Remote Access | Breaking Cybersecurity News | The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2024-12356 (CVSS score: 9.8), is a command injection flaw that could be exploited by a malicious actor to run arbitrary commands as the site user. "BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) contain a command injection vulnerability, which can allow an unauthenticated attacker to inject commands that are run as a site user," CISA said. While the issue has already been plugged into customers' cloud instances, those using self-hosted versions of the software are recommended to update to the below versions - Privileged Remote Access (versions 24.3.1 and earlier) - PRA patch BT24-10-ONPREM1 or BT24-10-ONPREM2 Rem...

The threat actors linked to the Black Basta ransomware have been observed switching up their social engineering tactics , distributing a different set of payloads such as Zbot and DarkGate since early October 2024. "Users within the target environment will be email bombed by the threat actor, which is often achieved by signing up the user's email to numerous mailing lists simultaneously," Rapid7 said . "After the email bomb, the threat actor will reach out to the impacted users." As observed back in August, the attackers make initial contact with prospective targets on Microsoft Teams, pretending to be support personnel or IT staff of the organization. In some instances, they have also been observed impersonating IT staff members within the targeted organization. Users who end up interacting with the threat actors are urged to install legitimate remote access software such as AnyDesk, ScreenConnect, TeamViewer, and Microsoft's Quick Assist. The Window...

Are you tired of dealing with outdated security tools that never seem to give you the full picture? You're not alone. Many organizations struggle with piecing together scattered information, leaving your apps vulnerable to modern threats. That's why we're excited to introduce a smarter, unified approach: Application Security Posture Management (ASPM). ASPM brings together the best of both worlds by connecting your code insights with real-time runtime data. This means you get a clear, holistic view of your application's security. Instead of reacting to threats, ASPM helps you prevent them. Imagine reducing costly retrofits and emergency patches with a proactive, shift-left strategy—saving you time, money, and stress. Join Amir Kaushansky, Director of Product Management at Palo Alto Networks, as he walks you through how ASPM is changing the game. In this free webinar , you'll learn to: Close the Security Gaps: Understand why traditional AppSec tools fall short and how ASPM fills ...

Cybersecurity researchers have flagged a new malware campaign that infects Windows systems with a Linux virtual instance containing a backdoor capable of establishing remote access to the compromised hosts. The "intriguing" campaign, codenamed CRON#TRAP , starts with a malicious Windows shortcut (LNK) file likely distributed in the form of a ZIP archive via a phishing email. "What makes the CRON#TRAP campaign particularly concerning is that the emulated Linux instance comes pre-configured with a backdoor that automatically connects to an attacker-controlled command-and-control (C2) server," Securonix researchers Den Iuzvyk and Tim Peck said in an analysis. "This setup allows the attacker to maintain a stealthy presence on the victim's machine, staging further malicious activity within a concealed environment, making detection challenging for traditional antivirus solutions." The phishing messages purport to be an "OneAmerica survey" th...

An ongoing threat campaign dubbed VEILDrive has been observed taking advantage of legitimate services from Microsoft, including Teams, SharePoint, Quick Assist, and OneDrive, as part of its modus operandi. "Leveraging Microsoft SaaS services — including Teams, SharePoint, Quick Assist, and OneDrive — the attacker exploited the trusted infrastructures of previously compromised organizations to distribute spear-phishing attacks and store malware," Israeli cybersecurity company Hunters said in a new report. "This cloud-centric strategy allowed the threat actor to avoid detection by conventional monitoring systems." Hunters said it discovered the campaign in September 2024 after it responded to a cyber incident targeting a critical infrastructure organization in the United States. It did not disclose the name of the company, instead giving it the designation "Org C." The activity is believed to have commenced a month prior, with the attack culminating i...

Cisco has released security updates for two critical security flaws impacting its Smart Licensing Utility that could allow unauthenticated, remote attackers to elevate their privileges or access sensitive information. A brief description of the two vulnerabilities is below - CVE-2024-20439 (CVSS score: 9.8) - The presence of an undocumented static user credential for an administrative account that an attacker could exploit to log in to an affected system CVE-2024-20440 (CVSS score: 9.8) - A vulnerability arising due to an excessively verbose debug log file that an attacker could exploit to access such files by means of a crafted HTTP request and obtain credentials that can be used to access the API While these shortcomings are not dependent on each other for them to be successful, Cisco notes in its advisory that they "are not exploitable unless Cisco Smart Licensing Utility was started by a user and is actively running." The flaws, which were discovered during i...