IPv6 | Breaking Cybersecurity News | The Hacker News

A China-aligned advanced persistent threat (APT) group called TheWizards has been linked to a lateral movement tool called Spellbinder that can facilitate adversary-in-the-middle (AitM) attacks. "Spellbinder enables adversary-in-the-middle (AitM) attacks, through IPv6 stateless address autoconfiguration ( SLAAC ) spoofing , to move laterally in the compromised network, intercepting packets and redirecting the traffic of legitimate Chinese software so that it downloads malicious updates from a server controlled by the attackers," ESET researcher Facundo Muñoz said in a report shared with The Hacker News. The attack paves the way for a malicious downloader that's delivered by hijacking the software update mechanism associated with Sogou Pinyin. The downloader then acts as a conduit to drop a modular backdoor codenamed WizardNet. This is not the first time Chinese threat actors have abused Sogou Pinyin's software update process to deliver their own malware. In Janu...

New research has uncovered security vulnerabilities in multiple tunneling protocols that could allow attackers to perform a wide range of attacks. "Internet hosts that accept tunneling packets without verifying the sender's identity can be hijacked to perform anonymous attacks and provide access to their networks," Top10VPN said in a study, as part of a collaboration with KU Leuven professor and researcher Mathy Vanhoef. As many as 4.2 million hosts have been found susceptible to the attacks, including VPN servers, ISP home routers, core internet routers, mobile network gateways, and content delivery network (CDN) nodes. China, France, Japan, the U.S., and Brazil top the list of the most affected countries. Successful exploitation of the shortcomings could permit an adversary to abuse a susceptible system as one-way proxies, as well as conduct denial-of-service (DoS) attacks. "An adversary can abuse these security vulnerabilities to create one-way proxies an...