The volume of Fortinet boxes exposed to the public internet and vulnerable to a month-old critical security flaw in FortiOS is still extremely high, despite a gradual increase in patching.

According to security nonprofit Shadowserver’s latest data, the number of Fortinet appliances vulnerable to CVE-2024-21762 stands at more than 133,000 – down only slightly from more than 150,000 ten days prior.…

Read More

AhnLab SEcurity intelligence Center (ASEC) recently confirmed that the Kimsuky group distributed malware disguised as an installer for domestic public institutions. The malware in question is a dropper, which creates Endoor , a backdoor malware used in the attack discussed in the past article “TrollAgent (Kimsuky group) infected during security program installation” [1] .…

Read More

Filipino police rescued 875 “workers” – including 504 foreigners – in a raid late last week on a firm that posed as an online gaming company but in reality operated a forced labor camp that housed romance scam operators.

A video of the raid on the Tarlac Pogo firm posted last Thursday shows the nation’s Criminal Investigation and Detection Group (CIDG) entering what appears to be an office housing rows of workers in front of computers.…

Read More

Since early 2022, we have been monitoring an APT campaign that targets several government entities worldwide, with a strong focus in Southeast Asia, but also seen targeting Europe, America, and Africa.

Introduction

Since early 2022, we have been monitoring an APT campaign that targets several government entities worldwide, with a strong focus in Southeast Asia, but also seen targeting Europe, America, and Africa.…

Read More
Listen to the article 2 min feedback. Dive Brief: Critical infrastructure providers were heavily targeted in 2023, accounting for 62% of all industry-related cyberattacks tracked from September through December of last year, BlackBerry said in a report released Thursday. The report showed a 27% increase in the use of novel malware, indicating threat actors were actively working to evade traditional defenses.…
Read More

The ransomware actor ‘ShadowSyndicate’ was observed scanning for servers vulnerable to CVE-2024-23334, a directory traversal vulnerability in the aiohttp Python library.

Aiohttp is an open-source library built on top of Python’s asynchronous I/O framework, Asyncio, to handle large amounts of concurrent HTTP requests without traditional thread-based networking.…

Read More

GhostSec, a significant member of The Five Families, has garnered substantial attention with the latest research, following their recent twin ransomware attack with Stormous –another Five Families affiliated threat group. Researchers and the group itself allege that this group, supposedly initially linked with Anonymous and often identified as vigilante hackers, had taken on the responsibility of combating extremist content and activities on the internet, explicitly targeting ISIS when they first emerged.…

Read More

Fortinet has patched a critical remote code execution (RCE) vulnerability in its FortiClient Enterprise Management Server (EMS) for managing endpoint devices.

The flaw, identified as CVE-2024-48788, stems from an SQL injection error in a direct-attached storage component of the server. It gives unauthenticated attackers a way to execute arbitrary code and commands with system admin privileges on affected systems, using specially crafted requests.…

Read More

Written by World Watch team from CERT Orange Cyberdefense (Marine PICHON, Vincent HINDERER, Maël SARP and Ziad MASLAH) and Sekoia TDR team (Livia TIBIRNA, Amaury G. and Grégoire CLERMONT)

TL;DR Residential proxies are intermediaries that allow an Internet connection to appear as coming from another host; This method allows a user to hide the real origin and get an enhanced privacy or an access to geo-restricted content; Residential proxies represent a growing threat in cyberspace, frequently used by attacker groups to hide among legitimate traffic, but also in a legitimate way; The ecosystem of these proxies is characterised by a fragmented and deregulated offering in legitimate and cybercrime webmarkets; To obtain an infrastructure up to several million hosts, residential proxies providers use techniques that can mislead users who install third-party software; With millions of IP addresses available, they represent a massive challenge to be detected by contemporary security solutions; Defending against this threat requires increased vigilance over the origin of traffic, which may not be what it seems, underlining the importance of a cautious and informed approach to managing network traffic; This joint report is built on extensive research from Sekoia.io…
Read More

The United States is spearheading the first United Nations resolution on artificial intelligence, aimed at ensuring the new technology is “safe, secure and trustworthy” and that all countries, especially those in the developing world, have equal access.

The draft General Assembly resolution aims to close the digital divide between countries and make sure they are all at the table in discussions on AI — and that they have the technology and capabilities to take advantage of its benefits, including detecting diseases, predicting floods and training the next generation of workers.…

Read More

GitHub users accidentally exposed 12.8 million authentication and sensitive secrets in over 3 million public repositories during 2023, with the vast majority remaining valid after five days.

This is according to cybersecurity experts at GitGuardian, who sent out 1.8 million complimentary email alerts to those who exposed secrets, seeing only a tiny 1.8% of those contacted taking quick action to correct the error.…

Read More

The Justice Department is stepping up its focus on artificial intelligence, with officials warning Thursday that companies and people who deliberately misuse the technology to advance a white-collar crime like price fixing, fraud or market manipulation will be at risk for a harsher sentence.

Deputy Attorney General Lisa Monaco said the Justice Department will take into account how well a company is managing the risks of AI technology each time it assesses a corporate compliance program.…

Read More

MASEPIE, a new backdoor replacing Headlace to facilitate follow-on actions. In addition to MASEPIE, ITG05 developed another new backdoor dubbed OCEANMAP. X-Force analysis revealed the code basis of CREDOMAP was likely used in the creation of OCEANMAP. In place of CREDOMAP, ITG05 has opted for the use of a new simplified PowerShell script named STEELHOOK.…

Read More

Chinese threat actors strike again

Users of a Tibetan language translation app and website visitors to a Buddhist festival were compromised by a focused watering-hole malware connected to a Chinese threat group.

According to recent data from ESET, the so-called Evasive Panda hacking team’s cyber-operations campaign started in September 2023 or earlier and impacted systems in Taiwan, Hong Kong, Taiwan, Australia, and the United States.…

Read More