Chinese Hackers Spotted Using New UEFI Firmware Implant in Targeted Attacks

Chinese Hackers Spotted Using New UEFI Firmware Implant in Targeted Attacks

A previously undocumented firmware implant deployed to maintain stealthy persistence as part of a targeted espionage campaign has been linked to the Chinese-speaking Winnti advanced persistent threat group (APT41). Kaspersky, which codenamed the rootkit MoonBounce, characterized the malware as the "most advanced UEFI firmware implant discovered in the wild to date," adding "the purpose of...

U.S. Sanctions 4 Ukrainians for Working with Russia to Destabilize Ukraine

U.S. Sanctions 4 Ukrainians for Working with Russia to Destabilize Ukraine

The U.S. Treasury Department on Thursday announced sanctions against four current and former Ukrainian government officials for engaging in "Russian government-directed influence activities" in the country, including gathering sensitive information about its critical infrastructure. The agency said the four individuals were involved in different roles as part of a concerted...

Cisco Issues Patch for Critical RCE Vulnerability in RCM for StarOS Software

Cisco Issues Patch for Critical RCE Vulnerability in RCM for StarOS Software

Cisco Systems has rolled out fixes for a critical security flaw affecting Redundancy Configuration Manager (RCM) for Cisco StarOS Software that could be weaponized by an unauthenticated, remote attacker to execute arbitrary code and take over vulnerable machines. Tracked as CVE-2022-20649 (CVSS score: 9.0), the vulnerability stems from the fact that the...

Google Details Two Zero-Day Bugs Reported in Zoom Clients and MMR Servers

Google Details Two Zero-Day Bugs Reported in Zoom Clients and MMR Servers

An exploration of zero-click attack surface for the popular video conferencing solution Zoom has yielded two previously undisclosed security vulnerabilities that could be exploited to crash the service, execute malicious code, and even leak arbitrary areas of its memory. Natalie Silvanovich of Google Project Zero, who discovered and reported the two flaws last year, said...

Interpol Busted 11 Members of Nigerian BEC Cybercrime Gang

Interpol Busted 11 Members of Nigerian BEC Cybercrime Gang

A coordinated law enforcement operation has resulted in the arrest of 11 members allegedly belonging to a Nigerian cybercrime gang notorious for perpetrating business email compromise (BEC) attacks targeting more than 50,000 victims in recent years. The disruption of the BEC network is the result of a ten-day investigation dubbed Operation...

A Trip to the Dark Site — Leak Sites Analyzed

A Trip to the Dark Site — Leak Sites Analyzed

Gone are the days when ransomware operators were happy with encrypting files on-site and more or less discretely charged their victims money for a decryption key. What we commonly find now is encryption with the additional threat of leaking stolen data, generally called Double-Extortion (or, as we like to call...

DoNot Hacking Team Targeting Government and Military Entities in South Asia

DoNot Hacking Team Targeting Government and Military Entities in South Asia

A threat actor with potential links to an Indian cybersecurity company has been nothing if remarkably persistent in its attacks against military organizations based in South Asia, including Bangladesh, Nepal, and Sri Lanka, since at least September 2020 by deploying different variants of its bespoke malware framework. Slovak cybersecurity firm...

New BHUNT Password Stealer Malware Targeting Cryptocurrency Wallets

New BHUNT Password Stealer Malware Targeting Cryptocurrency Wallets

A new evasive crypto wallet stealer named BHUNT has been spotted in the wild with the goal of financial gain, adding to a list of digital currency stealing malware such as CryptBot, Redline Stealer, and WeSteal. "BHUNT is a modular stealer written in .NET, capable of exfiltrating wallet (Exodus, Electrum, Atomic, Jaxx,...

Microsoft: Hackers Exploiting New SolarWinds Serv-U Bug Related to Log4j Attacks

Microsoft: Hackers Exploiting New SolarWinds Serv-U Bug Related to Log4j Attacks

Microsoft on Wednesday disclosed details of a new security vulnerability in SolarWinds Serv-U software that it said was being weaponized by threat actors to propagate attacks leveraging the Log4j flaws to compromise targets. Tracked as CVE-2021-35247 (CVSS score: 5.3), the issue is an " input validation vulnerability that could allow attackers to...

Cyber Threat Protection — It All Starts with Visibility

Cyber Threat Protection — It All Starts with Visibility

Just as animals use their senses to detect danger, cybersecurity depends on sensors to identify signals in the computing environment that may signal danger. The more highly tuned, diverse and coordinated the senses, the more likely one is to detect important signals that indicate danger. This, however, can be a...

Russian Hackers Heavily Using Malicious Traffic Direction System to Distribute Malware

Russian Hackers Heavily Using Malicious Traffic Direction System to Distribute Malware

Potential connections between a subscription-based crimeware-as-a-service (Caas) solution and a cracked copy of Cobalt Strike have been established in what the researchers suspect is being offered as a tool for its customers to stage post-exploitation activities. Prometheus, as the service is called, first came to light in August 2021 when...

FIN8 Hackers Spotted Using New ‘White Rabbit’ Ransomware in Recent Attacks

FIN8 Hackers Spotted Using New ‘White Rabbit’ Ransomware in Recent Attacks

The financially motivated FIN8 actor, in all likelihood, has resurfaced with a never-before-seen ransomware strain called "White Rabbit" that was recently deployed against a local bank in the U.S. in December 2021. That's according to new findings published by Trend Micro, calling out the malware's overlaps with Egregor, which was taken...

DDoS IRC Bot Malware Spreading Through Korean WebHard Platforms

DDoS IRC Bot Malware Spreading Through Korean WebHard Platforms

An IRC (Internet Relay Chat) bot strain programmed in GoLang is being used to launch distributed denial-of-service (DDoS) attacks targeting users in Korea. "The malware is being distributed under the guise of adult games," researchers from AhnLab's Security Emergency-response Center (ASEC) said in a new report published on Wednesday. "Additionally, the DDoS malware...

Ukraine: Recent Cyber Attacks Part of Wider Plot to Sabotage Critical Infrastructure

Ukraine: Recent Cyber Attacks Part of Wider Plot to Sabotage Critical Infrastructure

The coordinated cyberattacks targeting Ukrainian government websites and the deployment of a data-wiper malware called WhisperGate on select government systems are part of a broader wave of malicious activities aimed at sabotaging critical infrastructure in the country. The Secret Service of Ukraine on Monday confirmed that the two incidents are related, adding the breaches also exploited...

Researchers Bypass SMS-based Multi-Factor Authentication Protecting Box Accounts

Researchers Bypass SMS-based Multi-Factor Authentication Protecting Box Accounts

Cybersecurity researchers have disclosed details of a now-patched bug in Box's multi-factor authentication (MFA) mechanism that could be abused to completely sidestep SMS-based login verification. "Using this technique, an attacker could use stolen credentials to compromise an organization's Box account and exfiltrate sensitive data without access to the victim's phone,"...

Europol Shuts Down VPNLab, Cybercriminals’ Favourite VPN Service

Europol Shuts Down VPNLab, Cybercriminals’ Favourite VPN Service

VPNLab.net, a VPN provider that was used by malicious actors to deploy ransomware and facilitate other cybercrimes, was taken offline following a coordinated law enforcement operation. Europol said it took action against the misuse of the VPN service by grounding 15 of its servers on January 17 and rendering it inoperable as...

Don’t Use Public Wi-Fi Without DNS Filtering

Don’t Use Public Wi-Fi Without DNS Filtering

Providing public Wi-Fi is a great service to offer your customers as it becomes more and more standard in today's society. I like the fact that I do not have to worry about accessing the Internet while I am away, or spending a lot of money on an international connection,...

Newark Academy CTF (NACTF) 2021 — Challenge Writeups

Newark Academy CTF (NACTF) 2021 — Challenge Writeups

Newark Academy CTF (NACTF) 2021 — Challenge Writeups This post contains writeups for some challenges in this CTF. 1. Juliet’s Note It is the first cryptography challenge in the CTF. They have given the message which we have to decode to find the flag. It is a simple integer to character to match. I coded...

How to make our own CTF Challenge with ease.

How to make our own CTF Challenge with ease.

Hi infosec people, hope you’re healthy! I just got enough time to write a blog on the topic which I really wanted to write, “You can also create your own CTF challenge” but I changed this name to the current one because it doesn’t sound that interesting/cool as it does...

Day 14, Set Up Environment for Pentesting #100DaysofHacking

Day 14, Set Up Environment for Pentesting #100DaysofHacking

Get all the writeups from Day 1 to 13, Click Here Or Click Here. Source: Unsplash Hello Everyone, This is Ayush if you haven’t read the previous blog then please read it by clicking on above link in which we have discussed important concepts which is necessary for further blogs. In our...

Day 13, Introduction to Pentesting #100DaysofHacking

Day 13, Introduction to Pentesting #100DaysofHacking

Get all the writeups from Day 1 to 12, Click Here Or Click Here Source: Frsecure Hello Everyone, This is Ayush if you haven’t read the previous blog then please read it by clicking on above link in which we have discussed important concepts which is necessary for further blogs. Till now...

[Day 4] Web Exploitation Santa’s Running Behind | Advent of Cyber 3 (2021)

[Day 4] Web Exploitation Santa’s Running Behind | Advent of Cyber 3 (2021)

Burp suite practices Learning Objectives In today’s task, we’re going to learn the following. Understanding authentication and where it is usedUnderstanding what fuzzing isUnderstanding what Burp Suite is and how we can use it for fuzzing a login form to gain accessApply this knowledge to retrieve Santa’s travel itinerary let’s enjoy the challenge...

[Day 3] Web Exploitation Christmas Blackout | Advent of Cyber 3 (2021)

[Day 3] Web Exploitation Christmas Blackout | Advent of Cyber 3 (2021)

As a penetration tester or defender, we must have an ability to look at the missing or something hidden. And today we will be learning about discovering the content from the system. Let’s discover the vulnerabilities.. 1.Using a common wordlist for discovering content, enumerate http://MACHINE_IP to find the location of the...

Shibboleth: HackTheBox Walkthrough

Shibboleth: HackTheBox Walkthrough

Welcome back! Today we are going to solve another machine from HacktheBox. The box is listed as an easy box. Just add shibboleth.htb in… Continue reading on InfoSec Write-ups »

c4ptur3-th3-fl4g (TryHackMe)

c4ptur3-th3-fl4g (TryHackMe)

Task 1 Before we move on to the challenges, I would like to tell you all that this room is not for absolute beginner or person who doesn’t know anything in cyber security domain. It includes various cryptographic techniques to be used along with some stego and stegenoghaphy challenges. This may...

Authentication Bypass -TryHackMe

Authentication Bypass -TryHackMe

Writeup Hello, Amazing fellow hackers welcome back for a new write-up on authentication writeup on Tryhackme room. So let’s discuss the concept. Authentication bypass is the critical type of vulnerability that leads to exposure of sensitive information of legitimate persons. Username Enumeration: Username enumeration is the concept in which used to...

SSH to Red Hat with Docker

SSH to Red Hat with Docker

Make a docker container with Red Hat and ssh into it Docker is an open platform for developing, shipping and running application. You will be able have an isolated environment on your local machine with a bit resources you use. Someone use docker to run their vulnerable application because of docker have...

Day 12 Internet Security Controls #100DaysofHacking

Day 12 Internet Security Controls #100DaysofHacking

Get all the writeups from Day 1 to 11, Click Here Or Github: Click Here Hello Everyone, This is Ayush if you haven’t read the previous blog then please read it by clicking on above link in which we have discussed important concepts which is necessary for further blogs. In our previous blog,...

Conti Ransomware— Threat Hunting with Splunk

Conti Ransomware— Threat Hunting with Splunk

Conti Ransomware Note This article provides my approach for solving the TryHackMe room titled “Conti”, created by heavenraiza. An Exchange server was compromised with ransomware and we must use Splunk to investigate how the attackers compromised the server. I have also provided a link to TryHackMe at the end for...

Earth Lusca Hackers Aimed at High-Value Targets in Government and Private Sectors

Earth Lusca Hackers Aimed at High-Value Targets in Government and Private Sectors

An elusive threat actor called Earth Lusca has been observed striking organizations across the world as part of what appears to be simultaneously an espionage campaign and an attempt to reap monetary profits. "The list of its victims includes high-value targets such as government and educational institutions, religious movements, pro-democracy...

Zoho Releases Patch for Critical Flaw Affecting ManageEngine Desktop Central

Zoho Releases Patch for Critical Flaw Affecting ManageEngine Desktop Central

Enterprise software maker Zoho on Monday issued patches for a critical security vulnerability in Desktop Central and Desktop Central MSP that a remote adversary could exploit to perform unauthorized actions in affected servers. Tracked as CVE-2021-44757, the shortcoming concerns an instance of authentication bypass that "may allow an attacker to read...

Chrome Limits Websites’ Direct Access to Private Networks for Security Reasons

Chrome Limits Websites’ Direct Access to Private Networks for Security Reasons

Google Chrome has announced plans to prohibit public websites from directly accessing endpoints located within private networks as part of an upcoming major security shakeup to prevent intrusions via the browser. The proposed change is set to be rolled out in two phases as part of releases Chrome 98 and...

Dark Web’s Largest Marketplace for Stolen Credit Cards is Shutting Down

Dark Web’s Largest Marketplace for Stolen Credit Cards is Shutting Down

UniCC, the biggest dark web marketplace of stolen credit and debit cards, has announced that it's shuttering its operations after earning $358 million in purchases since 2013 using cryptocurrencies such as Bitcoin, Litecoin, Ether, and Dash. "Don't build any conspiracy theories about us leaving," the anonymous operators of UniCC said...

High-Severity Vulnerability in 3 WordPress Plugins Affected 84,000 Websites

High-Severity Vulnerability in 3 WordPress Plugins Affected 84,000 Websites

Researchers have disclosed a security shortcoming affecting three different WordPress plugins that impact over 84,000 websites and could be abused by a malicious actor to take over vulnerable sites. "This flaw made it possible for an attacker to update arbitrary site options on a vulnerable site, provided they could trick...

Ukrainian Government Officially Accuses Russia of Recent Cyberattacks

Ukrainian Government Officially Accuses Russia of Recent Cyberattacks

The government of Ukraine on Sunday formally accused Russia of masterminding the attacks that targeted websites of public institutions and government agencies this past week. "All the evidence points to the fact that Russia is behind the cyber attack," the Ministry of Digital Transformation said in a statement. "Moscow continues to wage...

New Unpatched Apple Safari Browser Bug Allows Cross-Site User Tracking

New Unpatched Apple Safari Browser Bug Allows Cross-Site User Tracking

A software bug introduced in Apple Safari 15's implementation of the IndexedDB API could be abused by a malicious website to track users' online activity in the web browser and worse, even reveal their identity. The vulnerability, dubbed IndexedDB Leaks, was disclosed by fraud protection software company FingerprintJS, which reported the issue to...

A New Destructive Malware Targeting Ukrainian Government and Business Entities

A New Destructive Malware Targeting Ukrainian Government and Business Entities

Cybersecurity teams from Microsoft on Saturday disclosed they identified evidence of a new destructive malware operation targeting government, non-profit, and information technology entities in Ukraine amid brewing geopolitical tensions between the country and Russia. "The malware is disguised as ransomware but, if activated by the attacker, would render the infected...

Get Lifetime Access to Cybersecurity Certification Prep Courses

Get Lifetime Access to Cybersecurity Certification Prep Courses

You can't go far in professional IT without being asked for some key certifications. In particular, most large companies today require new hires to be well versed in the fundamentals of cybersecurity. Adding the likes of CISSP, CISM, and CompTIA CASP+ to your résumé can open the door to many opportunities —...

Russia Arrests REvil Ransomware Gang Responsible for High-Profile Cyber Attacks

Russia Arrests REvil Ransomware Gang Responsible for High-Profile Cyber Attacks

In an unprecedented move, Russia's Federal Security Service (FSB), the country's principal security agency, on Friday disclosed that it arrested several members belonging to the notorious REvil ransomware gang and neutralized its operations. The surprise operation, which it said was carried out at the request of the U.S. authorities, saw...

Massive Cyber Attack Knocks Down Ukrainian Government Websites

Massive Cyber Attack Knocks Down Ukrainian Government Websites

No fewer than 70 websites operated by the Ukrainian government went offline on Friday for hours in what appears to be a coordinated cyber attack amid heightened tensions with Russia. "As a result of a massive cyber attack, the websites of the Ministry of Foreign Affairs and a number of...

North Korean Hackers Stole Millions from Cryptocurrency Startups Worldwide

North Korean Hackers Stole Millions from Cryptocurrency Startups Worldwide

Operators associated with the Lazarus sub-group BlueNoroff have been linked to a series of cyberattacks targeting small and medium-sized companies worldwide with an aim to drain their cryptocurrency funds, in what's yet another financially motivated operation mounted by the prolific North Korean state-sponsored actor. Russian cybersecurity company Kaspersky, which is...

U.K. Hacker Jailed for Spying on Children and Downloading Indecent Images

U.K. Hacker Jailed for Spying on Children and Downloading Indecent Images

A man from the U.K. city of Nottingham has been sentenced to more than two years in prison for illegally breaking into the phones and computers of a number of victims, including women and children, to spy on them and amass a collection of indecent images. Robert Davies, 32, is...

Husband-Wife Arrested in Ukraine for Ransomware Attacks on Foreign Companies

Husband-Wife Arrested in Ukraine for Ransomware Attacks on Foreign Companies

Ukrainian police authorities have nabbed five members of a gang that's believed to have helped orchestrate attacks against more than 50 companies across Europe and the U.S and caused losses to the tune of more than $1 million. The special operation, which was carried out in assistance with law enforcement officials...

Cisco Releases Patch for Critical Bug Affecting Unified CCMP and Unified CCDM

Cisco Releases Patch for Critical Bug Affecting Unified CCMP and Unified CCDM

Cisco Systems has rolled out security updates for a critical security vulnerability affecting Unified Contact Center Management Portal (Unified CCMP) and Unified Contact Center Domain Manager (Unified CCDM) that could be exploited by a remote attacker to take control of an affected system. Tracked as CVE-2022-20658, the vulnerability has been rated...

GootLoader Hackers Targeting Employees of Law and Accounting Firms

GootLoader Hackers Targeting Employees of Law and Accounting Firms

Operators of the GootLoader campaign are setting their sights on employees of accounting and law firms as part of a fresh onslaught of widespread cyberattacks to deploy malware on infected systems, an indication that the adversary is expanding its focus to other high-value targets. "GootLoader is a stealthy initial access...

Researchers Decrypted Qakbot Banking Trojan’s Encrypted Registry Keys

Researchers Decrypted Qakbot Banking Trojan’s Encrypted Registry Keys

Cybersecurity researchers have decoded the mechanism by which the versatile Qakbot banking trojan handles the insertion of encrypted configuration data into the Windows Registry. Qakbot, also known as QBot, QuackBot and Pinkslipbot, has been observed in the wild since 2007. Although mainly fashioned as an information-stealing malware, Qakbot has since shifted its goals and...

Iranian Hackers Exploit Log4j Vulnerability to Deploy PowerShell Backdoor

Iranian Hackers Exploit Log4j Vulnerability to Deploy PowerShell Backdoor

An Iranian state-sponsored actor has been observed scanning and attempting to abuse the Log4Shell flaw in publicly-exposed Java applications to deploy a hitherto undocumented PowerShell-based modular backdoor dubbed "CharmPower" for follow-on post-exploitation. "The actor's attack setup was obviously rushed, as they used the basic open-source tool for the exploitation and...

Meeting Patching-Related Compliance Requirements with TuxCare

Meeting Patching-Related Compliance Requirements with TuxCare

Cybersecurity teams have many demands competing for limited resources. Restricted budgets are a problem, and restricted staff resources are also a bottleneck. There is also the need to maintain business continuity at all times. It's a frustrating mix of challenges – with resources behind tasks such as patching rarely sufficient...

US Cyber Command Links ‘MuddyWater’ Hacking Group to Iranian Intelligence

US Cyber Command Links ‘MuddyWater’ Hacking Group to Iranian Intelligence

The U.S. Cyber Command (USCYBERCOM) on Wednesday officially confirmed MuddyWater's ties to the Iranian intelligence apparatus, while simultaneously detailing the various tools and tactics adopted by the espionage actor to burrow into victim networks. "MuddyWater has been seen using a variety of techniques to maintain access to victim networks," USCYBERCOM's...

Apple Releases iPhone and iPad Updates to Patch HomeKit DoS Vulnerability

Apple Releases iPhone and iPad Updates to Patch HomeKit DoS Vulnerability

Apple on Wednesday rolled out software updates for iOS and iPadOS to remediate a persistent denial-of-service (DoS) issue affecting the HomeKit smart home framework that could be potentially exploited to launch ransomware-like attacks targeting the devices. The iPhone maker, in its release notes for iOS and iPadOS 15.2.1, termed it as a "resource exhaustion...