Category: News

From thehackernews.com

The cryptojacking group known as Kinsing has demonstrated an ability to continuously evolve and adapt, proving to be a persistent threat by swiftly integrating newly disclosed vulnerabilities to the exploit arsenal and expand its botnet.

The findings come from cloud security firm Aqua, which described the threat actor as actively orchestrating illicit cryptocurrency mining campaigns since 2019.

Kinsing (aka H2Miner), a name given to both the malware and the adversary behind it, has consistently expanded its toolkit with new exploits to enroll infected systems in a crypto-mining botnet. It was first documented by TrustedSec in January 2020.

In recent years, campaigns involving the Golang-based malware have weaponized various flaws in Apache ActiveMQ, Apache Log4j, Apache NiFi, Atlassian Confluence, Citrix, Liferay Portal, Linux, Openfire, Oracle WebLogic Server, and SaltStack to breach vulnerable systems.

Other methods have also involved exploiting misconfigured Docker, PostgreSQL, and Redis instances to obtain initial access, after which the endpoints are marshaled into a botnet for crypto-mining, but not before disabling security services and removing rival miners already installed on the hosts.

Subsequent analysis by CyberArk in 2021 unearthed commonalities between Kinsing and another malware called NSPPS, concluding that both the strains “represent the same family.”

Read more…

From gbhackers.com

In a recent encounter, the Akira ransomware group exploited a novel privilege escalation technique, where the attackers infiltrated the victim’s virtual environment to steal the NTDS.dit file, a critical file containing domain user accounts and passwords stored on domain controllers. 

The stolen information likely granted them escalated privileges within the network, potentially allowing them to move laterally and launch a ransomware attack more quickly. 

Akira, a cyber threat actor active since March 2023, targets SMEs globally to infiltrate networks by exploiting weak VPNs (compromised credentials or vulnerabilities), as it breached an agricultural company through an unpatched single-factor VPN.

Read more…

From darkreading.com

A banking Trojan impacting Google Android devices, dubbed “Antidot” by the Cyble research team, has emerged, disguising itself as a Google Play update.

The malware displays fake Google Play update pages in multiple languages, including German, French, Spanish, Russian, Portuguese, Romanian, and English, indicating potential targets in these regions. 

Antidot uses overlay attacks and keylogging techniques to efficiently harvest sensitive information such as login credentials.

Read more…

From tenable.com

Key takeaways

• Fluent Bit is a logging utility heavily used by all major cloud providers.
• Tenable Research discovered a critical vulnerability dubbed Linguistic Lumberjack (CVE-2024-4323) within Fluent Bit’s built-in HTTP server that could potentially allow for denial of service, information disclosure, or remote code execution.
• The vulnerability was introduced in version 2.0.7 and exists thru 3.0.3. It is fixed in the main source branch and is expected in release 3.0.4.
• The issue can be resolved by …
  • … upgrading to the latest version of Fluent Bit.
  • … appropriately limiting access to the vulnerable endpoint.

Read more…

From thehackernews.com

The cryptojacking group known as Kinsing has demonstrated an ability to continuously evolve and adapt, proving to be a persistent threat by swiftly integrating newly disclosed vulnerabilities to the exploit arsenal and expand its botnet.

The findings come from cloud security firm Aqua, which described the threat actor as actively orchestrating illicit cryptocurrency mining campaigns since 2019.

Kinsing (aka H2Miner), a name given to both the malware and the adversary behind it, has consistently expanded its toolkit with new exploits to enroll infected systems in a crypto-mining botnet. It was first documented by TrustedSec in January 2020.

Read more…

From kalilinuxtutorials.com

MetaOSINT enables open source intelligence (“OSINT”) practitioners to jumpstart their investigations by quickly identifying relevant, publicly-available tools and resources, saving valuable time during investigations, research, and analysis.

What Is OSINT?

Open source intelligence (“OSINT”) is intelligence derived from open sources. Intelligence refers to raw information that has been analyzed or contextualized. 

Open source refers to information that virtually anyone can access, usually over the internet.

OSINT’s definition is often extended to other forms of information/data, which may be publicly available and “free”, but which require something like registering with an email in order to obtain it.

Read more…

From securityonline.info

Recently, Intel released 41 security bulletins, addressing over 90 vulnerabilities across its product line, a substantial number. The primary focus of these security flaws lies in the software domain, including one critical AI tool vulnerability.

The most perilous vulnerability discovered by Intel is in the Neural Compressor, achieving a perfect score of 10 in the CVSS ratings, the highest possible level of security risk. The flaw, tracked as CVE-2024-22476, could allow an unauthenticated attacker to “enable escalation of privilege via remote access”. It is understood that attackers can exploit this vulnerability in all versions before the current one, enabling privilege escalation and remote execution of arbitrary attacks. Neural Compressor is a tool designed to optimize AI language models, reduce the size of LLMs, and enhance their speed. However, it is not commonly installed on most PCs and is primarily used by those involved in AI work.Recently, Intel released 41 security bulletins, addressing over 90 vulnerabilities across its product line, a substantial number. The primary focus of these security flaws lies in the software domain, including one critical AI tool vulnerability.

Read more…