Hackers Abusing Windows Search Feature to Install Remote Access Trojans

Hackers Abusing Windows Search Feature to Install Remote Access Trojans,

A legitimate Windows search feature is being exploited by malicious actors to download arbitrary payloads from remote servers and compromise targeted systems with remote access trojans such as AsyncRAT and Remcos RAT.
The novel attack technique, per Trellix, takes advantage of the « search-ms: » URI protocol handler, which offers the ability for applications and HTML links to launch custom local

,

A legitimate Windows search feature is being exploited by malicious actors to download arbitrary payloads from remote servers and compromise targeted systems with remote access trojans such as AsyncRAT and Remcos RAT.
The novel attack technique, per Trellix, takes advantage of the « search-ms: » URI protocol handler, which offers the ability for applications and HTML links to launch custom local

, ,
https://thehackernews.com/2023/07/hackers-abusing-windows-search-feature.html

BlueBravo Deploys GraphicalProton Backdoor Against European Diplomatic Entities

BlueBravo Deploys GraphicalProton Backdoor Against European Diplomatic Entities,

The Russian nation-state actor known as BlueBravo has been observed targeting diplomatic entities throughout Eastern Europe with the goal of delivering a new backdoor called GraphicalProton, exemplifying the continuous evolution of the threat.
The phishing campaign is characterized by the use of legitimate internet services (LIS) for command-and-control (C2) obfuscation, Recorded Future said in

,

The Russian nation-state actor known as BlueBravo has been observed targeting diplomatic entities throughout Eastern Europe with the goal of delivering a new backdoor called GraphicalProton, exemplifying the continuous evolution of the threat.
The phishing campaign is characterized by the use of legitimate internet services (LIS) for command-and-control (C2) obfuscation, Recorded Future said in

, ,
https://thehackernews.com/2023/07/bluebravo-deploys-graphicalproton.html

Major Security Flaw Discovered in Metabase BI Software – Urgent Update Required

Major Security Flaw Discovered in Metabase BI Software – Urgent Update Required,

Users of Metabase, a popular business intelligence and data visualization software package, are being advised to update to the latest version following the discovery of an « extremely severe » flaw that could result in pre-authenticated remote code execution on affected installations.
Tracked as CVE-2023-38646, the issue impacts open-source editions prior to 0.46.6.1 and Metabase Enterprise

,

Users of Metabase, a popular business intelligence and data visualization software package, are being advised to update to the latest version following the discovery of an « extremely severe » flaw that could result in pre-authenticated remote code execution on affected installations.
Tracked as CVE-2023-38646, the issue impacts open-source editions prior to 0.46.6.1 and Metabase Enterprise

, ,
https://thehackernews.com/2023/07/major-security-flaw-discovered-in.html

Cybersecurity Agencies Warn Against IDOR Bugs Exploited for Data Breaches

Cybersecurity Agencies Warn Against IDOR Bugs Exploited for Data Breaches,

Cybersecurity agencies in Australia and the U.S. have published a joint cybersecurity advisory warning against security flaws in web applications that could be exploited by malicious actors to orchestrate data breach incidents and steal confidential data.
This includes a specific class of bugs called Insecure Direct Object Reference (IDOR), a type of access control flaw that occurs when an

,

Cybersecurity agencies in Australia and the U.S. have published a joint cybersecurity advisory warning against security flaws in web applications that could be exploited by malicious actors to orchestrate data breach incidents and steal confidential data.
This includes a specific class of bugs called Insecure Direct Object Reference (IDOR), a type of access control flaw that occurs when an

, ,
https://thehackernews.com/2023/07/cybersecurity-agencies-warn-against.html

GameOver(lay): Two Severe Linux Vulnerabilities Impact 40% of Ubuntu Users

GameOver(lay): Two Severe Linux Vulnerabilities Impact 40% of Ubuntu Users,

Cybersecurity researchers have disclosed two high-severity security flaws in the Ubuntu kernel that could pave the way for local privilege escalation attacks.
Cloud security firm Wiz, in a report shared with The Hacker News, said the easy-to-exploit shortcomings have the potential to impact 40% of Ubuntu users.
« The impacted Ubuntu versions are prevalent in the cloud as they serve as the default

,

Cybersecurity researchers have disclosed two high-severity security flaws in the Ubuntu kernel that could pave the way for local privilege escalation attacks.
Cloud security firm Wiz, in a report shared with The Hacker News, said the easy-to-exploit shortcomings have the potential to impact 40% of Ubuntu users.
« The impacted Ubuntu versions are prevalent in the cloud as they serve as the default

, ,
https://thehackernews.com/2023/07/gameoverlay-two-severe-linux.html

New Malvertising Campaign Distributing Trojanized IT Tools via Google and Bing Search Ads

New Malvertising Campaign Distributing Trojanized IT Tools via Google and Bing Search Ads,

A new malvertising campaign has been observed leveraging ads on Google Search and Bing to target users seeking IT tools like AnyDesk, Cisco AnyConnect VPN, and WinSCP, and trick them into downloading trojanized installers with an aim to breach enterprise networks and likely carry out future ransomware attacks.
Dubbed Nitrogen, the « opportunistic » activity is designed to deploy second-stage

,

A new malvertising campaign has been observed leveraging ads on Google Search and Bing to target users seeking IT tools like AnyDesk, Cisco AnyConnect VPN, and WinSCP, and trick them into downloading trojanized installers with an aim to breach enterprise networks and likely carry out future ransomware attacks.
Dubbed Nitrogen, the « opportunistic » activity is designed to deploy second-stage

, ,
https://thehackernews.com/2023/07/new-malvertising-campaign-distributing.html

The 4 Keys to Building Cloud Security Programs That Can Actually Shift Left

The 4 Keys to Building Cloud Security Programs That Can Actually Shift Left,

As cloud applications are built, tested and updated, they wind their way through an ever-complex series of different tools and teams. Across hundreds or even thousands of technologies that make up the patchwork quilt of development and cloud environments, security processes are all too often applied in only the final phases of software development. 
Placing security at the very end of the

,

As cloud applications are built, tested and updated, they wind their way through an ever-complex series of different tools and teams. Across hundreds or even thousands of technologies that make up the patchwork quilt of development and cloud environments, security processes are all too often applied in only the final phases of software development. 
Placing security at the very end of the

, ,
https://thehackernews.com/2023/07/the-4-keys-to-building-cloud-security.html

Hackers Target Apache Tomcat Servers for Mirai Botnet and Crypto Mining

Hackers Target Apache Tomcat Servers for Mirai Botnet and Crypto Mining,

Misconfigured and poorly secured Apache Tomcat servers are being targeted as part of a new campaign designed to deliver the Mirai botnet malware and cryptocurrency miners.
The findings come courtesy of Aqua, which detected more than 800 attacks against its Tomcat server honeypots over a two-year time period, with 96% of the attacks linked to the Mirai botnet.
Of these attack attempts, 20% (or

,

Misconfigured and poorly secured Apache Tomcat servers are being targeted as part of a new campaign designed to deliver the Mirai botnet malware and cryptocurrency miners.
The findings come courtesy of Aqua, which detected more than 800 attacks against its Tomcat server honeypots over a two-year time period, with 96% of the attacks linked to the Mirai botnet.
Of these attack attempts, 20% (or

, ,
https://thehackernews.com/2023/07/hackers-target-apache-tomcat-servers.html

Group-IB Co-Founder Sentenced to 14 Years in Russian Prison for Alleged High Treason

Group-IB Co-Founder Sentenced to 14 Years in Russian Prison for Alleged High Treason,

A city court in Moscow on Wednesday convicted Group-IB co-founder and CEO Ilya Sachkov of « high treason » and jailed him for 14 years in a « strict regime colony » over accusations of passing information to foreign spies.
« The court found Sachkov guilty under Article 275 of the Russian Criminal Code (high treason) sentencing him to 14 years of incarceration in a maximum-security jail, restriction

,

A city court in Moscow on Wednesday convicted Group-IB co-founder and CEO Ilya Sachkov of « high treason » and jailed him for 14 years in a « strict regime colony » over accusations of passing information to foreign spies.
« The court found Sachkov guilty under Article 275 of the Russian Criminal Code (high treason) sentencing him to 14 years of incarceration in a maximum-security jail, restriction

, ,
https://thehackernews.com/2023/07/group-ib-co-founder-sentenced-to-14.html

New SEC Rules Require U.S. Companies to Reveal Cyber Attacks Within 4 Days

New SEC Rules Require U.S. Companies to Reveal Cyber Attacks Within 4 Days,

The U.S. Securities and Exchange Commission (SEC) on Wednesday approved new rules that require publicly traded companies to publicize details of a cyber attack within four days of identifying that it has a « material » impact on their finances, marking a major shift in how computer breaches are disclosed.
« Whether a company loses a factory in a fire — or millions of files in a cybersecurity

,

The U.S. Securities and Exchange Commission (SEC) on Wednesday approved new rules that require publicly traded companies to publicize details of a cyber attack within four days of identifying that it has a « material » impact on their finances, marking a major shift in how computer breaches are disclosed.
« Whether a company loses a factory in a fire — or millions of files in a cybersecurity

, ,
https://thehackernews.com/2023/07/new-sec-rules-require-us-companies-to.html