to breach susceptible Redis servers and rope them into a botnet.
« The malware compromises exposed instances of the Redis data store by exploiting the replication feature, » Cado Security researchers Nate Bill and Matt Muir said in a report shared with The Hacker News.
« A common attack

,

The P2PInfect peer-to-peer (P2) worm has been observed employing previously undocumented initial access methods to breach susceptible Redis servers and rope them into a botnet.
« The malware compromises exposed instances of the Redis data store by exploiting the replication feature, » Cado Security researchers Nate Bill and Matt Muir said in a report shared with The Hacker News.
« A common attack

, ,
https://thehackernews.com/2023/07/new-p2pinfect-worm-targets-redis.html