Researchers have spotted malware downloader spoofing Italian organizations, including the tax agency, to deliver a banking Trojan to target Italian organizations.The downloader is called WikiLoader , which uses multiple mechanisms to evade detection.
The financially motivated threat actor behind it, which tracked as TA544. The loader ultimately leads to the Ursnif banking Trojan, one of two Trojans favored by TA544.As per the researchers, It is named WikiLoader due to the malware making a request to Wikipedia and checking that the response has the string “The Free” in the contents, and since December 2022, at least more than half a dozen campaigns observed distributing Wikiloader.
Minecraft players and those who run Minecraft servers face a new and dangerous security vulnerability, which could allow bad actors to run remote code on their computers. Dubbed as ‘BleedingPipe,’ by a user group called MMPA (Minecraft Malware Prevention Alliance), the exploit uses Java deserialization to infect servers or clients that have one of many popular mods installed.
The number of vulnerable Minecraft mods is extensive. A German goes by Dogboy21 on GitHub has identified three dozen popular mods that have the vulnerability, ranging from AetherCraft to Immersive Armors to ttCore Dogboy21’s Github page also has a patch to fix the problem, which involves getting a new JAR file to put into your mods folder. The MMPA’s blog post lists even more mods that are affected and claims that, specifically, 1.7.10 and 1.12.2 version modpacks are those that are vulnerable
Two major cyber headaches rocking US authorities over the weekend are the widespread and still unresolved Chinese campaign known as Volt Typhoon targeting military bases, and the other an insider breach affecting Air Force and FBI communications.US authorities have confirmed that Volt Typhoon’s malware is much more endemic than what it is considered; responders have found it planted inside numerous networks controlling the communications, power, and water feeding US military bases at home and abroad.
Meanwhile, a search warrant obtained by Forbes revealed that the Pentagon is dealing with a wholly separate cyber intrusion, a communications compromise affecting 17 Air Force facilities, and possibly the FBI as well, courtesy of an Air Force engineer.
SUBSCRIBE TO OUR BLOG TODAY !
We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day
Researchers have discovered an email phishing campaign exploiting a zero-day vulnerability in Salesforce’s legitimate email services and SMTP servers.The vulnerability allowed threat actors to craft targeted phishing emails, evading conventional detection methods by leveraging Salesforce’s domain and reputation and exploiting legacy quirks in Facebook’s web games platform.
Using phishing techniques, the threat actors successfully hid malicious email traffic within legitimate and trusted email gateway services, allowing them to capitalize on the companies’ volume and reputation.
Researchers have published a report about new potential post-exploitation techniques involving AWS System Manager agents.The exploit involves the potential for the SSM agent to be used as a remote access trojan on both Linux and Windows machines, controlled via an attacker-owned AWS account. This exploit could potentially be abused in real-world attacks.
AWS Systems Manager is a tool within Amazon’s suite that is designed to aid DevOps engineers in managing tasks such as patching operating systems across EC2 instances. SSM that being installed on the EC2 Instances allows for the automation of these tasks and provides an integrated way to handle configuration management, patching, and system monitoring.