BackBox.org News – Page 466 – Latest news and insights on Security

Russian Member of Karakurt Cyber Extortion Gang Charged in US

August 23, 2024/in General News

Deniss Zolotarjovs was charged in a US court for extorting victims and laundering cryptocurrency as part of the Karakurt cyber extortion group.

The post Russian Member of Karakurt Cyber Extortion Gang Charged in US appeared first on SecurityWeek.

SecurityWeek – Read More

PoC Exploit Released for RCE 0-day CVE-2024-41992 in Arcadyan FMIMG51AX000J Model

August 23, 2024/in General News

A PoC exploit has been released for a critical vulnerability (CVE-2024-41992) found in the Arcadyan FMIMG51AX000J model, as well as other devices using the same firmware version.

Cyware News – Latest Cyber News – Read More

FBI Fails to Secure Sensitive Storage Media Destined for Destruction, Audit Reveals

August 23, 2024/in General News

Audit finds weaknesses in FBI’s inventory management and disposition procedures for drives containing sensitive information.

The post FBI Fails to Secure Sensitive Storage Media Destined for Destruction, Audit Reveals appeared first on SecurityWeek.

SecurityWeek – Read More

New Opportunistic Campaign Exploit Log4j Vulnerability for Cryptomining and System Compromise

August 23, 2024/in General News

This latest Log4j exploitation-based attack uses obfuscated LDAP requests to evade detection and executes malicious scripts, establishing persistence and exfiltrating data through encrypted channels.

Cyware News – Latest Cyber News – Read More

When War Came to Their Country, They Built a Map

August 23, 2024/in General News

The Telegram channel and website Deep State uses public data and insider intelligence to power its live tracker of Ukraine’s ever-shifting front line.

Security Latest – Read More

Cybercriminals Exploit File Sharing Services to Advance Phishing Attacks

August 23, 2024/in General News

In these file-sharing phishing attacks, cybercriminals impersonate colleagues or trusted services to trick targets into clicking on malicious links that can lead to data theft or malware infection.

Cyware News – Latest Cyber News – Read More

Hardware Backdoor in Millions of Shanghai Fudan Microelectronics RFID Cards Allows Cloning

August 23, 2024/in General News

Researchers from Quarkslab found a hardware backdoor in the FM11RF08S RFID cards manufactured by Shanghai Fudan Microelectronics, enabling attackers to compromise user-defined keys within minutes.

Cyware News – Latest Cyber News – Read More

SolarWinds Leaks Credentials in Hotfix for Exploited Web Help Desk Flaw

August 23, 2024/in General News

SolarWinds has issued a Web Help Desk hotfix to remove hardcoded credentials from last week’s hotfix for a critical-severity vulnerability.

The post SolarWinds Leaks Credentials in Hotfix for Exploited Web Help Desk Flaw appeared first on SecurityWeek.

SecurityWeek – Read More

Critical GitHub Enterprise Server Flaw Patched, Admin Access at Risk

August 23, 2024/in General News

GitHub disclosed three security vulnerabilities in GitHub Enterprise Server (GHES), including CVE-2024-6800, CVE-2024-6337, and CVE-2024-7711. The most severe, CVE-2024-6800, allowed attackers to forge a SAML response, granting site admin privileges.

Cyware News – Latest Cyber News – Read More

Latvian Hacker Extradited to U.S. for Role in Karakurt Cybercrime Group

August 23, 2024/in General News

A 33-year-old Latvian national living in Moscow, Russia, has been charged in the U.S. for allegedly stealing data, extorting victims, and laundering ransom payments since August 2021.
Deniss Zolotarjovs (aka Sforza_cesarini) has been charged with conspiring to commit money laundering, wire fraud and Hobbs Act extortion. He was arrested in Georgia in December 2023 and has since been extradited to

The Hacker News – Read More

BackBox News

Russian Member of Karakurt Cyber Extortion Gang Charged in US

PoC Exploit Released for RCE 0-day CVE-2024-41992 in Arcadyan FMIMG51AX000J Model

FBI Fails to Secure Sensitive Storage Media Destined for Destruction, Audit Reveals

New Opportunistic Campaign Exploit Log4j Vulnerability for Cryptomining and System Compromise

When War Came to Their Country, They Built a Map

Cybercriminals Exploit File Sharing Services to Advance Phishing Attacks

Hardware Backdoor in Millions of Shanghai Fudan Microelectronics RFID Cards Allows Cloning

SolarWinds Leaks Credentials in Hotfix for Exploited Web Help Desk Flaw

Critical GitHub Enterprise Server Flaw Patched, Admin Access at Risk

Latvian Hacker Extradited to U.S. for Role in Karakurt Cybercrime Group

Company Blogs

Expose Android Malware in Seconds: ANY.RUN Sandbox Now Supports Real-Time APK Analysis

Supply chain attack via GitHub Action | Kaspersky official blog

Are the Android SafetyCore and Android System Key Verifier apps safe? | Kaspersky official blog

Miniaudio and Adobe Acrobat Reader vulnerabilities

Patch it up: Old vulnerabilities are everyone’s problems

Update your VMware ESXi products now | Kaspersky official blog

New Pre-Installed Dev Tools for Deep Sandbox Malware Analysis

Abusing with style: Leveraging cascading style sheets for evasion and tracking

AI Safety: Key Threats and Solutions

Main vulnerabilities from Microsoft’s March Patch Tuesday | Kaspersky official blog

Hacking Tools

Exploit DB