News

Hackers Target Bank Networks with new Rootkit to Steal Money from ATM Machines

The Hacker News reports on new attacks by hackers on bank ATM-machines.

A financially motivated threat actor has been observed deploying a previously unknown rootkit targeting Oracle Solaris systems with the goal of compromising Automatic Teller Machine (ATM) switching networks and carrying out unauthorized cash withdrawals at different banks using fraudulent cards.

Threat intelligence and incident response firm Mandiant is tracking the cluster under the moniker UNC2891, with some of the group's tactics, techniques, and procedures sharing overlaps with that of another cluster dubbed UNC1945.

Read further on the Hacker News

by Trilight

U.S. Cybersecurity Agency Publishes List of Free Security Tools and Services

A very comprehensive list of free cybersecurity tools recommended by U.S. Cybersecurity Agency you may find in the news published by the Hacker News.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday published a repository of free tools and services to enable organizations to mitigate, detect, and respond effectively to malicious attacks and further improve their security posture.

The "Free Cybersecurity Services and Tools" resource hub comprises a mix of 101 services provided by CISA, open-source utilities, and other implements offered by private and public sector organizations across the cybersecurity community.

Read further on the Hacker News

by Trilight

Critical Flaws Discovered in Cisco Small Business RV Series Routers

The Hacker News reported on serious flaws found in budget Cisco routes.

Cisco has patched multiple critical security vulnerabilities impacting its RV Series routers that could be weaponized to elevate privileges and execute arbitrary code on affected systems, while also warning of the existence of proof-of-concept (PoC) exploit code targeting some of these bugs.

Three of the 15 flaws, tracked as CVE-2022-20699, CVE-2022-20700, and CVE-2022-20707, carry the highest CVSS rating of 10.0, and affect its Small Business RV160, RV260, RV340, and RV345 Series routers.

Read further in The Hacker News

by Trilight

QNAP Warns of DeadBolt Ransomware Targeting Internet-Facing NAS Devices

The Hacker News reported on new type of Ransomware.

"DeadBolt has been widely targeting all NAS exposed to the Internet without any protection and encrypting users' data for Bitcoin ransom," the company said. "QNAP urges all QNAP NAS users to immediately update QTS to the latest available version."

A query on IoT search engine Censys shows that at least 3,687 devices have been encrypted by the DeadBolt ransomware so far, with most NAS devices located in the U.S., Taiwan, France, Italy, the U.K., Hong Kong, Germany, the Netherlands, Poland, and South Korea.

Read more on The Hacker News

by Trilight

Cisco Releases Patch for Critical Bug Affecting Unified CCMP and Unified CCDM

The Hacker News reported on important patch released by Cisco.

Cisco Systems has rolled out security updates for a critical security vulnerability affecting Unified Contact Center Management Portal (Unified CCMP) and Unified Contact Center Domain Manager (Unified CCDM) that could be exploited by a remote attacker to take control of an affected system.

Tracked as CVE-2022-20658, the vulnerability has been rated 9.6 in severity on the CVSS scoring system, and concerns a privilege escalation flaw arising out of a lack of server-side validation of user permissions that could be weaponized to create rogue Administrator accounts by submitting a crafted HTTP request.

Read further on The Hacker News

by Trilight

Hackers Using Microsoft MSHTML Flaw to Spy on Targeted PCs with Malware

The Hacker News describes he way how the Microsoft flaw is being utilized by hackers.

A new Iranian threat actor has been discovered exploiting a now-addressed critical flaw in the Microsoft Windows MSHTML platform to target Farsi-speaking victims with a new PowerShell-based information stealer designed to harvest extensive details from infected machines.

"The stealer is a PowerShell script, short with powerful collection capabilities in only ~150 lines, it provides the adversary a lot of critical information including screen captures, Telegram files, document collection, and extensive data about the victim's environment," SafeBreach Labs researcher Tomer Bar said in a report published Wednesday.

Read more on The Hacker News

by Trilight

Navigating The Threat Landscape 2021: From Ransomware to Botnets

The Hacker News studies Global Threat Landscape Report which indicates a drastic rise in sophisticated cyberattacks targeting digital infrastructures, organizations, and individuals in 2021.

When new threats emerge, attackers take advantage of them, however, most businesses are only aware of the current threats. Organizations struggle to address these threats due to their resource sophistication and their lack of understanding of evolving threat landscapes. For these reasons, organizations need visibility on the advanced threats especially targeting their infrastructure. This article will outline the evolution in the cyber threat landscape 2021.

Read further on The Hacker News

by Trilight

Penetration Testing Your AWS Environment: A CTO's Guide

The Hacker News explains how AWS environment should assessed from the point of view of cybersecurity.

There are many options available, and knowing what you need will help you make your often limited security budget go as far as possible. Broadly, the key focus areas for most penetration tests involving AWS:

• Your externally accessible cloud infrastructure
• Any application(s) you're building or hosting
• Your internal cloud infrastructure
• Your AWS configuration itself
• Secrets management

Read further on The Hacker News

by Trilight