Chinese Hackers Deploy Microsoft-Signed Rootkit to Target Gaming Sector

Chinese Hackers Deploy Microsoft-Signed Rootkit to Target Gaming Sector,

Cybersecurity researchers have unearthed a novel rootkit signed by Microsoft that’s engineered to communicate with an actor-controlled attack infrastructure.
Trend Micro has attributed the activity cluster to the same actor that was previously identified as behind the FiveSys rootkit, which came to light in October 2021.
« This malicious actor originates from China and their main victims are the

,

Cybersecurity researchers have unearthed a novel rootkit signed by Microsoft that’s engineered to communicate with an actor-controlled attack infrastructure.
Trend Micro has attributed the activity cluster to the same actor that was previously identified as behind the FiveSys rootkit, which came to light in October 2021.
« This malicious actor originates from China and their main victims are the

, ,
https://thehackernews.com/2023/07/chinese-hackers-deploy-microsoft-signed.html

Python-Based PyLoose Fileless Attack Targets Cloud Workloads for Cryptocurrency Mining

Python-Based PyLoose Fileless Attack Targets Cloud Workloads for Cryptocurrency Mining,

A new fileless attack dubbed PyLoose has been observed striking cloud workloads with the goal of delivering a cryptocurrency miner, new findings from Wiz reveal.
« The attack consists of Python code that loads an XMRig Miner directly into memory using memfd, a known Linux fileless technique, » security researchers Avigayil Mechtinger, Oren Ofer, and Itamar Gilad said. « This is the first publicly

,

A new fileless attack dubbed PyLoose has been observed striking cloud workloads with the goal of delivering a cryptocurrency miner, new findings from Wiz reveal.
« The attack consists of Python code that loads an XMRig Miner directly into memory using memfd, a known Linux fileless technique, » security researchers Avigayil Mechtinger, Oren Ofer, and Itamar Gilad said. « This is the first publicly

, ,
https://thehackernews.com/2023/07/python-based-pyloose-fileless-attack.html

Microsoft Releases Patches for 132 Vulnerabilities, Including 6 Under Active Attack

Microsoft Releases Patches for 132 Vulnerabilities, Including 6 Under Active Attack,

Microsoft on Tuesday released updates to address a total of 132 new security flaws spanning its software, including six zero-day flaws that it said have been actively exploited in the wild.
Of the 132 vulnerabilities, nine are rated Critical, 122 are rated Important in severity, and one has been assigned a severity rating of « None. » This is in addition to eight flaws the tech giant patched in

,

Microsoft on Tuesday released updates to address a total of 132 new security flaws spanning its software, including six zero-day flaws that it said have been actively exploited in the wild.
Of the 132 vulnerabilities, nine are rated Critical, 122 are rated Important in severity, and one has been assigned a severity rating of « None. » This is in addition to eight flaws the tech giant patched in

, ,
https://thehackernews.com/2023/07/microsoft-releases-patches-for-130.html

Hackers Exploit Windows Policy Loophole to Forge Kernel-Mode Driver Signatures

Hackers Exploit Windows Policy Loophole to Forge Kernel-Mode Driver Signatures,

A Microsoft Windows policy loophole has been observed being exploited primarily by native Chinese-speaking threat actors to forge signatures on kernel-mode drivers.
« Actors are leveraging multiple open-source tools that alter the signing date of kernel mode drivers to load malicious and unverified drivers signed with expired certificates, » Cisco Talos said in an exhaustive two-part report shared

,

A Microsoft Windows policy loophole has been observed being exploited primarily by native Chinese-speaking threat actors to forge signatures on kernel-mode drivers.
« Actors are leveraging multiple open-source tools that alter the signing date of kernel mode drivers to load malicious and unverified drivers signed with expired certificates, » Cisco Talos said in an exhaustive two-part report shared

, ,
https://thehackernews.com/2023/07/hackers-exploit-windows-policy-loophole.html

How to Apply MITRE ATT&CK to Your Organization

How to Apply MITRE ATT&CK to Your Organization

,

Discover all the ways MITRE ATT&CK can help you defend your organization. Build your security strategy and policies by making the most of this important framework.
What is the MITRE ATT&CK Framework?
MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a widely adopted framework and knowledge base that outlines and categorizes the tactics, techniques, and procedures (TTPs)

,

Discover all the ways MITRE ATT&CK can help you defend your organization. Build your security strategy and policies by making the most of this important framework.
What is the MITRE ATT&CK Framework?
MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a widely adopted framework and knowledge base that outlines and categorizes the tactics, techniques, and procedures (TTPs)

, ,
https://thehackernews.com/2023/07/how-to-apply-mitre-att-to-your.html

SCARLETEEL Cryptojacking Campaign Exploiting AWS Fargate in Ongoing Campaign

SCARLETEEL Cryptojacking Campaign Exploiting AWS Fargate in Ongoing Campaign,

Cloud environments continue to be at the receiving end of an ongoing advanced attack campaign dubbed SCARLETEEL, with the threat actors now setting their sights on Amazon Web Services (AWS) Fargate.
« Cloud environments are still their primary target, but the tools and techniques used have adapted to bypass new security measures, along with a more resilient and stealthy command and control

,

Cloud environments continue to be at the receiving end of an ongoing advanced attack campaign dubbed SCARLETEEL, with the threat actors now setting their sights on Amazon Web Services (AWS) Fargate.
« Cloud environments are still their primary target, but the tools and techniques used have adapted to bypass new security measures, along with a more resilient and stealthy command and control

, ,
https://thehackernews.com/2023/07/scarleteel-cryptojacking-campaign.html

Beware of Big Head Ransomware: Spreading Through Fake Windows Updates

Beware of Big Head Ransomware: Spreading Through Fake Windows Updates,

A developing piece of ransomware called Big Head is being distributed as part of a malvertising campaign that takes the form of bogus Microsoft Windows updates and Word installers.
Big Head was first documented by Fortinet FortiGuard Labs last month, when it discovered multiple variants of the ransomware that are designed to encrypt files on victims’ machines in exchange for a cryptocurrency

,

A developing piece of ransomware called Big Head is being distributed as part of a malvertising campaign that takes the form of bogus Microsoft Windows updates and Word installers.
Big Head was first documented by Fortinet FortiGuard Labs last month, when it discovered multiple variants of the ransomware that are designed to encrypt files on victims’ machines in exchange for a cryptocurrency

, ,
https://thehackernews.com/2023/07/beware-of-big-head-ransomware-spreading.html

Apple Issues Urgent Patch for Zero-Day Flaw Targeting iOS, iPadOS, macOS, and Safari

Apple Issues Urgent Patch for Zero-Day Flaw Targeting iOS, iPadOS, macOS, and Safari,

Apple has released Rapid Security Response updates for iOS, iPadOS, macOS, and Safari web browser to address a zero-day flaw that it said has been actively exploited in the wild.
The WebKit bug, cataloged as CVE-2023-37450, could allow threat actors to achieve arbitrary code execution when processing specially crafted web content. The iPhone maker said it addressed the issue with improved checks

,

Apple has released Rapid Security Response updates for iOS, iPadOS, macOS, and Safari web browser to address a zero-day flaw that it said has been actively exploited in the wild.
The WebKit bug, cataloged as CVE-2023-37450, could allow threat actors to achieve arbitrary code execution when processing specially crafted web content. The iPhone maker said it addressed the issue with improved checks

, ,
https://thehackernews.com/2023/07/apple-issues-urgent-patch-for-zero-day.html

New Mozilla Feature Blocks Risky Add-Ons on Specific Websites to Safeguard User Security

New Mozilla Feature Blocks Risky Add-Ons on Specific Websites to Safeguard User Security,

Mozilla has announced that some add-ons may be blocked from running on certain sites as part of a new feature called Quarantined Domains.
« We have introduced a new back-end feature to only allow some extensions monitored by Mozilla to run on specific websites for various reasons, including security concerns, » the company said in its Release Notes for Firefox 115.0 released last week.
The company

,

Mozilla has announced that some add-ons may be blocked from running on certain sites as part of a new feature called Quarantined Domains.
« We have introduced a new back-end feature to only allow some extensions monitored by Mozilla to run on specific websites for various reasons, including security concerns, » the company said in its Release Notes for Firefox 115.0 released last week.
The company

, ,
https://thehackernews.com/2023/07/new-mozilla-feature-blocks-risky-add.html

New TOITOIN Banking Trojan Targeting Latin American Businesses

New TOITOIN Banking Trojan Targeting Latin American Businesses,

Businesses operating in the Latin American (LATAM) region are the target of a new Windows-based banking trojan called TOITOIN since May 2023.
« This sophisticated campaign employs a trojan that follows a multi-staged infection chain, utilizing specially crafted modules throughout each stage, » Zscaler researchers Niraj Shivtarkar and Preet Kamal said in a report published last week.
« These modules

,

Businesses operating in the Latin American (LATAM) region are the target of a new Windows-based banking trojan called TOITOIN since May 2023.
« This sophisticated campaign employs a trojan that follows a multi-staged infection chain, utilizing specially crafted modules throughout each stage, » Zscaler researchers Niraj Shivtarkar and Preet Kamal said in a report published last week.
« These modules

, ,
https://thehackernews.com/2023/07/new-toitoin-banking-trojan-targeting.html