GoDaddy Discloses Multi-Year Security Breach Causing Malware Installations and Source Code Theft

GoDaddy Discloses Multi-Year Security Breach Causing Malware Installations and Source Code Theft,

Web hosting services provider GoDaddy on Friday disclosed a multi-year security breach that enabled unknown threat actors to install malware and siphon source code related to some of its services.
The company attributed the campaign to a « sophisticated and organized group targeting hosting services. »
GoDaddy said in December 2022, it received an unspecified number of customer complaints about

,

Web hosting services provider GoDaddy on Friday disclosed a multi-year security breach that enabled unknown threat actors to install malware and siphon source code related to some of its services.
The company attributed the campaign to a « sophisticated and organized group targeting hosting services. »
GoDaddy said in December 2022, it received an unspecified number of customer complaints about

, ,
https://thehackernews.com/2023/02/godaddy-discloses-multi-year-security.html

Experts Warn of RambleOn Android Malware Targeting South Korean Journalists

Experts Warn of RambleOn Android Malware Targeting South Korean Journalists,

Suspected North Korean nation-state actors targeted a journalist in South Korea with a malware-laced Android app as part of a social engineering campaign.
The findings come from South Korea-based non-profit Interlab, which coined the new malware RambleOn.
The malicious functionalities include the « ability to read and leak target’s contact list, SMS, voice call content, location and others from

,

Suspected North Korean nation-state actors targeted a journalist in South Korea with a malware-laced Android app as part of a social engineering campaign.
The findings come from South Korea-based non-profit Interlab, which coined the new malware RambleOn.
The malicious functionalities include the « ability to read and leak target’s contact list, SMS, voice call content, location and others from

, ,
https://thehackernews.com/2023/02/experts-warn-of-rambleon-android.html

⚡Top Cybersecurity News Stories This Week — Cybersecurity Newsletter

⚡Top Cybersecurity News Stories This Week — Cybersecurity Newsletter,

Hey 👋 there, cyber friends!
Welcome to this week’s cybersecurity newsletter, where we aim to keep you informed and empowered in the ever-changing world of cyber threats.
In today’s edition, we will cover some interesting developments in the cybersecurity landscape and share some insightful analysis of each to help you protect yourself against potential attacks.
1. Apple 📱 Devices Hacked with

,

Hey 👋 there, cyber friends!
Welcome to this week’s cybersecurity newsletter, where we aim to keep you informed and empowered in the ever-changing world of cyber threats.
In today’s edition, we will cover some interesting developments in the cybersecurity landscape and share some insightful analysis of each to help you protect yourself against potential attacks.
1. Apple 📱 Devices Hacked with

, ,
https://thehackernews.com/2023/02/top-cybersecurity-news-stories-this.html

Armenian Entities Hit by New Version of OxtaRAT Spying Tool

Armenian Entities Hit by New Version of OxtaRAT Spying Tool,

Entities in Armenia have come under a cyber attack using an updated version of a backdoor called OxtaRAT that allows remote access and desktop surveillance.
« The tool capabilities include searching for and exfiltrating files from the infected machine, recording the video from the web camera and desktop, remotely controlling the compromised machine with TightVNC, installing a web shell,

,

Entities in Armenia have come under a cyber attack using an updated version of a backdoor called OxtaRAT that allows remote access and desktop surveillance.
« The tool capabilities include searching for and exfiltrating files from the infected machine, recording the video from the web camera and desktop, remotely controlling the compromised machine with TightVNC, installing a web shell,

, ,
https://thehackernews.com/2023/02/armenian-entities-hit-by-new-version-of.html

New Mirai Botnet Variant ‘V3G4’ Exploiting 13 Flaws to Target Linux and IoT Devices

New Mirai Botnet Variant ‘V3G4’ Exploiting 13 Flaws to Target Linux and IoT Devices

,

A new variant of the notorious Mirai botnet has been found leveraging several security vulnerabilities to propagate itself to Linux and IoT devices.
Observed during the second half of 2022, the new version has been dubbed V3G4 by Palo Alto Networks Unit 42, which identified three different campaigns likely conducted by the same threat actor.
« Once the vulnerable devices are compromised, they

,

A new variant of the notorious Mirai botnet has been found leveraging several security vulnerabilities to propagate itself to Linux and IoT devices.
Observed during the second half of 2022, the new version has been dubbed V3G4 by Palo Alto Networks Unit 42, which identified three different campaigns likely conducted by the same threat actor.
« Once the vulnerable devices are compromised, they

, ,
https://thehackernews.com/2023/02/new-mirai-botnet-variant-v3g4.html

Critical RCE Vulnerability Discovered in ClamAV Open Source Antivirus Software

Critical RCE Vulnerability Discovered in ClamAV Open Source Antivirus Software,

Cisco has rolled out security updates to address a critical flaw reported in the ClamAV open source antivirus engine that could lead to remote code execution on susceptible devices.
Tracked as CVE-2023-20032 (CVSS score: 9.8), the issue relates to a case of remote code execution residing in the HFS+ file parser component.
The flaw affects versions 1.0.0 and earlier, 0.105.1 and earlier, and

,

Cisco has rolled out security updates to address a critical flaw reported in the ClamAV open source antivirus engine that could lead to remote code execution on susceptible devices.
Tracked as CVE-2023-20032 (CVSS score: 9.8), the issue relates to a case of remote code execution residing in the HFS+ file parser component.
The flaw affects versions 1.0.0 and earlier, 0.105.1 and earlier, and

, ,
https://thehackernews.com/2023/02/critical-rce-vulnerability-discovered.html

Researchers Hijack Popular NPM Package with Millions of Downloads

Researchers Hijack Popular NPM Package with Millions of Downloads,

A popular npm package with more than 3.5 million weekly downloads has been found vulnerable to an account takeover attack.
« The package can be taken over by recovering an expired domain name for one of its maintainers and resetting the password, » software supply chain security company Illustria said in a report.
While npm’s security protections limit users to have only one active email address

,

A popular npm package with more than 3.5 million weekly downloads has been found vulnerable to an account takeover attack.
« The package can be taken over by recovering an expired domain name for one of its maintainers and resetting the password, » software supply chain security company Illustria said in a report.
While npm’s security protections limit users to have only one active email address

, ,
https://thehackernews.com/2023/02/researchers-hijack-popular-npm-package.html

Researchers Link SideWinder Group to Dozens of Targeted Attacks in Multiple Countries

Researchers Link SideWinder Group to Dozens of Targeted Attacks in Multiple Countries,

The prolific SideWinder group has been attributed as the nation-state actor behind attempted attacks against 61 entities in Afghanistan, Bhutan, Myanmar, Nepal, and Sri Lanka between June and November 2021.
Targets included government, military, law enforcement, banks, and other organizations, according to an exhaustive report published by Group-IB, which also found links between the adversary

,

The prolific SideWinder group has been attributed as the nation-state actor behind attempted attacks against 61 entities in Afghanistan, Bhutan, Myanmar, Nepal, and Sri Lanka between June and November 2021.
Targets included government, military, law enforcement, banks, and other organizations, according to an exhaustive report published by Group-IB, which also found links between the adversary

, ,
https://thehackernews.com/2023/02/researchers-link-sidewinder-group-to.html

Hackers Using Google Ads to Spread FatalRAT Malware Disguised as Popular Apps

Hackers Using Google Ads to Spread FatalRAT Malware Disguised as Popular Apps,

Chinese-speaking individuals in Southeast and East Asia are the targets of a new rogue Google Ads campaign that delivers remote access trojans such as FatalRAT to compromised machines.
The attacks involve purchasing ad slots to appear in Google search results that direct users searching for popular applications to rogue websites hosting trojanized installers, ESET said in a report published

,

Chinese-speaking individuals in Southeast and East Asia are the targets of a new rogue Google Ads campaign that delivers remote access trojans such as FatalRAT to compromised machines.
The attacks involve purchasing ad slots to appear in Google search results that direct users searching for popular applications to rogue websites hosting trojanized installers, ESET said in a report published

, ,
https://thehackernews.com/2023/02/hackers-using-google-ads-to-spread.html

Researchers Warn of Critical Security Bugs in Schneider Electric Modicon PLCs

Researchers Warn of Critical Security Bugs in Schneider Electric Modicon PLCs,

Security researchers have disclosed two new vulnerabilities affecting Schneider Electric Modicon programmable logic controllers (PLCs) that could allow for authentication bypass and remote code execution.
The flaws, tracked as CVE-2022-45788 (CVSS score: 7.5) and CVE-2022-45789 (CVSS score: 8.1), are part of a broader collection of security defects tracked by Forescout as OT:ICEFALL.
Successful

,

Security researchers have disclosed two new vulnerabilities affecting Schneider Electric Modicon programmable logic controllers (PLCs) that could allow for authentication bypass and remote code execution.
The flaws, tracked as CVE-2022-45788 (CVSS score: 7.5) and CVE-2022-45789 (CVSS score: 8.1), are part of a broader collection of security defects tracked by Forescout as OT:ICEFALL.
Successful

, ,
https://thehackernews.com/2023/02/researchers-warn-of-critical-security.html