News – Page 18

Attackers Use DNS Tunneling to Track Victim Activity, Scan Networks

Posted on 16 May 2024

From securityweek.com

Threat actors have been observed employing DNS tunneling to track the delivery of spam emails and victims’ interaction with malicious domains, as well as to scan victims’ networks, Palo Alto Networks warns.

Used for roughly two decades, DNS tunneling is a covert communication method that allows attackers to transmit malware and data to and from victim networks using a client-server model.

As part of a DNS tunneling attack, the threat actor registers a domain with a name server pointing to the attacker’s server on which tunneling malware runs.

The attacker then infects a computer with malware and uses requests to the DNS resolver to connect to the attacker-controlled server and establish a DNS tunnel through the resolver, bypassing conventional network firewalls and staying undetected, as organizations do not usually monitor DNS traffic.

Microsoft fixes Windows Server bug causing crashes, NTLM auth failures

Posted on 16 May 2024

From bleepingcomputer.com

Microsoft has fixed a known issue causing NTLM authentication failures and domain controller reboots after installing last month’s Windows Server security updates.

According to a Windows health dashboard entry, this issue only affects Windows domain controllers in organizations with a lot of NTLM traffic and few primary DCs.

On affected systems, after deploying the April Windows Server security updates, admins will also see high load and, in rare instances, domain controller reboots due to Local Security Authority Subsystem Service (LSASS) process crashes.

“After installing the April 2024 security update on domain controllers (DCs), you might notice a significant increase in NTLM authentication traffic,” Microsoft says.

“This issue is likely to affect organizations that have a very small percentage of primary domain controllers in their environment and high NTLM traffic.”

5G home internet explained

Posted on 16 May 2024

From pandasecurity.com

Internet Service Providers (ISPs) are some of the most disliked utility organizations in the world. Having a slow or unreliable internet connection can be a frustrating experience. And sadly, quite often, Americans don’t have many options when it comes to internet service offerings. Without any competition, ISPs have been able to get away with a lot, even when providing poor-quality service, simply because there is no other alternative.

BreachForums Shut Down in Apparent Law Enforcement Operation

Posted on 16 May 2024

From securityweek.com

The popular hacking forum BreachForums appears to have been shut down as part of an international law enforcement operation led by the United States.

A message informs the site’s visitors that it has been taken down by the FBI and the Justice Department, with help from law enforcement agencies in Australia, New Zealand, UK, Iceland, and Ukraine.

The message says the website’s backend data is being reviewed, and provides communication channels for reporting cybercriminal activity on BreachForums.

Authorities have yet to issue any statement on the matter. The threat intelligence and research group Vx-Underground learned that one of the forum’s administrators, known online as Baphomet, has been arrested.

PoC Exploit Released For D-LINK RCE Zero-Day Vulnerability

Posted on 16 May 2024

From gbhackers.com

Two critical vulnerabilities have been discovered in D-Link DIR-X4860 routers which were associated with Authentication bypass due to HNAP port and remote code execution.

Moreover, exploiting these vulnerabilities together could lead to a complete compromise of the vulnerable device.

However, even after reporting this vulnerability to the vendor, there seems to be no update or response from them.

Researchers have publicly disclosed this vulnerability due to no response in the past 30 days.

IT Teams Beware! Weaponized WinSCP & PuTTY Delivers Ransomware

Posted on 15 May 2024

From gbhackers.com/weaponized-winscp-putty

Attackers launched a campaign distributing trojanized installers for WinSCP and PuTTY in early March 2024, as clicking malicious ads after searching for the software leads to downloads containing a renamed pythonw.exe that loads a malicious DLL.

The DLL side-loads a legitimate DLL and injects a Sliver beacon using a reflective DLL injection technique, where the attackers then establish persistence, download additional payloads, attempt to steal data, and deploy ransomware, which shows TTPs similar to those used by BlackCat/ALPHV in the past

RANSOMWARE ATTACK ON SINGING RIVER HEALTH SYSTEM IMPACTED 895,000 PEOPLE

Posted on 15 May 2024

From securityaffairs.com

The Singing River Health System revealed that the ransomware attack that hit the organization in August 2023 impacted 895,204 people.

At the end of August 2023, the systems at three hospitals and other medical facilities operated by Singing River Health System (SRHS) were hit by a Rhysida ransomware attack.