North Korea’s Lazarus hackers are exploiting Log4j flaw to hack US energy companies
North Korea’s Lazarus hackers are exploiting the Log4j flaw to hack US energy companies security researchers have linked a new cyber espionage campaign targeting U. Canadian and Japanese energy providers to the North Korean state-sponsor Lazarus hacking group. New Linux malware combines unusual stealth with a full suite of
capabilities Dubbed Shikitega by the researchers at AT&T Alien Labs who discovered it, the malware is delivered through a multistage infection chain using polymorphic encoding. It also abuses legitimate cloud services to host command-and-control servers. Experts warn of attacks exploiting zero-day in WordPress BackupBuddy plugin The vulnerability, tracked as CVE-2022-31474 (CVSS score: 7.5), can be exploited by an unauthenticated user to download arbitrary files from the affected site. It has been estimated that the plugin has around 140,000 active installations. Lampion malware returns in phishing attacks abusing WeTransfer WeTransfer is a legitimate file-sharing service that can be used free of charge, so it’s a no-cost way to bypass security software that may not raise alerts about the URLs used in emails.
Pulasthi 10174
10A2