Latest Cybersecurity News and Articles

---

Androxgh0st Malware Compromises Servers Worldwide for Botnet Attack

Androxgh0st operators are exploiting multiple CVEs, including CVE-2021-3129 and CVE-2024-1709 to deploy a web shell on vulnerable servers, granting remote control capabilities. Evidence also suggests active web shells associated with CVE-2019-2725.

---

Dependency Confusion Vulnerability Found in Apache Project

The exploit occurs when referencing a private/local package, which inadvertently fetches a malicious package similarly named from the public registry due to misconfigurations in package managers.

---

Change the law on computer evidence with an amendment to data protection bill | Letter

A group of software experts and barristers who have been supporting the subpostmasters affected by the Post Office Horizon miscarriages of justice call for changes to the bill going through the House of LordsIt is now clear that the Post Office was advised by its lawyers to delay disclosing some evidence that would help subpostmasters (Post Office was urged by external lawyers to ‘suppress’ key document, inquiry hears, 18 April).Failure to disclose vital evidence about the defects in the Horizon IT system led to appalling injustice. We suggest that the data protection and digital information bill that is currently before parliament should be amended to require that a person seeking to rely on computer evidence should have to declare on oath that, having made the necessary inquiries, they know of no reason why it should not be relied on.Martyn Thomas Emeritus professor, Gresham College Harold Thimbleby Emeritus professor, Gresham College Bev Littlewood Emeritus professor, City, University of London Martin Newby Emeritus professor, City, University of London Paul Marshall Barrister Stephen Mason Barrister James Christie Continue reading...

---

Malicious PyPI Package Attacking Discord Users to Steal Credentials

A malicious PyPI package named "discordpy_bypass-1.7" was detected on March 12, 2024. This package is designed to extract sensitive information from user systems using a blend of persistence techniques, browser data extraction, and token harvesting.

---

From Water to Wine: An Analysis of WINELOADER

A recent malware campaign used weaponized ZIP files to distribute the WINELOADER malware. The attackers send phishing emails with ZIP attachments that, when extracted, execute a PowerShell script to download and install the malware.

---

Russian Hacker Group ToddyCat Uses Advanced Tools for Industrial-Scale Data Theft

The threat actor known as ToddyCat has been observed using a wide range of tools to retain access to compromised environments and steal valuable data. Russian cybersecurity firm Kaspersky characterized the adversary as relying on various programs to harvest data on an "industrial scale" from primarily governmental organizations, some of them defense related, located in

---

Exploitation of vulnerability affecting Palo Alto GlobalProtect Gateway

The NCSC is encouraging organisations to take immediate action to mitigate a vulnerability affecting Palo Alto GlobalProtect Gateway and to follow the latest vendor advice.

---

Malware Developer Lures Child Exploiters Into Honeytrap to Extort Them

Threat actors created a website to impersonate UsenetClub, a subscription service for "uncensored" access to images and videos downloaded from Usenet. They claimed to provide free access to the site after the installation of a "CryptVPN" software.

---

Researchers Uncover Windows Flaws Granting Hackers Rootkit-Like Powers

New research has found that the DOS-to-NT path conversion process could be exploited by threat actors to achieve rootkit-like capabilities to conceal and impersonate files, directories, and processes.

---

Ukrainian Soldiers’ Apps Increasingly Targeted for Spying, Cyber Agency Warns

The agency is attributing the surge to a group tracked as UAC-0184, which was spotted in February targeting an unnamed Ukrainian entity in Finland. CERT-UA does not attribute UAC-0184’s activity to any specific foreign cyber threat group.

---

Pentera's 2024 Report Reveals Hundreds of Security Events per Week, Highlighting the Criticality of Continuous Validation

Over the past two years, a shocking 51% of organizations surveyed in a leading industry report have been compromised by a cyberattack. Yes, over half.  And this, in a world where enterprises deploy an average of 53 different security solutions to safeguard their digital domain.  Alarming? Absolutely. A recent survey of CISOs and CIOs, commissioned by Pentera and

---

UK Cyber Agency NCSC Announces Richard Horne as its Next Chief Executive

The hire marks another coup for the British public sector in poaching talent from the technology industry, particularly at the executive level, following the recruitment of Ollie Whitehouse as the NCSC’s chief technology officer earlier this year.

---

MITRE Corporation Breached by Nation-State Hackers Exploiting Ivanti Flaws

The MITRE Corporation revealed that it was the target of a nation-state cyber attack that exploited two zero-day flaws in Ivanti Connect Secure appliances starting in January 2024. The intrusion led to the compromise of its Networked Experimentation, Research, and Virtualization Environment (NERVE), an unclassified research and prototyping network. The unknown adversary "performed reconnaissance

---

Researchers Find Dozens of Fake E-Zpass Toll Websites After FBI Warning

Researchers from cybersecurity firm DomainTools told Recorded Future News that they have found nearly 30 newly created domains related to tolls, 15 of which have a “high chance of being weaponized for phishing, malware, or spam.”

---

Report: 51% of Enterprises Experienced a Breach Despite Large Security Stacks

Threat actors are continuing to successfully breach across the entire attack surface. Around 93% of enterprises who admitted a breach reported unplanned downtime, data exposure, or financial loss as a result, according to a survey by Pentera.

---

Ransomware Double-Dip: Re-Victimization in Cyber Extortion

Between crossovers - Do threat actors play dirty or desperate? In our dataset of over 11,000 victim organizations that have experienced a Cyber Extortion/ Ransomware attack, we noticed that some victims re-occur. Consequently, the question arises why we observe a re-victimization and whether or not this is an actual second attack, an affiliate crossover (meaning an affiliate has gone to

---

Critical Flaw in the Forminator Plugin Impacts Hundreds of Thousands of WordPress Sites

Japan’s CERT warned that the WordPress plugin Forminator, developed by WPMU DEV, is affected by multiple vulnerabilities, including a flaw that allows unrestricted file uploads to the server.

---

Rising Ransomware Issue: English-Speaking Western Affiliates

Security experts say Western teenagers comprise a number of active affiliate groups, many with ties to the cybercrime community that calls itself "The Community," aka the Com or Comm.

---

Researchers Uncover Windows Flaws Granting Hackers Rootkit-Like Powers

New research has found that the DOS-to-NT path conversion process could be exploited by threat actors to achieve rootkit-like capabilities to conceal and impersonate files, directories, and processes. "When a user executes a function that has a path argument in Windows, the DOS path at which the file or folder exists is converted to an NT path," SafeBreach security researcher Or Yair said&

---

JavaScript Malware Switches to Server-Side Redirects and Uses DNS TXT Records as TDS

A malware campaign was found injecting malicious JavaScript code into compromised WordPress sites to redirect site visitors to VexTrio domains, specifically using dynamic DNS TXT records of the tracker-cloud[.]com domain to obtain redirect URLs.