Security
Headlines
HeadlinesLatestCVEs

Tag

#cisco

Cybercriminals Exploit Free Software Lures to Deploy Hijack Loader and Vidar Stealer

Threat actors are luring unsuspecting users with free or pirated versions of commercial software to deliver a malware loader called Hijack Loader, which then deploys an information stealer known as Vidar Stealer. "Adversaries had managed to trick users into downloading password-protected archive files containing trojanized copies of a Cisco Webex Meetings App (ptService.exe)," Trellix security

The Hacker News
#web#windows#cisco#git#The Hacker News
How are attackers trying to bypass MFA?

Exploring trends on how attackers are trying to manipulate and bypass MFA, as well as when/how attackers will try their 'push-spray' MFA attacks

Grandoreiro Banking Trojan Hits Brazil as Smishing Scams Surge in Pakistan

Pakistan has become the latest target of a threat actor called the Smishing Triad, marking the first expansion of its footprint beyond the E.U., Saudi Arabia, the U.A.E., and the U.S. "The group's latest tactic involves sending malicious messages on behalf of Pakistan Post to customers of mobile carriers via iMessage and SMS," Resecurity said in a report published earlier this week. "The goal is

North Korea's Moonstone Sleet Widens Distribution of Malicious Code

The recently identified threat actor uses public registries for distribution and has expanded capabilities to disrupt the software supply chain.

How we can separate botnets from the malware operations that rely on them

A botnet is a network of computers or other internet-connected devices that are infected by malware and controlled by a single threat actor or group.

Siemens SIMATIC and SIPLUS

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC, SIPLUS Vulnerabilities: Inadequate Encryption Strength, Improper Restriction of Operations within the Bounds of a Memory Buffer, Race Condition, Injection, Double Free, Integer Overflow or Wraparound, Improper Locking, NULL Pointer Dereference, Use-After-Free, Improper Input Validation, Improper Certificate Validation, Missing Release of Memory after Effective Lifetime, Out-of-bounds Read, Infinite Loop 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to leak memory, create a denial-of-service condition...

Pakistan-linked Malware Campaign Evolves to Target Windows, Android, and macOS

Threat actors with ties to Pakistan have been linked to a long-running malware campaign dubbed Operation Celestial Force since at least 2018. The activity, still ongoing, entails the use of an Android malware called GravityRAT and a Windows-based malware loader codenamed HeavyLift, according to Cisco Talos, which are administered using another standalone tool referred to as GravityAdmin. The

Operation Celestial Force employs mobile and desktop malware to target Indian entities

Cisco Talos is disclosing a new malware campaign called “Operation Celestial Force” running since at least 2018. It is still active today, employing the use of GravityRAT, an Android-based malware, along with a Windows-based malware loader we track as “HeavyLift.”

Pakistani Hacking Team 'Celestial Force' Spies on Indian Gov't, Defense

Against a backdrop of political conflict, a years-long cyber-espionage campaign in South Asia is coming to light.

TellYouThePass Ransomware Group Exploits Critical PHP Flaw

An RCE vulnerability that affects the Web scripting language on Windows systems is easy to exploit and can provide a broad attack surface.