read: 1
1. Hot information
1. Free VPN apps turn user devices into criminal agents
【Label】VPN
【Overview】
Threat intelligence researchers in a campaign called PROXYLIB discovered that VPN apps turned users' devices into tools for cybercriminals without their knowledge. Cybercriminals send traffic through other people's devices (called proxies). They are able to use other people's resources to get the job done, masking the source of the attack, making it less likely to be blocked, and if one of their proxies is blocked, they can still proceed.
[Reference link]
https://ti.nsfocus.com/security-news/IlOe5
2. GitHub has been exposed to security vulnerabilities that can be used by hackers to distribute malware disguised as “Microsoft”
【Tag】GitHub
【Overview】
Recently, the code hosting website GitHub was exposed to a high-risk and serious vulnerability in the comment file upload system. Hackers can use this vulnerability to distribute various malware. Users can upload files to a specified GitHub comment (even if the comment does not exist), and a download link will be automatically generated. This link includes the name of the repository and its owner, potentially tricking victims into thinking the file is legitimate.
[Reference link]
https://ti.nsfocus.com/security-news/IlOe3
3.DuneQuixote operation used complex backdoors to target the Middle East, and the widely used Total Commander was tampered with
【Label】CR4T
【Overview】
A hacking group is targeting Middle Eastern government entities using a new backdoor called CR4T as part of Operation DuneQuixote. Kaspersky researchers discovered the DuneQuixote campaign in February 2024, but they believe it may have been active since 2023. Kaspersky discovered more than 30 DuneQuixote dropper samples used in the campaign. Experts discovered two versions of the implant: a regular implant (in the form of an executable or DLL file) and an installer file modified by a legitimate tool called “Total Commander.”
[Reference link]
https://ti.nsfocus.com/security-news/IlOcZ
4. The world’s largest “risk control database” falls into the hands of criminals
【tag】data leakage
【Overview】
Recently, a “risk control database” (also known as the terrorist database) used by mainstream banks around the world and more than 300 government intelligence agencies suffered a data leak. 5.3 million high-risk personal information fell into the hands of criminals and was leaked online. The leaked database is called World-Check, which aggregates information on millions of illegal elements (high-risk individuals) and entities, such as terrorists, money launderers, crooked politicians, etc., for companies to verify user credibility (KYC), In particular, it is used by financial institutions such as banks to verify the identity of their customers and determine whether potential customers may be related to financial crimes such as money laundering, or whether they are subject to government sanctions.
[Reference link]
https://ti.nsfocus.com/security-news/IlOdq
5. Hacker group uses Carbanak backdoor to “target” the U.S. auto industry
【Label】FIN7
【Overview】
Recently, the hacker group FIN7 sent spear-phishing emails to employees of the IT department of a large American automaker and used the Anunak backdoor to infect the system. According to BlackBerry researchers, the attack occurred late last year and relied on Binaries, Scripts and Libraries (LoLBas). The hackers targeted employees with advanced privileges and lured them in by linking to malicious URLs posing as legitimate advanced IP scanner tools.
[Reference link]
https://ti.nsfocus.com/security-news/IlOdw
6. Researchers find that cheap, “shoddy” ransomware tools are rampant on the dark web
【Label】Ransomware
【Overview】
Cheap ransomware is being sold on dark web forums for people's one-time use, allowing inexperienced freelancers to engage in cybercrime without any interaction with affiliates, researchers at cybersecurity firm Sophos Intelligence have found in 2023. Between June and February 2024, 19 types of ransomware were sold or advertised as being in development on four darknet forums. The effectiveness of these tools in the wild is unknown. There is little infrastructure for investigators to monitor, and the targets are likely to be small businesses or individuals, so they would be of little concern. Additionally, there was no website where the attackers leaked the stolen data.
[Reference link]
https://ti.nsfocus.com/security-news/IlOcS
7. Network public opinion monitoring system based on big data for intelligence collection
【tag】Internet public opinion
【Overview】
In the context of big data, although people's lifestyles and production methods have changed, the ways to obtain information and data have become more diverse and timely. However, it also makes the online public opinion environment more complex and greatly increases the difficulty of online public opinion management. For example: how to effectively process massive amounts of data, how to selectively disseminate positive information, how to effectively disperse the right to speak in public opinion, etc., are all challenges that arise in the context of big data, making the traditional network public opinion monitoring system unable to meet actual requirements and urgently needed Develop a more advanced and scientific network public opinion monitoring system.
[Reference link]
https://ti.nsfocus.com/security-news/IlOcL
8. Caught in the crossfire: Jordan’s cyber defenses put to the test in Israel’s conflict with Iran
【tag】Palestinian-Israeli conflict
【Overview】
Amid the complexities of the conflict between Israel and Iran, the Middle East is witnessing another form of conflict: cyberwarfare. Jordan finds itself at the forefront of this battle, facing a series of alleged cyberattacks orchestrated by various hacking groups. The BlackMaskers team has emerged as a prominent threat claiming cyberattacks in Jordan, targeting key Jordanian entities ranging from stock exchanges to private companies. Jordan's recent support for Israel in its ongoing war against Iran is an example of this. The Black Mask team announced their operation, declaring Jordan to be their primary target.
[Reference link]
https://ti.nsfocus.com/security-news/IlOcI
9. CoralRaider uses CDN cache to spread malware
【Tag】CoralRaider
【Overview】
Recently, researchers discovered that in attacks targeting systems in the United States, the United Kingdom, Germany, and Japan, hackers used network caches to spread malware. Researchers believe that CoralRaider is behind the campaign. The group has launched numerous attacks to steal credentials, financial data and social media accounts. In addition, the hacker also provides LummaC2, Rhadamanthys and Cryptbot information stealers, which are available on underground forums on malware-as-a-service platforms, but require payment of a subscription fee.
[Reference link]
https://ti.nsfocus.com/security-news/IlOdW
10. Cisco releases IMC high-risk vulnerability PoC
【Tag】CVE-2024-20356
【Overview】
Recently, Cisco released a proof-of-concept (PoC) exploit for a critical vulnerability in the Integrated Management Controller (IMC). The vulnerability, identified as CVE-2024-20356, allows command injection, which could allow an attacker to gain root access to an affected system. The vulnerability exists in the web-based management interface of the Cisco Integrated Management Controller (IMC), a critical component used to remotely manage Cisco hardware. According to the official security bulletin released by Cisco, the vulnerability is caused by insufficient user input validation of the IMC interface. This oversight allows an authenticated remote attacker with administrative privileges to inject malicious commands.
[Reference link]
https://ti.nsfocus.com/security-news/IlOdf
Copyright Notice
The copyright holder of all contents of the “Technology Blog” on this site is NSFOCUS Technology Group Co., Ltd. (“NSFOCUS Technology”). As a platform for sharing technical information, NSFOCUS Technology looks forward to interacting with users and welcomes forwarding of the full text as long as the source (NSFOCUS Technology – Technology Blog) and website are indicated.
Any use other than the above situations requires applying for copyright authorization from NSFOCUS Technology (010-68438880-5462) in advance. NSFOCUS reserves the right to pursue liability in case of unauthorized use. At the same time, if any legal dispute arises due to the unauthorized use of blog content, the user shall bear all legal responsibilities and has nothing to do with NSFOCUS Technology.
GIPHY App Key not set. Please check settings