1. Home
  2. Discover
  3. Technology
  4. The Hacker News

THN Cybersecurity Recap: Last Week's Top Threats and Trends (September 16-22)

Catch up on last week's top cybersecurity stories—from dismantling the Raptor Train botnet and uncovering vulnerabilities through a $20 domain to Nort
The hacker News

THN Cybersecurity Recap: Last Week's Top Threats and Trends (September 16-22)

Hold on tight, folks, because last week's cybersecurity landscape was a rollercoaster! We witnessed everything from North Korean hackers dangling "dream jobs" to expose a new malware, to a surprising twist in the Apple vs. NSO Group saga. Even the seemingly mundane world of domain names and cloud configurations had its share of drama. Let's dive into the details and see what lessons we can glean from the past week.

⚡ Threat of the Week

Raptor Train Botnet Dismantled: The U.S. government announced the takedown of the Raptor Train botnet controlled by a China-linked threat actor known as Flax Typhoon. The botnet consisted of over 260,000 devices in June 2024, with victims scattered across North America, Europe, Asia, Africa, and Oceania, and South America. It also attributed the Flax Typhoon threat actor to a publicly-traded, Beijing-based company known as Integrity Technology Group.

🔔 Top News

  • Lazarus Group’s New Malware: The North Korea-linked cyber espionage group known as UNC2970 (aka TEMP.Hermit) has been observed utilizing job-themed phishing lures to target prospective victims in energy and aerospace verticals and infect them with a previously undocumented backdoor dubbed MISTPEN. The activity is also tracked as Operation Dream Job.

  • iServer and Ghost Dismantled: In yet another big win for law enforcement agencies, Europol announced the takedown of an international criminal network that leveraged a phishing platform to unlock stolen or lost mobile phones. The agency, in partnership with the Australian Federal Police (AFP), dismantled an encrypted communications network called Ghost that enabled serious and organized crime across the world.

  • Iranian APT Acts as Initial Access Provider: An Iranian threat actor tracked as UNC1860 is acting as an initial access facilitator that provides remote access to target networks by deploying various passive backdoors. This access is then leveraged by other Iranian hacking groups affiliated with the Ministry of Intelligence and Security (MOIS).

  • Apple Drops Lawsuit against NSO Group: Apple filed a motion to "voluntarily" dismiss the lawsuit it's pursuing against Israeli commercial spyware vendor NSO Group, citing a shifting risk landscape that could lead to exposure of critical "threat intelligence" information. The lawsuit was filed in November 2021.

  • Phishing Attacks Exploit HTTP Headers: A new wave of phishing attacks is abusing refresh entries in HTTP headers to deliver spoofed email login pages that are designed to harvest users' credentials. Targets of the campaigns include entities in South Korea and the U.S.

📰 Around the Cyber World

  • Sandvine Leaves 56 "Non-democratic" Countries: Sandvine, the company behind middleboxes that have facilitated the delivery of commercial spyware as part of highly-targeted attacks, said it has exited 32 countries and is in process of ceasing operations in another 24 countries, citing elevated threats to digital rights. Earlier this February, the company was added to the U.S. Entity List. "The misuse of deep packet inspection technology is an international problem that threatens free and fair elections, basic human rights, and other digital freedoms we believe are inalienable," it said. It did not disclose the list of countries it’s exiting as part of the overhaul.

  • .mobi Domain Acquired for $20: Researchers from watchTowr Labs spent a mere $20 to acquire a legacy WHOIS server domain associated with the .mobi top-level domain (TLD) and set up a WHOIS server on that domain. This led to the discovery that over 135,000 unique systems still queried the old WHOIS server over a five day period ending on September 4, 2024, including cybersecurity tools and mail servers for government, military and university entities. The research also showed that the TLS/SSL process for the entire .mobi TLD had been undermined as numerous Certificate Authorities (CAs) were found to be still using the “rogue” WHOIS server to "determine the owners of a domain and where verification details should be sent." Google has since called for stopping the use of WHOIS data for TLS domain verifications.

  • ServiceNow Misconfigurations Leak Sensitive Data: Thousands of companies are inadvertently exposing secrets from their internal knowledge base (KB) articles via ServiceNow misconfigurations. AppOmni attributed the issue to "outdated configurations and misconfigured access controls in KBs," likely indicating "a systematic misunderstanding of KB access controls or possibly the accidental replication of at least one instance's poor controls to another through cloning." ServiceNow has published guidance on how to configure their instances to prevent unauthenticated access to KB articles.

  • Google Cloud Document AI Flaw Fixed: Speaking of misconfigurations, researchers have found that overly permissive settings in Google Cloud's Document AI service could be leveraged by threat actors to hack into Cloud Storage buckets and steal sensitive information. Vectra AI described the vulnerability as an instance of transitive access abuse.

  • Microsoft Plans End of Kernel Access for EDR Software: Following the massive fallout from the CrowdStrike update mishap in July 2024, Microsoft has highlighted Windows 11’s "improved security posture and security defaults" that allow for more security capabilities to security software makers outside of kernel mode access. It also said it will collaborate with ecosystem partners to achieve "enhanced reliability without sacrificing security."

🔥 Cybersecurity Resources & Insights

  • Upcoming Webinars

    • Zero Trust: Anti-Ransomware Armor: Join our next webinar with Zscaler's Emily Laufer for a deep dive into the 2024 Ransomware Report, uncovering the latest trends, emerging threats, and the zero-trust strategies that can safeguard your organization. Don't become another statistic – Register now and fight back!

    • SIEM Reboot: From Overload to Oversight: Drowning in data? Your SIEM should be a lifesaver, not another headache. Join us to uncover how legacy SIEM went wrong, and how a modern approach can simplify security without sacrificing performance. We'll dive into the origins of SIEM, its current challenges, and our community-driven solutions to cut through the noise and empower your security. Register now for a fresh take on SIEM!

  • Ask the Expert

    • Q: How does Zero Trust differ fundamentally from traditional Perimeter Defense, and what are the key challenges and advantages when transitioning an organization from a Perimeter Defense model to a Zero Trust architecture?

    • A: Zero Trust and perimeter defense are two ways to protect computer systems. Zero Trust is like having multiple locks on your doors AND checking IDs at every room, meaning it trusts no one and constantly verifies everyone and everything trying to access anything. It's great for stopping hackers, even if they manage to sneak in, and works well when people work from different places or use cloud services. Perimeter defense is like having a strong wall around your castle, focusing on keeping the bad guys out. But, if someone breaks through, they have easy access to everything inside. This older approach struggles with today's threats and remote work situations. Switching to Zero Trust is like upgrading your security system, but it takes time and money. It's worth it because it provides much better protection. Remember, it's not just one thing, but a whole new way of thinking about security, and you can start small and build up over time. Also, don't ditch the wall completely, it's still useful for basic protection.

  • Cybersecurity Jargon Buster

    • Polymorphic Malware: Imagine a sneaky virus that keeps changing its disguise (signature) to trick your antivirus. It's like a chameleon, making it tough to catch.

    • Metamorphic Malware: This one's even trickier! It's like a shapeshifter, not just changing clothes, but completely transforming its body. It rewrites its own code each time it infects, making it nearly impossible for antivirus to recognize.

  • Tip of the Week

    • "Think Before You Click" Maze: Navigate a series of decision points based on real-world scenarios, choosing the safest option to avoid phishing traps and other online threats.

Conclusion

"To err is human; to forgive, divine." - Alexander Pope. But in the realm of cybersecurity, forgiveness can be costly. Let's learn from these mistakes, strengthen our defenses, and keep the digital world a safer place for all.

Follow Us for More Updates

linkedin
twitter
telegram

You may unsubscribe or change your contact details at any time.

Powered by:
GetResponse

Older messages

Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks

Saturday, September 21, 2024

THN Daily Updates Newsletter cover Not with a Bug, But with a Sticker: Attacks on Machine Learning Systems and What To Do About Them ($17.00 Value) FREE for a Limited Time A robust and engaging account

Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks

Friday, September 20, 2024

THN Daily Updates Newsletter cover Generative AI in Practice: 100+ Amazing Ways Generative Artificial Intelligence is Changing Business and Society ($23.00 Value) FREE for a Limited Time An

Alert - GitLab Patches Critical SAML Authentication Bypass Flaw in CE and EE Editions

Thursday, September 19, 2024

THN Daily Updates Newsletter cover Not with a Bug, But with a Sticker: Attacks on Machine Learning Systems and What To Do About Them ($17.00 Value) FREE for a Limited Time A robust and engaging account

Exclusive: Top SaaS Security Threats of 2025—And How to Eliminate Them

Wednesday, September 18, 2024

Learn how 39% of companies are stepping up their defenses. ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌

Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution

Wednesday, September 18, 2024

THN Daily Updates Newsletter cover [Watch LIVE] Solving the SIEM Problem: A Hard Reset on Legacy Solutions From Overload to Oversight: How Modern SIEM Solutions Can Simplify Security Without

You Might Also Like

Last chance to register: SecOps made smarter

Monday, November 25, 2024

Don't miss this opportunity to learn how gen AI can transform your security workflowsㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤ elastic | Search. Observe. Protect

SRE Weekly Issue #452

Monday, November 25, 2024

View on sreweekly.com A message from our sponsor, FireHydrant: Practice Makes Prepared: Why Every Minor System Hiccup Is Your Team's Secret Training Ground. https://firehydrant.com/blog/the-hidden-

Corporate Casserole 🥘

Monday, November 25, 2024

How marketing and lobbying inspired Thanksgiving traditions. Here's a version for your browser. Hunting for the end of the long tail • November 24, 2024 Hey all, Ernie here with a classic

WP Weekly 221 - Bluesky - WP Assets on CDN, Limit Font Subsets, ACF Pro Now

Monday, November 25, 2024

Read on Website WP Weekly 221 / Bluesky Have you joined Bluesky, like many other WordPress users, a new place for an online social presence? Also in this issue: CrawlWP, Asset Management Framework,

🤳🏻 We Need More High-End Small Phones — Linux Terminal Setup Tips

Sunday, November 24, 2024

Also: Why I Switched From Google Maps to Apple Maps, and More! How-To Geek Logo November 24, 2024 Did You Know Medieval moats didn't just protect castles from invaders approaching over land, but

JSK Daily for Nov 24, 2024

Sunday, November 24, 2024

JSK Daily for Nov 24, 2024 View this email in your browser A community curated daily e-mail of JavaScript news JavaScript Certification Black Friday Offer – Up to 54% Off! Certificates.dev, the trusted

OpenAI's turbulent early years - Sync #494

Sunday, November 24, 2024

Plus: Anthropic and xAI raise billions of dollars; can a fluffy robot replace a living pet; Chinese reasoning model DeepSeek R1; robot-dog runs full marathon; a $12000 surgery to change eye colour ͏ ͏

Daily Coding Problem: Problem #1618 [Easy]

Sunday, November 24, 2024

Daily Coding Problem Good morning! Here's your coding interview problem for today. This problem was asked by Zillow. Let's define a "sevenish" number to be one which is either a power

PD#602 How Netflix Built Self-Healing System to Survive Concurrency Bug

Sunday, November 24, 2024

CPUs were dying, the bug was temporarily un-fixable, and they had no viable path forward ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌

RD#602 What are React Portals?

Sunday, November 24, 2024

A powerful feature that allows rendering components outside their parent component's DOM hierarchy ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌