New Spear Phish Methodology Relies on PuTTY SSH Client to Infect Systems

Hackers associated with North Korea are using trojanized versions of the PuTTY SSH open-source terminal emulator to install backdoors on victims’ devices. Discovered by Mandiant, the threat actor responsible for this campaign would be ‘UNC4034’ (also known as Temp.Hermit or Labyrinth Chollima). “Mandiant identified several overlaps between UNC4034 and threat clusters we suspect have a North

CISA Expands Vulnerabilities Catalog With Old, Exploited Flaws

The Cybersecurity and Infrastructure Security Agency (CISA) has added six known flaws to its Known Exploited Vulnerabilities Catalog on September 15, 2022. “These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose a significant risk to the federal enterprise,” the Agency wrote. The six issues include three that affect the

Rising to the challenges of secure coding – Week in security with Tony Anscombe

The news seems awash this week with reports of both Microsoft and Apple scrambling to patch security flaws in their products The news seems awash this week with tech companies scrambling to patch security vulnerabilities in their software. This month’s Patch Tuesday saw Microsoft plug 64 security holes, including a zero-day that is being actively

API security—and even visibility—isn’t getting handled by enterprises

A report released this week by OpinionMatters and commissioned by Noname Security found that more than three out of four senior cybersecurity professionals in the US and UK said that their organization had experienced at least one API-related security incident within the last 12 months. A similar number, 74%, said that they had not completed

Uber responding to “cybersecurity incident” following reports of significant data breach

Ride-hailing giant Uber has confirmed that it is responding to a cybersecurity incident as reports emerge that the firm has suffered a significant network data breach forcing it to shut down several internal communications and engineering systems. Attacker announces Uber breach through compromised Slack account In a statement on Twitter, Uber wrote “We are currently

Allies Warn of Iranian Ransom Attacks Using Log4Shell

Cybersecurity agencies in the US, UK, Australia and Canada have warned that Iranian state-sponsored hackers are exploiting Log4j vulnerabilities in ransomware campaigns. An alert published this week said Tehran’s Islamic Revolutionary Guard Corps (IRGC) was behind multiple attacks exploiting VMware Horizon Log4j bugs on unprotected networks to enable disk encryption and data extortion. These include

Uber Hacker May Have Compromised Secret Bug Reports

Uber appears to have been breached again, after a threat actor reportedly accessed its email and cloud systems, code repositories, internal Slack account and HackerOne tickets. The ride-hailing giant released a terse message on Twitter yesterday saying it is “currently responding to a cybersecurity incident” and is in touch with law enforcement. Meanwhile, the alleged hacker

SparklingGoblin deploys new Linux backdoor – Week in security, special edition

ESET Research first spotted this variant of the SideWalk backdoor in the network of a Hong Kong university in February 2021 ESET researchers have published their findings about a Linux variant of the SideWalk backdoor, which is one of a number of custom implants used by the SparklingGoblin APT group. This piece of malware was

Webworm Attackers Deploy Modified RATs in Espionage Attacks

The threat actor known as Webworm has been linked to several Windows–based remote access Trojans, suggests a new advisory by Symantec, a subsidiary of Broadcom Software. The group reportedly developed customized versions of three older remote access Trojans (RATs): Trochilus, Gh0st RAT and 9002 RAT.  The first of these tools, first spotted in 2005, is a