https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-23 21:06:442024-08-23 21:06:44Constantly Evolving MoonPeak RAT Linked to North Korean Spying
A new malware called NGate allows cybercriminals to steal near field communication data from Android phones via sophisticated social engineering. The data is relayed to the fraudsters before being used to steal cash.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-23 20:06:442024-08-23 20:06:44Cybercriminals Deploy New Malware to Steal Data via Android’s Near Field Communication (NFC)
In April 2024, CrowdStrike Services responded to the first of several incidents in which North Korea’s FAMOUS CHOLLIMA malicious insiders targeted U.S. firmsRead More
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-23 19:06:432024-08-23 19:06:43CrowdStrike 2024 report exposes North Korea’s covert workforce in U.S. tech firms
This malware allows attackers to emulate victims’ cards, enabling them to make unauthorized payments or withdraw cash from ATMs. The campaign has been active since November 2023.
Cybersecurity researchers have uncovered a never-before-seen dropper that serves as a conduit to launch next-stage malware with the ultimate goal of infecting Windows systems with information stealers and loaders.
“This memory-only dropper decrypts and executes a PowerShell-based downloader,” Google-owned Mandiant said. “This PowerShell-based downloader is being tracked as PEAKLIGHT.”
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-23 17:06:452024-08-23 17:06:45New PEAKLIGHT Dropper Deployed in Attacks Targeting Windows with Malicious Movie Downloads
These vulnerabilities pose risks to organizations using outdated versions, allowing unauthorized access to sensitive data and privilege escalation through SQL Injection techniques.
A recent Qilin ransomware attack targeted several endpoints, stealing VPN credentials and Chrome browser data. This attack, detected in July 2024, involved network access through compromised VPN credentials without multi-factor authentication.
SonicWall has released an urgent patch to address a critical vulnerability (CVE-2024-40766) in SonicOS, which could allow unauthorized access to their firewalls. The vulnerability could lead to system compromise and network disruption.
Cryptojacking attackers are targeting poorly secured PostgreSQL databases on Linux systems. According to Aqua Security researchers, the attack begins with brute-force attempts to gain access to the database credentials.
Exploiting this flaw, attackers can manipulate daemonsets, create service account tokens, and impersonate high-privilege accounts like cluster-admin. This could lead to a complete cluster takeover.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-23 15:06:412024-08-23 15:06:41Kanister Vulnerability Opens Door to Cluster-Level Privilege Escalation
BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
Constantly Evolving MoonPeak RAT Linked to North Korean Spying
/in General NewsThe malware is a customized variant of the powerful open source XenoRAT information stealing malware often deployed by Kimsuky and other DPRK APTs.
darkreading – Read More
Cybercriminals Deploy New Malware to Steal Data via Android’s Near Field Communication (NFC)
/in General NewsA new malware called NGate allows cybercriminals to steal near field communication data from Android phones via sophisticated social engineering. The data is relayed to the fraudsters before being used to steal cash.
Security | TechRepublic – Read More
CrowdStrike 2024 report exposes North Korea’s covert workforce in U.S. tech firms
/in General NewsIn April 2024, CrowdStrike Services responded to the first of several incidents in which North Korea’s FAMOUS CHOLLIMA malicious insiders targeted U.S. firmsRead More
Security News | VentureBeat – Read More
NGate Android Malware Relays NFC Traffic to Steal Credit Card Data
/in General NewsThis malware allows attackers to emulate victims’ cards, enabling them to make unauthorized payments or withdraw cash from ATMs. The campaign has been active since November 2023.
Cyware News – Latest Cyber News – Read More
New PEAKLIGHT Dropper Deployed in Attacks Targeting Windows with Malicious Movie Downloads
/in General NewsCybersecurity researchers have uncovered a never-before-seen dropper that serves as a conduit to launch next-stage malware with the ultimate goal of infecting Windows systems with information stealers and loaders.
“This memory-only dropper decrypts and executes a PowerShell-based downloader,” Google-owned Mandiant said. “This PowerShell-based downloader is being tracked as PEAKLIGHT.”
Some of
The Hacker News – Read More
Critical Vulnerabilities Uncovered in Progress WhatsUp Gold
/in General NewsThese vulnerabilities pose risks to organizations using outdated versions, allowing unauthorized access to sensitive data and privilege escalation through SQL Injection techniques.
Cyware News – Latest Cyber News – Read More
Qilin Ransomware Caught Stealing Credentials Stored in Google Chrome
/in General NewsA recent Qilin ransomware attack targeted several endpoints, stealing VPN credentials and Chrome browser data. This attack, detected in July 2024, involved network access through compromised VPN credentials without multi-factor authentication.
Cyware News – Latest Cyber News – Read More
SonicWall Issues Urgent Patch for Critical Firewall Vulnerability
/in General NewsSonicWall has released an urgent patch to address a critical vulnerability (CVE-2024-40766) in SonicOS, which could allow unauthorized access to their firewalls. The vulnerability could lead to system compromise and network disruption.
Cyware News – Latest Cyber News – Read More
PG_MEM Malware Targets PostgreSQL Databases for Crypto Mining
/in General NewsCryptojacking attackers are targeting poorly secured PostgreSQL databases on Linux systems. According to Aqua Security researchers, the attack begins with brute-force attempts to gain access to the database credentials.
Cyware News – Latest Cyber News – Read More
Kanister Vulnerability Opens Door to Cluster-Level Privilege Escalation
/in General NewsExploiting this flaw, attackers can manipulate daemonsets, create service account tokens, and impersonate high-privilege accounts like cluster-admin. This could lead to a complete cluster takeover.
Cyware News – Latest Cyber News – Read More