‘Russian Hacktivists’ Brag Of Flooding German Airport Sites

A series of distributed denial-of-service (DDoS) attacks shut down seven German airports’ websites a day after a major IT glitch at Lufthansa grounded flights. The back-to-back interruption in operations has invoked suspicions of a possible cyber attack. The experts confirmed the network-flooding events in an emailed statement. Among the airports affected were Düsseldorf, Nüremberg, Erfurt-Weimar and Dortmund. The websites were either not reachable or flagged up failure messages. These attacks were in response to pro-Kremlin hacktivist crew KillNet’s call to arms after Germany announced the transfer of 14 Leopard 2A6 tanks to Ukraine.

READ MORE

Hackers Using Google Ads To Spread FatalRAT Malware Disguised As Popular Apps

Chinese-speaking individuals in Southeast and East Asia are the targets of a new rogue Google Ads where the attacks involve purchasing ad slots to appear in Google search results and direct users looking for popular applications to rogue websites hosting trojanized installers. Some of the spoofed applications include Google Chrome, Mozilla Firefox, Telegram, WhatsApp and many more. The most important aspect of the attacks is the creation of look alike websites with typosquatting domains to propagate the malicious installer, which, in an attempt to keep up the ruse, installs the legitimate software, but also drops a loader that deploys FatalRAT.

READ MORE

Atlassian: Leaked Data Stolen Via Third-Party App

A threat group called SiegedSec recently posted a cache of employee and operations information allegedly stolen from software workforce collaboration tool provider Atlassian. They made 35 Mb of files public. This includes two image files apparently storing floor plans of Atlassian buildings in San Francisco and Sydney, and one file allegedly containing the information of 13,000 Atlassian employees, including names, email addresses, and phone numbers. It appears that the data stolen by the hackers is associated with workplace platform Envoy, which the software giant uses to coordinate in-office resources.

READ MORE

RambleOn Android Malware Targeting South Korean Journalists

Suspected North Korean nation-state actors targeted a journalist in South Korea with a malware-laced Android app as part of a social engineering campaign. The malicious functionalities include the “ability to read and leak target’s contact list, SMS, voice call content, location and others from the time of compromise on the target. It has been identified that it overlaps in the FCM functionality between RambleOn and FastFire, a piece of Android spyware that was attributed to Kimsuky by South Korean cybersecurity company S2W last year.

READ MORE

Mirai Variant V3G4 Targets 13 Vulnerabilities to Infect IoT Devices

A new variant of the notorious Mirai botnet has been found leveraging several security vulnerabilities to propagate itself to Linux and IoT devices. The attacks primarily single out exposed servers and networking devices running Linux, with the adversary weaponizing as many as 13 flaws that could lead to remote code execution (RCE). Some of the notable flaws relate to critical flaws in Atlassian Confluence Server and Data Center, DrayTek Vigor routers, Airspan AirSpot, and Geutebruck IP cameras, among others. It also establishes contact with a command-and-control server to await commands for launching DDoS attacks against targets via UDP, TCP, and HTTP protocols.

READ MORE

New Threat Actor WIP26 Targeting Telecom Service Providers In The Middle East

An unknown threat actor is allegedly targeting Middle Eastern telecommunications service providers as part of an intelligence gathering mission.SentinelOne and QGroup are tracking the cluster of activity under the former’s work-in-progress moniker WIP26.

READ MORE

Patch Now: Apple’s iOS, iPadOS, macOS, And Safari Under Attack With New Zero-Day Flaw

Apple released security updates for iOS, iPadOS, macOS, and Safari on Monday to address a zero-day flaw that has been actively exploited in the wild.The vulnerability, identified as CVE-2023-23529, is a type confusion flaw in the WebKit browser engine and was discovered by an unidentified researcher.It’s unclear how the vulnerability is being exploited in real-world attacks, but it’s the second actively exploited type confusion flaw in WebKit to be patched by Apple.

READ MORE

RedEyes Hacking Group Uses Steganography Technique To Deploy Malware On PC & Mobile Phones

The threat group RedEyes Hacking Group (also known as APT37), which is well-known for its cyber espionage activities, has lately changed how it gathers information from targets.The sophisticated malware “M2RAT” that this organisation is currently deploying was created particularly to avoid detection by security programmes.It is believed that North Korea supports the APT37 hacking group, which engages in cyberespionage. In addition to using M2RAT, APT37 is also utilizing steganography, a method for concealing information within seemingly innocent files or images, to further conceal their activities.

READ MORE

HTTP Request Smuggling Bug Patched In HAProxy

HAProxy is the popular open source load balancer and reverse proxy. It patched a bug that could be easy for attackers to enable HTTP request smuggling attacks. An Attacker will send a malicious crafted HTTP request and could bypass the filters of HAProxy and gain unauthorized access to back-end servers and some important headers fields such as transfer- Encoding, Host and etc after parsing. With potentially conflicting information, attackers try to achieve request smuggling.

READ MORE

New Frebniis Malware Abuses IIS Features For Secret Communications

Frebniis is new malware, it’s called Failed Request Event Buffering (FREB). Frebniis has been found abusing Microsoft IIS features to execute malicious commands without any warning and it is used by unknown attackers to attack targeted organizations in Taiwan. FREB will collect information and inject malicious code into the DLL file, then track all HTTP POST passing through the IIS Server. FREB also injects backdoor into system and access internal network resources that are not exposed to the internet. The request of frebniis malware makes no files or suspicious processes running on the system, making Frebniis a relatively unique and rare type of HTTP backdoor seen in the wild.

READ MORE