Hackerzhome

hackerzhome-logo-bg
Hackerzhome-logo-sm

Cybersecurity news all over the world

HACKERZHOME NEWS

June 8, 2023

www.hackerzhome.org

Thursday

A new PowerDrop virus is aimed at the American aerospace industry.

A new PowerShell-based virus named PowerDrop has been seen being used by an unidentified threat actor to attack the American aerospace sector.


According to Adlumin, which discovered the virus placed in an undisclosed domestic aerospace defense firm in May 2023, PowerDrop employs cutting-edge tactics to elude detection such as deception, encoding, and encryption.


The name is a combination of the script’s creation tool, Windows PowerShell, and the padding character “DROP” from the DROP (DRP) string.


PowerDrop is a post-exploitation tool, which means it’s made to collect data from target networks after gaining access to them via another method.


In order to start contact with a command-and-control (C2) server, the virus uses Internet Control Message Protocol (ICMP) echo request messages as beacons.


In turn, the server replies with an encrypted command that is deciphered and executed on the infected host. The instruction’s results are exfiltrated via a similar ICMP ping message.

NEWS 1
A new PowerDrop virus is aimed at the American aerospace industry.

Breaking news

LIVE

You are not up to date!

Subscribe to our newsletter and stay updated on cybersecurity news

Honda API weaknesses exposed dealer panels, corporate documents, and customer data.

Due to API weaknesses that allow password reset for any account, Honda’s e-commerce platform for power equipment, marine, and lawn & garden was open to unauthorized access by anybody.

Honda is a Japanese company that produces cars, motorbikes, and power tools. Owners of Honda vehicles or motorbikes are not harmed in this scenario because only the latter division is touched.

Eaton Zveare, a security researcher who previously used similar flaws to get into Toyota’s supplier site, found the security hole in Honda’s systems.

For Honda, Eaton Works took advantage of a password reset API to get unfettered admin-level access to the company’s network by changing the passwords of important accounts.

The information below was consequently made available to the security researcher and perhaps threat actors using the same vulnerability: From August 2016 to March 2023, there were 21,393 client orders across all dealers. This figure contains the consumer’s name, address, phone number, and the things they ordered, 1,091 of the 1,570 dealer websites are operational. Any of these sites might have been altered, 3,588 dealer users or accounts (first and last names and email addresses included). Any one of these users might alter their password, 1,090 dealer emails (first and last name included), 11,034 emails from customers (first and last names included), and, Reports on internal finances.

NEWS 2

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news:

June 8, 2023 /

Thursday

Hackerzhome News

2

Have you heard?
IPhones Are Checked With A New Tool For ‘Triangulation’ Malware Infiltration. – Know more!

Royal ransomware group increases its firepower with the BlackSuit encryptor

Royal ransomware group increases its firepower with the BlackSuit encryptor

There have been rumors about the Royal ransomware operation preparing to rebrand under a new identity since late April.

After they attacked the City of Dallas, Texas, in Texas, they started to experience pressure from the law, which caused the situation to worsen.

May saw the discovery of a fresh BlackSuit ransomware campaign that made use of Tor negotiation sites and its own branded encryptor.

It was anticipated that the Royal ransomware organization will rebrand as this ransomware operation. However, a rebranding never took place, and Royal is still actively assaulting the company while occasionally employing BlackSuit.

They work hard on IcedID and continuously enhancing Emoted in an effort to revive it. In this way, their trials with novel lockers seem natural. according to Bohuslavskiy. I think soon we could start to see more stuff like the blacksuit.

However, it appears that the new Blacksuit locker and loader were both a failure as experiments thus far.

NEWS 3

Cisco and VMware Address Critical Vulnerabilities with Immediate Security Updates

Cisco and VMware Address Critical Vulnerabilities with Immediate Security Updates
NEWS 4

In order to address three security weaknesses in Aria Operations for Networks that might lead to information exposure and remote code execution, VMware has provided security patches.

The most serious of the three flaws is a command injection flaw identified as CVE-2023-20887 (CVSS score: 9.8) that might enable remote code execution for a hostile actor with network access.

Another deserialization vulnerability (CVE-2023-20888), which has a CVSS rating of 9.1 out of 10, has also been addressed by VMware.

A command injection attack might be used by an actor with network access to conduct a high-severity information disclosure flaw (CVE-2023-20889, CVSS score: 8.8) and get access to sensitive data.

The three vulnerabilities that impact VMware Aria Operations Networks version 6.x have been fixed in the following versions: 6.2, 6.3, 6.4, 6.5.1, 6.6, 6.7, 6.8, 6.9, and 6.10. There are no fixes to make the issues smaller.

Recent blog posts

Barracuda advises replacing compromised ESG equipment immediately.

Barracuda, a provider of email and network security, alerts clients to the need to replace Email Security Gateway (ESG) equipment that has been compromised by attacks utilizing a recently fixed zero-day vulnerability.

The firm said in an update to the first alert on Tuesday that all affected ESG appliances should be replaced right now, regardless of patch version level.

The serious Barracuda ESG remote command injection bug, identified as CVE-2023-2868, was remotely fixed on May 20, and the attackers’ access to the vulnerable appliances was shut off the next day by deploying a special script. This is when the alert was issued.

Customers were alerted by Barracuda on May 24 that their ESG appliances may have been compromised by the CVE-2023-2868 problem and were urged to check their environments for evidence of penetration.

The first time it was utilized was in October 2022 to penetrate “a subset of ESG appliances” and introduce malware that gave the attackers ongoing access to the compromised systems.

They used malicious software called SeaSide to create reverse shells for simple remote access using SMTP HELO/EHLO instructions, as well as Saltwater and SeaSpy spyware to backdoor the affected equipment.

Barracuda advises replacing compromised ESG equipment immediately.
NEWS 5

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news:

Cyberghost

Cyberghost

A Computer science Engineer, Certified Ethical hacker (CEH), Offensive Security Certified professional (OSCP), SOC Analyst & Content Creator.