Researchers uncover new Windows backdoor, BITSLOTH, using BITS for C2 operations.


BITSLOTH can perform various malicious activities, including keylogging and screen capture.

Read: https://thehackernews.com/2024/08/new-windows-backdoor-bitsloth-exploits.html

A Russia-linked threat actor, APT28, is using a car-for-sale #phishing lure to deliver a new Windows backdoor called HeadLace.

APT28 repurposes tactics from other Russian groups, demonstrating evolving cyber threats.

Read: https://thehackernews.com/2024/08/apt28-targets-diplomats-with-headlace.html

A Taiwanese research institute specializing in computing was breached by nation-state hackers linked to China.

The attack involved sophisticated tools like ShadowPad and Cobalt Strike, exploiting outdated software vulnerabilities.

Read: https://thehackernews.com/2024/08/apt41-hackers-use-shadowpad-cobalt.html

New Mirai botnet variant targets OFBiz ERP system vulnerability. Exploitation can lead to severe data breaches and business disruption.

Attackers are using directory traversal techniques, exploiting a flaw that was patched in May.

Read: https://thehackernews.com/2024/08/mirai-botnet-targeting-ofbiz-servers.html

Check your ERP systems now. Apply patches immediately.

New DDoS attack campaign targets Jupyter Notebooks.

Misconfigured Jupyter Notebooks are being exploited, highlighting vulnerabilities in common data science tools.

The attack, named Panamorfi, uses a Java-based tool called mineping to execute TCP flood DDoS attacks, consuming server resources.

Read: https://thehackernews.com/2024/08/hackers-exploit-misconfigured-jupyter.html

Ensure your Jupyter Notebooks are properly configured to prevent exploitation.

The U.S. Department of Justice and Federal Trade Commission have sued TikTok for violating children's privacy laws.

TikTok is accused of illegally collecting children's personal information without parental consent, violating COPPA and a prior consent order.

Read: https://thehackernews.com/2024/08/doj-and-ftc-sue-tiktok-for-violating.html

Evasive Panda compromises an ISP to push malicious software updates.

The group used DNS poisoning to alter update mechanisms, deploying malware on both macOS and Windows systems.

Read: https://thehackernews.com/2024/08/china-linked-hackers-compromise-isp-to.html

A new Android banking trojan, BlankBot, is targeting Turkish users to steal financial information.

It performs keylogging, screen recording, and intercepts SMS messages, posing a severe threat to user data.

Read: https://thehackernews.com/2024/08/new-android-trojan-blankbot-targets.html

A high-severity vulnerability (CVE-2024-6242) has been found in Rockwell Automation ControlLogix 1756 devices.

Exploiting this vulnerability could lead to unauthorized CIP commands, affecting device configurations and user projects.

Read: https://thehackernews.com/2024/08/critical-flaw-in-rockwell-automation.html

Cybersecurity incident response faces major challenges: timely detection, data collection, and coordination.

Quick, effective responses minimize damage. Tools like Wazuh boost readiness through automation and third-party integration.

Learn more: https://thehackernews.com/2024/08/enhancing-incident-response-readiness.html

Organizations in Kazakhstan are targeted by a new threat cluster, Bloody Wolf, distributing STRRAT malware.

This #malware allows attackers to hijack corporate computers and steal restricted data for as little as $80.

Phishing emails impersonating government agencies trick victims into installing malicious Java files.

Read: https://thehackernews.com/2024/08/kazakh-organizations-targeted-by-bloody.html

Ensure your team is aware of these tactics and bolster email security measures.

Researchers uncover design flaws in Windows Smart App Control and SmartScreen, allowing hackers to bypass security measures and gain system access undetected.

Learn more: https://thehackernews.com/2024/08/researchers-uncover-flaws-in-windows.html

A zero-day vulnerability in Apache OFBiz ERP system has been disclosed, allowing remote code execution.

This vulnerability, CVE-2024-38856, has a critical CVSS score of 9.8, making it extremely dangerous for businesses using this software.

Read: https://thehackernews.com/2024/08/new-zero-day-flaw-in-apache-ofbiz-erp.html

Share this to raise awareness!

Google has patched a new Android kernel vulnerability, CVE-2024-36971, that allows RCE.

It has been actively exploited by commercial spyware vendors in targeted attacks, posing a severe risk to Android users.

Read: https://thehackernews.com/2024/08/google-patches-new-android-kernel.html

Kaspersky has identified a new Android spyware, LianSpy, targeting users in Russia since 2021.

This malware captures screencasts, exfiltrates user files, and harvests call logs and app lists.

Find details here: https://thehackernews.com/2024/08/new-android-spyware-lianspy-evades.html

North Korea's Moonstone Sleet is pushing malicious npm packages to infect Windows systems.

Despite low downloads, the packages aimed to mimic popular libraries and potentially cause significant harm.

Read: https://thehackernews.com/2024/08/north-korean-hackers-moonstone-sleet.html

Innovate with AI Pioneers Gather and connect with developers across the community at Intel Innovation, September 24-25. Witness the breakthroughs propelling AI into the future and be a part of the revolution.

Don’t miss out – register now: https://thn.news/innovation-2024

Insider threats account for 26% of SaaS security incidents.

These threats are challenging to detect because insiders often have valid credentials and access.

ITDR platforms can help by monitoring behavioral clues and flagging anomalies.

Learn how: https://thehackernews.com/2024/08/suspicious-minds-insider-threats-in.html

NTERPOL recovers $39 million in largest BEC scam bust. Global stop-payment mechanism halts massive business email fraud. Seven arrested in Singapore.

Learn more: https://thehackernews.com/2024/08/interpol-recovers-41-million-in-largest.html

Apple tightens Gatekeeper protections in macOS Sequoia.

This enhances security against malware by making it harder for users to bypass critical security checks.

Now, users must navigate to System Settings > Privacy & Security to authorize apps, preventing easy overrides.

Read: https://thehackernews.com/2024/08/apples-new-macos-sequoia-tightens.html

How do you feel about this update? Share your thoughts!

A new Android banking trojan, Chameleon, is targeting Canadian users by posing as a CRM app.

Chameleon can bypass Android restrictions, making it a significant threat.

Learn more: https://thehackernews.com/2024/08/chameleon-android-banking-trojan.html