Search results for d.threat | Breaking Cybersecurity News | The Hacker News

Threat hunting is the process of looking for malicious activity and its artifacts in a computer system or network. Threat hunting is carried out intermittently in an environment regardless of whether or not threats have been discovered by automated security solutions. Some threat actors may stay dormant in an organization's infrastructure, extending their access while waiting for the right opportunity to exploit discovered weaknesses. Therefore it is important to perform threat hunting to identify malicious actors in an environment and stop them before they achieve their ultimate goal.  To effectively perform threat hunting, the threat hunter must have a systematic approach to emulating possible adversary behavior. This adversarial behavior determines what artifacts can be searched for that indicate ongoing or past malicious activity. MITRE ATT&CK Over the years, the security community has observed that threat actors have commonly used many tactics, techniques, and procedu...

Threat actors are actively scanning and exploiting a pair of security flaws that are said to affect as many as 92,000 internet-exposed D-Link network-attached storage (NAS) devices. Tracked as  CVE-2024-3272  (CVSS score: 9.8) and  CVE-2024-3273  (CVSS score: 7.3), the vulnerabilities impact  legacy D-Link products  that have reached end-of-life (EoL) status. D-Link, in an  advisory , said it does not plan to ship a patch and instead urges customers to replace them. "The vulnerability lies within the nas_sharing.cgi uri, which is vulnerable due to two main issues: a backdoor facilitated by hard-coded credentials, and a command injection vulnerability via the system parameter," security researcher who goes by the name netsecfish  said  in late March 2024. Successful exploitation of the flaws could lead to arbitrary command execution on the affected D-Link NAS devices, granting threat actors the ability to access sensitive information, alt...

Taiwanese networking equipment manufacturer D-Link has agreed to implement a "comprehensive software security program" in order to settle a Federal Trade Commission (FTC) lawsuit alleging that the company didn't take adequate steps to protect its consumers from hackers. Your wireless router is the first line of defense against potential threats on the Internet. However, sadly, most widely-used routers fail to offer necessary security features and have often found vulnerable to serious security flaws, eventually enabling remote attackers to unauthorizedly access networks and compromise the security of other devices connected to it. In recent years, the security of wireless networks has been more of a hot topic due to cyber attacks, as well as has gained headlines after the discovery of critical vulnerabilities—such as authentication bypass , remote code execution , hard-coded login credentials , and information disclosure—in routers manufactured by various brands....

As organizations expand their IT infrastructure to match their evolving business models and meet changing regulatory requirements, they often find that their networks have become extremely complex and challenging to manage. A primary concern for many IT teams is detecting threats in the mountain of event data being generated every day. Even a relatively small network can generate hundreds or thousands of events per second, with every system, application, and service generating events. The sheer volume of data makes it virtually impossible to identify manually and link those few events that indicate a successful network breach and system compromise, before the exfiltration of data. The AlienVault Unified Security Management (USM) platform is a solution to help IT teams with limited resources overcome the challenge of detecting threats in their network. USM platform accelerates and simplifies your ability to detect, prioritize, and respond to the most critical ...

A threat actor known as Storm-2657 has been observed hijacking employee accounts with the end goal of diverting salary payments to attacker-controlled accounts. "Storm-2657 is actively targeting a range of U.S.-based organizations, particularly employees in sectors like higher education, to gain access to third-party human resources (HR) software as a service (SaaS) platforms like Workday," the Microsoft Threat Intelligence team said in a report. However, the tech giant cautioned that any software-as-a-service (SaaS) platform storing HR or payment and bank account information could be a target of such financially motivated campaigns. Some aspects of the campaign, codenamed Payroll Pirates , were previously highlighted by Silent Push, Malwarebytes, and Hunt.io. What makes the attacks notable is that they don't exploit any security flaw in the services themselves. Rather, they leverage social engineering tactics and a lack of multi-factor authentication (MFA) protect...

A threat activity cluster has been observed targeting fully-patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances as part of a campaign designed to drop a backdoor called OVERSTEP . The malicious activity, dating back to at least October 2024, has been attributed by the Google Threat Intelligence Group (GTIG) to a hacking crew it tracks as UNC6148 . The number of known victims is "limited" at this stage. The tech giant assessed with high confidence that the threat actor is "leveraging credentials and one-time password (OTP) seeds stolen during previous intrusions, allowing them to regain access even after organizations have applied security updates." "Analysis of network traffic metadata records suggests that UNC6148 may have initially exfiltrated these credentials from the SMA appliance as early as January 2025." The exact initial access vector used to deliver the malware is currently not known due to the steps taken by the...

Cybersecurity researchers have disclosed that a threat actor codenamed ViciousTrap has compromised nearly 5,300 unique network edge devices across 84 countries and turned them into a honeypot-like network. The threat actor has been observed exploiting a critical security flaw impacting Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers (CVE-2023-20118) to corral them into a set of honeypots en masse. A majority of the infections are located in Macau, with 850 compromised devices.

Organizations today face relentless cyber attacks, with high-profile breaches hitting the headlines almost daily. Reflecting on a long journey in the security field, it's clear this isn't just a human problem—it's a math problem. There are simply too many threats and security tasks for any SOC to manually handle in a reasonable timeframe. Yet, there is a solution. Many refer to it as SOC 3.0—an AI-augmented environment that finally lets analysts do more with less and shifts security operations from a reactive posture to a proactive force. The transformative power of SOC 3.0 will be detailed later in this article, showcasing how artificial intelligence can dramatically reduce workload and risk, delivering world-class security operations that every CISO dreams of. However, to appreciate this leap forward, it's important to understand how the SOC evolved over time and why the steps leading up to 3.0 set the stage for a new era of security operations. A brief history of the SOC For deca...

Threat actors with ties to North Korea have been observed delivering a previously undocumented backdoor and remote access trojan (RAT) called VeilShell as part of a campaign targeting Cambodia and likely other Southeast Asian countries. The activity, dubbed SHROUDED#SLEEP by Securonix, is believed to be the handiwork of APT37 , which is also known as InkySquid, Reaper, RedEyes, Ricochet Chollima, Ruby Sleet, and ScarCruft. Active since at least 2012, the adversarial collective is assessed to be part of North Korea's Ministry of State Security (MSS). Like with other state-aligned groups, those affiliated with North Korea, including the Lazarus Group and Kimsuky, vary in their modus operandi and likely have ever-evolving objectives based on state interests. A key malware in its toolbox is RokRAT (aka Goldbackdoor), although the group has also developed custom tools to facilitate covert intelligence gathering. It's currently not known how the first stage payload, a ZIP arc...

A never-before-seen botnet called  Goldoon  has been observed targeting D-Link routers with a nearly decade-old critical security flaw with the goal of using the compromised devices for further attacks. The vulnerability in question is  CVE-2015-2051  (CVSS score: 9.8), which affects D-Link DIR-645 routers and allows remote attackers to  execute arbitrary commands  by means of specially crafted HTTP requests. "If a targeted device is compromised, attackers can gain complete control, enabling them to extract system information, establish communication with a C2 server, and then use these devices to launch further attacks, such as distributed denial-of-service (DDoS)," Fortinet FortiGuard Labs researchers Cara Lin and Vincent Li  said . Telemetry data from the network security company points to a spike in the botnet activity around April 9, 2024. It all starts with the exploitation of CVE-2015-2051 to ret...

Image Source: Book - Protect Your Windows Network from Perimeter to Data The United States' trade watchdog has sued Taiwan-based D-link, alleging that the lax security left its products vulnerable to hackers. The Federal Trade Commission (FTC) filed a lawsuit ( pdf ) against D-Link on Thursday, arguing that the company failed to implement necessary security protection in its routers and Internet-connected security cameras that left "thousands of consumers at risk" to hacking attacks. The move comes as cyber criminals have been hijacking poorly secured internet-connected devices to launch massive DDoS attacks that can force major websites offline. Over two months back, a nasty IoT botnet, known as Mirai, been found infecting routers, webcams, and DVRs built with weak default passwords and then using them to DDoS major internet services. The popular Dyn DNS provider was one of the victims of Mirai-based attack that knocked down the whole internet for many users...

It is no secret that in recent days,  Anonymous Operatives  have released a cache of HBGary Federal internal emails to the public.  Crowdleaks  has discovered that within these communications,  Aaron Barr  received a copy of Stuxnet  (a computer worm that targets the types of industrial control systems (ICS) that are commonly used in infrastructure supporting facilities)  from  McAfee  on July 28, 2010. In an effort to confirm this was in fact Stuxnet,  Crowdleaks  has decompiled some of the source code, which can be found. Throughout the following emails it is revealed that  HBGary Federal  may have been planning to use Stuxnet  for their own purposes. In a message sent to all email account holders at HBGary.com,  Charles Copeland  (Lead Support Engineer at HBGary, Inc.)   writes: from: Charles Copeland to: all@hbgary.com date: Sat, Sep 25, 2010 at 9:54 PM subject: Stuxnet Worm Mail...