North Korean government-backed threat actor targeted security researchers working on vulnerability research and development. Google's Threat Analysis Group said the adversary created a research blog and multiple profiles on various social media platforms such as Twitter, LinkedIn, Telegram, Discord, and Keybase. The goal, it appears, is to steal exploits developed by the researchers for possibly…

A threat actor believed to be working on behalf of Chinese state-sponsored interests was recently observed targeting a Russia-based defense contractor involved in designing nuclear submarines. The attack leveraged the infamous "Royal Road" Rich Text Format (RTF) weaponizer to deliver a previously undocumented Windows backdoor dubbed "PortDoor" The attack targeted a general director working at…

New Mirai-inspired botnet called "mirai_ptea" leverages an undisclosed vulnerability in digital video recorders. At least 3,000 devices exposed online are susceptible to the flaw, researchers say. Mirai has been linked to a string of large-scale DDoS attacks, including one against DNS service provider Dyn in October 2016, causing major internet platforms and services to remain…

Facebook-owned WhatsApp recently addressed two security vulnerabilities in its messaging app for Android. The flaws take aim at devices running Android versions up to and including Android 9. They could have been exploited to execute malicious code remotely on the device and even exfiltrate sensitive information. WhatsApp users are recommended to update to version 2.21.4.18…

Oracle released its quarterly Critical Patch Update for July 2021 with 342 fixes. Among them is a critical deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services that's remotely exploitable without authentication. The flaw is rated 9.8 out of a maximum of 10 on the CVSS severity scale. Earlier this year, Oracle shipped the…

"These findings allow for elevation of privileges and ultimately remote code execution which could be used by a malicious attacker within the same network to gain full control over students' computers," the McAfee Labs Advanced Threat Research team said in an analysis. During the course of McAfee's investigation, several design flaws were uncovered, including:......vulnerabilities..and..screens in…

Remote work boosted productivity by letting employees access cloud data from anywhere on any device. IT security teams still shoulder responsibility for protecting confidential data and ensuring compliance with strict privacy regulations. Gartner introduced the Secure Access Service Edge (SASE), a framework that addresses these challenges and calls for rolling multiple security solutions into one…

Two new Android surveillanceware families have been found to target military, nuclear, and election entities in Pakistan and Kashmir as part of a pro-India, state-sponsored hacking campaign. Dubbed Hornbill and Sunbird, the malware impersonates legitimate or seemingly innocuous services to cover its tracks, only to stealthily collect SMS, encrypted messaging app content, and geolocation. The…

Cybersecurity firm Group-IB finds similarities between malware called "Webdav-O" and "BlueTraveller" Malware was detected in attacks against Russian federal executive authorities in 2020. The malware was also linked to a Chinese threat actor called TaskMasters. The main goal of the hackers was to "completely compromise the IT infrastructure and steal confidential information," the researchers said.…

A cyber-espionage group has been observed increasingly targeting Indian government personnel as part of a broad campaign to infect victims with as many as four new custom remote access trojans (RATs) Cisco Talos said the intrusions culminate in the deployment of a variety of modular plugins, ranging from file enumerators to browser credential stealers and…