Update: Exploit Released for Cisco SSM Bug Allowing Admin Password Changes

he vulnerability, tracked as CVE-2024-20419, allows unauthenticated attackers to change any user’s password remotely. To secure vulnerable Cisco Smart Software Manager On-Prem servers, admins must upgrade to a fixed release.

Cyware News – Latest Cyber News – ​Read More

Analysis of Data Exfiltration Tools Used by Threat Actors

A comprehensive analysis of data theft incidents investigated by ReliaQuest from September 2023 to July 2024 revealed that Rclone, WinSCP, and cURL are among the most prevalent exfiltration tools used by threat actors.

Cyware News – Latest Cyber News – ​Read More

Vulnerabilities in Solar Power Management Platform can Lead to Blackouts

Researchers discovered that a solar grid responsible for 20% of the world’s solar power output, enough to power the entire United States, is at risk of being hijacked due to vulnerabilities in PV plant management platforms.

Cyware News – Latest Cyber News – ​Read More

New Widespread Extension Trojan Malware Campaign

The malware attack flow involves luring users with fake websites imitating popular downloads, then executing PowerShell scripts to download and install malicious extensions that steal private data and control browser settings.

Cyware News – Latest Cyber News – ​Read More

Industrial Remote Access Tool Ewon Cosy+ Vulnerable to Root Access Attacks

Security vulnerabilities have been disclosed in the industrial remote access solution Ewon Cosy+ that could be abused to gain root privileges to the devices and stage follow-on attacks.
The elevated access could then be weaponized to decrypt encrypted firmware files and encrypted data such as passwords in configuration files, and even get correctly signed X.509 VPN certificates for foreign

The Hacker News – ​Read More

Botnet 7777: Are You Betting on a Compromised Router?

Recent findings indicate that the 7777 botnet (aka Quad7) has likely expanded, adding new bots with open port 63256, primarily including Asus routers. As of August 5, 2024, the total number of active bots stood at 12,783.

Cyware News – Latest Cyber News – ​Read More

Fake WinRar Websites Distributing Malware Payloads Hosted on GitHub

A fraudulent site resembling the official WinRar distribution platform is spreading malware. The fake website, win-rar[.]co, utilizes typosquatting to trick users who mistype the URL.

Cyware News – Latest Cyber News – ​Read More

New Malware Strains Pop Up in Threat Landscape

Quorum Cyber Incident Response team recently identified a new malware called SharpRhino utilized by the threat actor group Hunters International during a ransomware incident. The malware, written in C#, was distributed through a typosquatting domain posing as Angry IP Scanner.

Cyware News – Latest Cyber News – ​Read More

EastWind Attack Deploys PlugY and GrewApacha Backdoors Using Booby-Trapped LNK Files

The Russian government and IT organizations are the target of a new campaign that delivers a number of backdoors and trojans as part of a spear-phishing campaign codenamed EastWind.
The attack chains are characterized by the use of RAR archive attachments containing a Windows shortcut (LNK) file that, upon opening, activates the infection sequence, culminating in the deployment of malware such

The Hacker News – ​Read More

Rogue PyPI Library Solana Users, Steals Blockchain Wallet Keys

Cybersecurity researchers have discovered a new malicious package on the Python Package Index (PyPI) repository that masquerades as a library from the Solana blockchain platform but is actually designed to steal victims’ secrets.
“The legitimate Solana Python API project is known as ‘solana-py’ on GitHub, but simply ‘solana’ on the Python software registry, PyPI,” Sonatype researcher Ax Sharma

The Hacker News – ​Read More