Researchers from cybersecurity firm DomainTools told Recorded Future News that they have found nearly 30 newly created domains related to tolls, 15 of which have a “high chance of being weaponized for phishing, malware, or spam.”
Threat actors are continuing to successfully breach across the entire attack surface. Around 93% of enterprises who admitted a breach reported unplanned downtime, data exposure, or financial loss as a result, according to a survey by Pentera.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-04-22 11:12:182024-04-22 11:12:18Report: 51% of Enterprises Experienced a Breach Despite Large Security Stacks
New research has found that the DOS-to-NT path conversion process could be exploited by threat actors to achieve rootkit-like capabilities to conceal and impersonate files, directories, and processes.
“When a user executes a function that has a path argument in Windows, the DOS path at which the file or folder exists is converted to an NT path,” SafeBreach security researcher Or Yair said&
Japan’s CERT warned that the WordPress plugin Forminator, developed by WPMU DEV, is affected by multiple vulnerabilities, including a flaw that allows unrestricted file uploads to the server.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-04-22 10:08:112024-04-22 10:08:11Critical Flaw in the Forminator Plugin Impacts Hundreds of Thousands of WordPress Sites
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-04-22 10:08:112024-04-22 10:08:11MITRE Hacked by State-Sponsored Group via Ivanti Zero-Days
Security experts say Western teenagers comprise a number of active affiliate groups, many with ties to the cybercrime community that calls itself “The Community,” aka the Com or Comm.
A malware campaign was found injecting malicious JavaScript code into compromised WordPress sites to redirect site visitors to VexTrio domains, specifically using dynamic DNS TXT records of the tracker-cloud[.]com domain to obtain redirect URLs.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-04-22 09:07:192024-04-22 09:07:19JavaScript Malware Switches to Server-Side Redirects and Uses DNS TXT Records as TDS
The new facility, details about which have not previously been reported, marks the fruition of a significant doctrinal shift in how the alliance approaches operations in cyberspace.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-04-22 09:07:192024-04-22 09:07:19NATO to Launch New Cyber Center to Contest Cyberspace ‘At All Times’
A New York federal jury found a hacker guilty of all charges that he masterminded and carried out a scheme to fraudulently obtain $110 million from cryptocurrency exchange Mango Markets and investors.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-04-22 08:06:522024-04-22 08:06:52Jury Dishes Out Guilty Verdict in Mango Markets Fraud Case
Microsoft has revealed that North Korea-linked state-sponsored cyber actors has begun to use artificial intelligence (AI) to make its operations more effective and efficient.
“They are learning to use tools powered by AI large language models (LLM) to make their operations more efficient and effective,” the tech giant said in its latest report on East Asia hacking groups.
The company
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-04-22 08:06:522024-04-22 08:06:52Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage
BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
Researchers Find Dozens of Fake E-Zpass Toll Websites After FBI Warning
/in General NewsResearchers from cybersecurity firm DomainTools told Recorded Future News that they have found nearly 30 newly created domains related to tolls, 15 of which have a “high chance of being weaponized for phishing, malware, or spam.”
Cyware News – Latest Cyber News – Read More
Report: 51% of Enterprises Experienced a Breach Despite Large Security Stacks
/in General NewsThreat actors are continuing to successfully breach across the entire attack surface. Around 93% of enterprises who admitted a breach reported unplanned downtime, data exposure, or financial loss as a result, according to a survey by Pentera.
Cyware News – Latest Cyber News – Read More
Researchers Uncover Windows Flaws Granting Hackers Rootkit-Like Powers
/in General NewsNew research has found that the DOS-to-NT path conversion process could be exploited by threat actors to achieve rootkit-like capabilities to conceal and impersonate files, directories, and processes.
“When a user executes a function that has a path argument in Windows, the DOS path at which the file or folder exists is converted to an NT path,” SafeBreach security researcher Or Yair said&
The Hacker News – Read More
Critical Flaw in the Forminator Plugin Impacts Hundreds of Thousands of WordPress Sites
/in General NewsJapan’s CERT warned that the WordPress plugin Forminator, developed by WPMU DEV, is affected by multiple vulnerabilities, including a flaw that allows unrestricted file uploads to the server.
Cyware News – Latest Cyber News – Read More
MITRE Hacked by State-Sponsored Group via Ivanti Zero-Days
/in General NewsMITRE R&D network hacked in early January by a state-sponsored threat group that exploited an Ivanti zero-day vulnerability.
The post MITRE Hacked by State-Sponsored Group via Ivanti Zero-Days appeared first on SecurityWeek.
SecurityWeek – Read More
Rising Ransomware Issue: English-Speaking Western Affiliates
/in General NewsSecurity experts say Western teenagers comprise a number of active affiliate groups, many with ties to the cybercrime community that calls itself “The Community,” aka the Com or Comm.
Cyware News – Latest Cyber News – Read More
JavaScript Malware Switches to Server-Side Redirects and Uses DNS TXT Records as TDS
/in General NewsA malware campaign was found injecting malicious JavaScript code into compromised WordPress sites to redirect site visitors to VexTrio domains, specifically using dynamic DNS TXT records of the tracker-cloud[.]com domain to obtain redirect URLs.
Cyware News – Latest Cyber News – Read More
NATO to Launch New Cyber Center to Contest Cyberspace ‘At All Times’
/in General NewsThe new facility, details about which have not previously been reported, marks the fruition of a significant doctrinal shift in how the alliance approaches operations in cyberspace.
Cyware News – Latest Cyber News – Read More
Jury Dishes Out Guilty Verdict in Mango Markets Fraud Case
/in General NewsA New York federal jury found a hacker guilty of all charges that he masterminded and carried out a scheme to fraudulently obtain $110 million from cryptocurrency exchange Mango Markets and investors.
Cyware News – Latest Cyber News – Read More
Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage
/in General NewsMicrosoft has revealed that North Korea-linked state-sponsored cyber actors has begun to use artificial intelligence (AI) to make its operations more effective and efficient.
“They are learning to use tools powered by AI large language models (LLM) to make their operations more efficient and effective,” the tech giant said in its latest report on East Asia hacking groups.
The company
The Hacker News – Read More