Cloudflare’s developer domains increasingly abused by threat actors Cloudflare's 'pages.dev' and 'workers.dev' domains, used for deploying web pages and facilitating serverless computing, are being increasingly abused by cybercriminals for phishing and other malicious activities. According to cybersecurity firm Fortra, the abuse of these domains has risen between 100% and 250% compared to 2023. The researchers believe the use of these domains is aimed at improving the legitimacy and effectiveness of these malicious campaigns, taking advantage of Cloudflare's trusted branding, service reliability, low usage costs, and reverse proxying options that complicate detection. Cloudflare Pages is a platform designed for front-end developers to build, deploy, and host fast, scalable websites directly on Cloudflare's global Content Delivery Network (CDN). See more:
BleepingComputer
Cloudflare’s developer domains increasingly abused by threat actors
Cloudflare's 'pages.dev' and 'workers.dev' domains, used for deploying web pages and facilitating serverless computing, ar...
 #cybersecurity #phishing #cloudflare
Exploit released for critical WhatsUp Gold RCE flaw, patch now A proof-of-concept (PoC) exploit for a critical-severity remote code execution flaw in Progress WhatsUp Gold has been published, making it critical to install the latest security updates as soon as possible. The flaw is tracked as CVE-2024-8785 (CVSS v3.1 score: 9.8) and was discovered by Tenable in mid-August 2024. It exists in the NmAPI[.]exe process in WhatsUp Gold versions from 2023.1.0 and before 24.0.1. When launched, NmAPI[.]exe provides a network management API interface for WhatsUp Gold, listening for and processing incoming requests. Due to insufficient validation of incoming data, attackers could send specially crafted requests to modify or overwrite sensitive Windows registry keys that control where WhatsUp Gold configuration files are read from. See more:
BleepingComputer
Exploit released for critical WhatsUp Gold RCE flaw, patch now
A proof-of-concept (PoC) exploit for a critical-severity remote code execution flaw in Progress WhatsUp Gold has been published, making it critical...
 #cybersecurity #rce #whatsup
Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability Cisco on Monday updated an advisory to warn customers of active exploitation of a decade-old security flaw impacting its Adaptive Security Appliance (ASA). The vulnerability, tracked as CVE-2014-2120 (CVSS score: 4.3), concerns a case of insufficient input validation in ASA's WebVPN login page that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a targeted user of the appliance. "An attacker could exploit this vulnerability by convincing a user to access a malicious link," Cisco noted in an alert released in March 2014. As of December 2, 2024, the networking equipment major has revised its bulletin to note that it has become aware of "additional attempted exploitation" of the vulnerability in the wild. See more:
The Hacker News
Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability
Cisco warns of active exploitation of CVE-2014-2120 in ASA WebVPN; users urged to update.
 #cybersecurity #xss #webvpn
760,000 Employee Records From Several Major Firms Leaked Online The information of more than 760,000 employees of several major organizations emerged online on Monday morning after a threat actor dumped it on a popular hacking forum. The data apparently originates from last year’s massive MOVEit hack, in which a zero-day vulnerability in Progress Software’s file transfer software was used to steal sensitive information from thousands of organizations. Roughly 2,800 organizations and close to 100 million individuals were affected by the attack, which is believed to have been carried out by the Russia-linked Cl0p ransomware gang.
SecurityWeek
760,000 Employee Records From Several Major Firms Leaked Online
Hacker posted online over 760,000 records belonging to employees of Bank of America, Koch, Nokia, JLL, Xerox, Morgan Stanley, and Bridgewater.
 #cybersecurity #databreach #moveit
Horns&Hooves Campaign Delivers RATs via Fake Emails and JavaScript Payloads A newly discovered malware campaign has been found to target private users, retailers, and service businesses mainly located in Russia to deliver NetSupport RAT and BurnsRAT. The campaign, dubbed Horns&Hooves by Kaspersky, has hit more than 1,000 victims since it began around March 2023. The end goal of these attacks is to leverage the access afforded by these trojans to install stealer malware such as Rhadamanthys and Meduza. "Recent months have seen a surge in mailings with lookalike email attachments in the form of a ZIP archive containing JScript scripts," security researcher Artem Ushkov said in a Monday analysis. "The script files [are] disguised as requests and bids from potential customers or partners." See more:
The Hacker News
Horns&Hooves Campaign Delivers RATs via Fake Emails and JavaScript Payloads
Stealthy malware campaign targets Russian users, deploying NetSupport RAT and BurnsRAT via phishing emails.
 #cybersecurity #malware
Hackers Stole $1.49 Billion in Cryptocurrency to Date in 2024 Nearly $1.49 billion in cryptocurrency losses have been registered to date in 2024, mainly due to hacking incidents, a new report from web3 bug bounty platform Immunefi shows. The total year-to-date losses have dropped compared to last year, when they surpassed $1.75 billion during the period, and were mainly driven by losses of over $359 million in May and of more than $282 million in July. In November, cryptocurrency losses surpassed $71 million, mainly due to hacks ($70,996,200), with only a small percentage lost to rug pulls ($25,300). Total losses were 79% lower compared to November 2023, when they exceeded $343 million. See more:
SecurityWeek
Hackers Stole $1.49 Billion in Cryptocurrency to Date in 2024
Hackers have caused close to $1.49 billion in cryptocurrency losses this year, with $71 million worth of assets stolen in November.
 #cybersecurity #cryptocurrency #defi
BootKitty UEFI malware exploits LogoFAIL to infect Linux systems The recently uncovered 'Bootkitty' Linux UEFI bootkit exploits the LogoFAIL flaw, tracked as CVE-2023-40238, to target computers running on vulnerable firmware. This is confirmed by firmware security firm Binarly, which discovered LogoFAIL in November 2023 and warned about its potential to be used in actual attacks. Bootkitty and LogoFAIL connection Bootkitty was discovered by ESET, who published a report last week, noting that it is the first UEFI bootkit specifically targeting Linux. However, at this time, it is more of an in-development UEFI malware that only works on specific Ubuntu versions, rather than a widespread threat. LogoFAIL is a set of flaws in the image-parsing code of UEFI firmware images used by various hardware vendors, exploitable by malicious images or logos planted on the EFI System Partition (ESP). See more:
BleepingComputer
BootKitty UEFI malware exploits LogoFAIL to infect Linux systems
The recently uncovered 'Bootkitty' UEFI bootkit, the first malware of its kind targeting Linux systems, exploits CVE-2023-40238, aka &#03...
 #cybersecurity #linux #uefi
SpyLoan Android malware on Google Play installed 8 million times A new set of 15 SpyLoan Android malware apps with over 8 million installs was discovered on Google Play, targeting primarily users from South America, Southeast Asia, and Africa. The apps were discovered by McAfee, a member of the 'App Defense Alliance,' and have now been removed from Android's official app store. However, their presence on Google Play is indicative of the threat actors' persistence, as even recent law enforcement actions against SpyLoan operators have not curbed the issue, says McAfee. The last major "SpyLoan cleanup" on Google Play was in December 2023, when over a dozen apps that had amassed 12 million downloads were removed. See more BleepingComputer:
BleepingComputer
SpyLoan Android malware on Google Play installed 8 million times
A new set of 15 SpyLoan Android malware apps with over 8 million installs was discovered on Google Play, targeting primarily users from South Ameri...
 The Hacker News:
The Hacker News
8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play
Over 8M users affected by SpyLoan malware in Android apps exploiting trust for financial scams.
 #cybersecurity #android #malware
Location tracking of phones is out of control. Here’s how to fight back. Unique IDs assigned to Android and iOS devices threaten your privacy. Who knew? You likely have never heard of Babel Street or Location X, but chances are good that they know a lot about you and anyone else you know who keeps a phone nearby around the clock. Reston, Virginia-located Babel Street is the little-known firm behind Location X, a service with the capability to track the locations of hundreds of millions of phone users over sustained periods of time. See more:
Ars Technica
Location tracking of phones is out of control. Here’s how to fight back.
Unique IDs assigned to Android and iOS devices threaten your privacy. Who knew?
 #privacy #tracking #mobile
Zello asks users to reset passwords after security incident Zello is warning customers to reset their passwords if their account was created before November 2nd in what appears to be another security breach. Zello is a mobile service with 140 million users that allows first responders, hospitality services, transportation, and family and friends to communicate via their mobile phones using a push-to-talk app. Over the past two weeks, numerous people have received security notices from Zello on November 15th asking them to reset their app password. See more:
BleepingComputer
Zello asks users to reset passwords after security incident
Zello is warning customers to reset their passwords if their account was created before November 2nd in what appears to be another security breach.
 #cybersecurity #zello