New HeadCrab Malware Hijacks 1,200 Redis Servers
Since September 2021, over a thousand vulnerable Redis servers online have been infected by a stealthy malware dubbed “HeadCrab”, designed to build a botnet that mines Monero cryptocurrency. New HeadCrab Malware ? [...]
Hackers Use New IceBreaker Malware to Breach Gaming Companies
Hackers have been targeting online gaming and gambling companies with what appears to be a previously unseen backdoor that researchers have named IceBreaker. Researchers at incident response firm Security Joes believe [...]
New SH1MMER Exploit for Chromebook Unenrolls Managed ChromeOS Devices
A new exploit called ‘Sh1mmer’ can be used to “unenrolling” enterprise-managed Chromebooks to install apps and bypass device restrictions. What is SH1MMER Exploit? SH1MMER (Shady Hacking 1nstrument Makes Machine Enrollment [...]
Attacks Targeting Realtek SDK Vulnerability Ramping Up
Palo Alto Networks warns of an increase in cyberattacks targeting CVE-2021-35394, a remote code execution (RCE) vulnerability in the Realtek Jungle SDK. The first in-the-wild attacks targeting CVE-2021-35394 were observed days after [...]
Yandex Code Repositories Leaked Allegedly by Former Employee
The threat actor has dumped a whopping 44.7 GB worth of Yandex data, including its source code repository, on a popular hacker forum. Yandex Code Repositories The source code repository [...]
VMware Patches Critical RCE Vulnerabilities in vRealize Log Insight
VMware addresses multiple vulnerabilities, including two rated as critical, in the vRealize Log Insight product. The vRealize Log Insight by VMware is a virtual appliance that allows administrators to gather [...]
Remote Code Execution Vulnerability in Microsoft Teams
Researchers discovered an RCE vulnerability in Microsoft Teams during Pwn2Own 2022. The application is used by a wide range of people, including professionals, and an exploit could cause significant harm to its [...]
Chinese Hackers Exploited Recent Fortinet Flaw as 0-Day to Drop Malware
A suspected China-nexus threat actor exploited a recently patched vulnerability in Fortinet FortiOS SSL-VPN as a zero-day in attacks targeting a European government entity and a managed service provider (MSP) [...]
Samsung Galaxy Store App Found Vulnerable to Sneaky App Installs and Fraud
Two new vulnerabilities have been found in the Galaxy App Store application allowing local attackers to install arbitrary applications or execute JavaScript by launching a specific web page. The findings [...]
CISA Warns for Vulnerabilities in Industrial Control Systems (ICS)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released several Industrial Control Systems (ICS) advisories warning of critical security flaws affecting products from Sewio, InHand Networks, Sauter Controls, and Siemens. The [...]
New Backdoor Created Using Leaked CIA’s Hive Malware Discovered in the Wild
Netlab recently released a report confirming that this sample was adapted from the leaked Hive project server source code from the U.S. CIA. This new variant of the HIVE kit, [...]
Attackers Infected a CircleCI Employee with Malware to Steal Customer Session Tokens
Software development service CircleCI has revealed that a recently disclosed data breach was the result of information stealer malware being deployed on an engineer’s laptop. How its infected? According to [...]
RAT malware campaign tries to evade detection using polyglot files
Operators of the StrRAT and Ratty distant entry trojans (RAT) are operating a brand new marketing campaign utilizing polyglot MSI/JAR and CAB/JAR information to evade detection from safety instruments. What [...]
Cacti Patched CVE-2022-46169 Critical RCE Vulnerability
Open-source, web-based network monitoring and graphing tool Cacti received an update recently to fix a critical-severity security vulnerability that enabled executing arbitrary code on a server running Cacti. CVE-2022-46169 It is an open-source, web-based network [...]
-
Expert Analysis Reveals Cryptographic Weaknesses in Threema Messaging App GalleryExpert Analysis Reveals Cryptographic Weaknesses in Threema Messaging App
BOTNET, Data Breach, Exploitation, hackers, Internet Security, IOC's, malicious cyber actors, Malicious extension, Malware, Mobile Security, Security Advisory, Security Update
Expert Analysis Reveals Cryptographic Weaknesses in Threema Messaging App
A comprehensive analysis of the cryptographic protocols used in the Swiss encrypted messaging application Threema has revealed a number of loopholes. What is Threema? Threema's end-to-end inner protocol, the one [...]
Microsoft ends Windows 7 extended security updates on Tuesday
Windows 7 Professional and Enterprise editions will no longer receive extended security updates for critical and important vulnerabilities starting Tuesday, January 10, 2023. Alongside this, the Redmond company encourages Windows [...]
-
Russian Turla Hackers Hijack Decade-Old Malware Infrastructure to Deploy New Backdoors GalleryRussian Turla Hackers Hijack Decade-Old Malware Infrastructure to Deploy New Backdoors
Backdoor, Compromised, Darknet, Data Breach, Exploitation, hackers, Internet Security, IOC's, malicious cyber actors, Malicious extension, Malware
Russian Turla Hackers Hijack Decade-Old Malware Infrastructure to Deploy New Backdoors
Organisations that fell victim to Andromeda, a commodity malware that dates back 12 years, seem to be at risk of compromise by the Moscow-backed advanced persistent threat (APT) group tracked variously [...]
Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub
South African threat actors known as 'Automated Libra' has been improving their techniques to make a profit by using cloud platform resources for cryptocurrency mining. PURPLEURCHIN first came to light [...]
Synology Fixes a Max Severity RCE Vulnerability in VPN Server Products
"Taiwan-based NAS maker Synology has addressed a maximum (10/10) severity vulnerability affecting routers configured to run as VPN servers.The vulnerability, tracked as CVE-2022-43931, was discovered internally by Synology's Product Security Incident [...]
-
RCE Vulnerability (CVE-2022-45359) in Yith WooCommerce Gift Cards Plugin Exploited in Attacks GalleryRCE Vulnerability (CVE-2022-45359) in Yith WooCommerce Gift Cards Plugin Exploited in Attacks
BOTNET, Compromised, Exploitation, Internet Security, IOC's, malicious cyber actors, Malicious extension, Malware, Security Advisory, Security Update, Software Issues, Targeted Attacks, Tips, vulnerability, wordpress
RCE Vulnerability (CVE-2022-45359) in Yith WooCommerce Gift Cards Plugin Exploited in Attacks
Hackers are actively exploiting a critical vulnerability, tracked as CVE-2022-45359 (CVSS v3: 9.8), affecting the WordPress plugin YITH WooCommerce Gift Cards Premium. CVE-2022-45359 Vulnerability The CVE-2022-45359 vulnerability allows unauthenticated attackers to upload [...]
PyTorch Machine Learning Framework Compromised with Malicious Dependency
The PyTorch team has issued a warning to users who installed PyTorch-nightly over the holidays, advising them to uninstall the framework and the counterfeit 'torchtriton' dependency. Originally developed and released [...]
Thousands of Citrix Servers Still Unpatched for Critical Vulnerabilities
Two critical vulnerabilities tracked as CVE-2022-27510 and CVE-2022-27518 still affect thousands of Citrix Application Delivery Controller (ADC) and Gateway devices, NCC Group’s Fox IT team said in a blog post. [...]
-
APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector GalleryAPT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector
BOTNET, Compromised, Data Breach, Exploitation, Internet Security, malicious cyber actors, Malicious extension, Malware, Microsoft, Security Advisory, Security Update
APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector
In July 2022, Microsoft made a crucial development to its Office software that blocks macros in Office files attached to email messages. While this block only applies to new versions of [...]
-
Critical Linux Kernel Vulnerability Let Attackers Execute Remote Code GalleryCritical Linux Kernel Vulnerability Let Attackers Execute Remote Code
Compromised, Exploitation, hackers, Internet Security, IOC's, Linux Malware, malicious cyber actors, Malware, Security Advisory, Security Update, vulnerability
Critical Linux Kernel Vulnerability Let Attackers Execute Remote Code
A critical remote code execution vulnerability (CVE-2022-47939) has been identified in the ksmbd module of the Linux kernel. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux [...]
-
PrivateLoader PPI Service Found Distributing Info-Stealing RisePro Malware GalleryPrivateLoader PPI Service Found Distributing Info-Stealing RisePro Malware
Compromised, Exploitation, hackers, infostealer, Internet Security, IOC's, malicious cyber actors, Malicious extension, Malware, Security Advisory, Security Update, windows
PrivateLoader PPI Service Found Distributing Info-Stealing RisePro Malware
PrivateLoader is an active malware in the loader market, used by multiple threat actors to deliver various payloads, mainly information stealer. The pay-per-install (PPI) malware downloader service PrivateLoader is being used to [...]
GuLoader Malware Utilizing New Techniques to Evade Security Software
Cybersecurity researchers exposed new evasion techniques adopted by an advanced malware downloader called GuLoader. GuLoader malware GuLoader is a first-stage trojan designed to infect a system and drop a final payload. Typically other trojans or [...]
CVE-2022-47633 Vulnerability Allows Attackers to Bypass Kyverno Signature Verification
The vulnerability could let attackers introduce malicious code into cloud production environments. Kyverno’s admission controller offers a signature verification mechanism to ensure that only signed container images can enter a Kubernetes cluster. The [...]
Vice Society Ransomware Attackers Adopt Robust Encryption Methods
SentinelLabs disclosed that the Vice Society group has adopted a new custom-branded ransomware payload in recent intrusions, dubbed ‘PolyVice,’ which implements an encryption scheme, using NTRUEncrypt and ChaCha20-Poly1305 algorithms. Vice [...]
-
LastPass Admits to Severe Data Breach, Encrypted Password Vaults Stolen GalleryLastPass Admits to Severe Data Breach, Encrypted Password Vaults Stolen
BOTNET, Compromised, Evilproxy, Exploitation, infostealer, Internet Security, malicious cyber actors, Malicious extension, Malware, Security Advisory, Security Update
LastPass Admits to Severe Data Breach, Encrypted Password Vaults Stolen
LastPass has confirmed that cybercriminals stole its customers’ encrypted password vaults, which store its customers’ passwords and other secrets, in a data breach earlier this year. LastPass revealed that this repository of customer [...]
-
ProxyNotShell Vulnerabilities Being Actively Exploited (CVE-2022-41040 and CVE-2022-41082) GalleryProxyNotShell Vulnerabilities Being Actively Exploited (CVE-2022-41040 and CVE-2022-41082)
Compromised, Data Breach, Evilproxy, Exploitation, hackers, Internet Security, IOC's, malicious cyber actors, Malicious extension, vulnerability
ProxyNotShell Vulnerabilities Being Actively Exploited (CVE-2022-41040 and CVE-2022-41082)
Reports says, the zero-day vulnerabilities CVE-2022-41040 and CVE-2022-41082, dubbed ProxyNotShell, are still being actively exploited. ProxyNotShell vulnerabilities are exploited by adversaries for remote code execution (RCE) in vulnerable Exchange servers in the wild. [...]
Raspberry Robin Worm Strikes Again, Targeting Telecom and Government Systems
Researchers at Trend Micro have been tracking Raspberry Robin since September and are warning the worm is notable for its 10 layers of obfuscation and its ability to deploy a [...]
-
Cybercriminals Launch New BrasDex Android Trojan Targeting Brazilian Banking Users GalleryCybercriminals Launch New BrasDex Android Trojan Targeting Brazilian Banking Users
BOTNET, Compromised, Exploitation, hackers, infostealer, Internet Security, IOC's, malicious cyber actors, Malicious extension, Malware, Mobile Security, phishing, Security Advisory, Security Update
Cybercriminals Launch New BrasDex Android Trojan Targeting Brazilian Banking Users
The threat actors behind the Windows banking malware known as Casbaneiro has been attributed as behind a novel Android trojan called BrasDex that has been observed targeting Brazilian users. What is BrasDex? BraDex is [...]
-
Malicious PyPI package posed as SentinelOne SDK to serve info-stealing malware GalleryMalicious PyPI package posed as SentinelOne SDK to serve info-stealing malware
BOTNET, Compromised, Exploitation, hackers, infostealer, Internet Security, IOC's, malicious cyber actors, Malicious extension, Malware, Security Advisory, Security Update, Tips
Malicious PyPI package posed as SentinelOne SDK to serve info-stealing malware
Cybersecurity researchers at ReversingLabs have discovered a new malicious package, named ‘SentinelOne,’ on the Python Package Index (PyPI) repository that impersonates a legitimate software development kit (SDK) for SentinelOne. The [...]
Apple patches active exploit vulnerability for iPhones
Apple has confirmed that an iPhone software update it released two weeks ago fixed a zero-day security vulnerability that it now says was actively exploited. The update, iOS 16.1.2, landed on [...]
Microsoft Reevaluates SPNEGO NEGOEX Vulnerability CVE-2022-37958 as Critical
A critical remote code execution vulnerability has been discovered in the SPNEGO (Simple and Protected GSS-API Negotiation Mechanism). CVE-2022-37958 The Vulnerability CVE-2022-37958, has been rated as having a CVSS score [...]
-
Microsoft CVE-2022-44693: Microsoft SharePoint Server Remote Code Execution Vulnerability GalleryMicrosoft CVE-2022-44693: Microsoft SharePoint Server Remote Code Execution Vulnerability
Compromised, Exploitation, Internet Security, IOC's, malicious cyber actors, Microsoft, Security Advisory, Security Update
Microsoft CVE-2022-44693: Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft on Tuesday released patches for 48 vulnerabilities in seven Microsoft product families. This includes 6 Critical-class issues affecting Microsoft Dynamics, SharePoint, and Windows. Of the 53 patches released in [...]
Fortinet Released Patch for FortiOS SSL-VPN RCE Vulnerability CVE-2022-42475
Fortinet has released a patch for a critical zero-day security vulnerability affecting its FortiOS SSL-VPN product. The vulnerability could lead to remote code execution and is actively exploited. CVE-2022-42475 CVE-2022-42475 is a heap-based buffer overflow vulnerability in [...]
Amazon ECR Public Gallery flaw could have wiped or poisoned any image
Security flaw has been disclosed in Amazon Elastic Container Registry (ECR) Public Gallery that could have been potentially exploited according to cloud security firm Lightspin. Amazon ECR Public Gallery The Amazon [...]
-
MegaRAC flaws, IP leak impact multiple server brands GalleryMegaRAC flaws, IP leak impact multiple server brands
BOTNET, Compromised, Exploitation, hackers, Internet Security, IOC's, malicious cyber actors, Malicious extension, Malware, Mobile Security, Security Advisory, Security Update, Software Issues, Targeted Attacks, Tips
MegaRAC flaws, IP leak impact multiple server brands
Research team has found three different vulnerabilities in the MegaRAC Baseboard Management Controller (BMC) software. CVE-2022-40259 and CVE-2022-40242 vulnerabilities have CVSS scores of 9.8, while the CVE-2022-2827 vulnerability has a CVSS score of 7.5 on the National Vulnerability [...]
-
Cryptocurrency Mining Campaign Hits Linux Users with Go-based CHAOS Malware GalleryCryptocurrency Mining Campaign Hits Linux Users with Go-based CHAOS Malware
BOTNET, Compromised, Exploitation, hackers, Internet Security, IOC's, malicious cyber actors, Malicious extension, Malware, Security Advisory, Security Update, Woody RAT malware
Cryptocurrency Mining Campaign Hits Linux Users with Go-based CHAOS Malware
A cryptocurrency mining attack targeting the Linux operating system also involved the use of an open source remote access trojan (RAT) dubbed CHAOS. The potency of the Chaos malware stems from [...]
-
Researchers Uncover New Drokbk Malware that Uses GitHub as a Dead Drop Resolver GalleryResearchers Uncover New Drokbk Malware that Uses GitHub as a Dead Drop Resolver
BOTNET, Compromised, Exploitation, infostealer, Internet Security, IOC's, malicious cyber actors, Malware, Security Advisory, Security Update
Researchers Uncover New Drokbk Malware that Uses GitHub as a Dead Drop Resolver
Secureworks Counter Threat Unit (CTU) researchers are investigating the Drokbk malware, which is operated by a subgroup of the Iranian government-sponsored COBALT MIRAGE threat group. Drokbk Malware The Drokbk malware was detected [...]
-
Researchers Uncover Darknet Service Allowing Hackers to Trojonize Legit Android Apps GalleryResearchers Uncover Darknet Service Allowing Hackers to Trojonize Legit Android Apps
BOTNET, Compromised, Darknet, Exploitation, hackers, infostealer, Internet Security, IOC's, Malware, Mobile Security, Security Advisory, Security Update
Researchers Uncover Darknet Service Allowing Hackers to Trojonize Legit Android Apps
Researchers have shed mild on a new hybrid malware campaign targeting the two Android and Windows running programs in a bid to broaden its pool of victims. “This campaign resulted [...]
Lazarus group uses fake cryptocurrency apps to plant AppleJeus malware
Lazarus hacking group spreads malware using a fake cryptocurrency app called BloxHolder. This made-up brand pretends to offer cryptocurrency applications, tricking users to install AppleJeus malware. AppleJeus malware AppleJeus malware, [...]
-
New Go-based Zerobot Botnet Exploiting Dozen of IoT Vulnerabilities to Expand its Network GalleryNew Go-based Zerobot Botnet Exploiting Dozen of IoT Vulnerabilities to Expand its Network
BOTNET, Compromised, DDOS, Exploitation, hackers, Internet Security, IOC's, malicious cyber actors, Malicious extension, Security Advisory, Security Update
New Go-based Zerobot Botnet Exploiting Dozen of IoT Vulnerabilities to Expand its Network
Zerobot has been observed in the wild proliferating by taking advantage of nearly two dozen security vulnerabilities in the internet of things (IoT) devices and other software. It contains several modules, [...]
Critical Ping bug potentially allows remote hack of FreeBSD systems
A critical stack-based buffer overflow bug, tracked as CVE-2022-23093, in the ping service can allow to take over FreeBSD systems. CVE-2022-23093 The vulnerability exists due to a boundary error within the pr_pack() [...]
GoTo’s Cloud Storage and Dev Environment Breached by Hackers
GoTo, maker of the popular virtual meeting and desktop-sharing software, and its affiliate LastPass confirmed on Wednesday that their shared cloud-storage service was hit by unknown hackers. Remote access company [...]
LastPass breach affects customer data—but not passwords
Password manager LastPass has told customers that some of their information has been accessed in a cybersecurity breach, but says passwords remain safe. LastPass owner LogMeIn stresses that customer passwords have [...]
Google Accuses Spanish Spyware Vendor of Exploiting Chrome, Firefox, & Windows Zero-Days
Google researchers said on Wednesday they have linked a Barcelona, Spain-based IT company to the sale of advanced software frameworks that exploit vulnerabilities in Chrome, Firefox, and Windows Defender. According [...]
ManageEngine Vulnerability (CVE-2022-40300)
ManageEngine recently patched a SQL injection vulnerability bug in their Password Manager Pro, PAM360, and Access Manager Plus products. CVE-2022-40300 A remote attacker can exploit the vulnerability by sending a [...]
Google discovers Windows exploit framework used to deploy spyware
A Spanish company that offers “tailor made Information Security Solutions” may have exploited vulnerabilities in Chrome, Firefox and the Microsoft Defender antivirus program to deploy spyware, researchers with Google’s Threat [...]
Windows 11 is getting a VPN status indicator in the taskbar
Microsoft already released the big Windows 11 update for the year, 22H2, but the company isn’t slowing down on development. A new feature is now in testing that aims to [...]
Hackers Using Trending TikTok ‘Invisible Challenge’ to Spread Malware
Hackers are always coming up with clever ways to exploit the latest trends, and the latest example leverages a popular TikTok challenge to trick unsuspecting users into installing malware on their devices. The trend, [...]
Amazon addresses vulnerability affecting AWS AppSync
Researchers from security company Datadog discovered a cross-tenant vulnerability in a popular Amazon Web Services (AWS) tool, which Amazon has now addressed. What does the vulnerability do ? The bug allows attackers [...]
Patch now! Google Chrome’s GPU code has a zero-day
Google has released an important update to Chrome web browser that fixes another zero-day vulnerability. CVE-2022-413 The high-severity flaw has been in existence since 2022 and has been misused by [...]
WhatsApp data leak: 500 million user records for sale
The latest WhatsApp data leak has reportedly affected as many as 80 countries, including Russia, Italy, Egypt, Brazil, Spain, and more. The list also includes India. Threat actor claims there [...]
Researchers Warn of Cyber Criminals Using Go-based Aurora Stealer Malware
Researchers at SEKOIA identified 7 traffers teams on Dark Web forums that announced the availability of the Aurora Stealer in their arsenal, a circumstance that confirms the increased popularity of [...]
-
Ducktail Malware Operation Evolves with New Malicious Capabilities GalleryDucktail Malware Operation Evolves with New Malicious Capabilities
BOTNET, Compromised, Exploitation, hackers, IOC's, malicious cyber actors, Malicious extension, Malware, Security Advisory, Security Update, Targeted Attacks, Tips
Ducktail Malware Operation Evolves with New Malicious Capabilities
A Vietnam-based hacking operation dubbed "Ducktail" is targeting individuals and companies operating on Facebook's Ads and Business platform. Ducktail Ducktail has been around since 2021, and is attributed to a [...]
Google Chrome extension used to steal cryptocurrency, passwords
A Google Chrome extension named "VenomSoftX" is being used to steal cryptocurrency from wallets and breach passwords. The malware has been tracked over 93,000 times so far in 2022. What does VenomSoftX do? [...]
New AXLocker Ransomware Steals Victims’ Discord Tokens
Security researchers have warned of a new ransomware variant that not only encrypts the victim’s files but also attempts to steal data by enabling a Discord account takeover (ATO). AXlocker [...]
Notorious Emotet Malware Returns With High-Volume Malspam Campaign
The Emotet malware-delivery botnet is back after a short hiatus, quickly ramping up the number of malicious emails it's sending and sporting additional capabilities, including changes to its binary and [...]
Chinese Hackers Using 42,000 Imposter Domains in Massive Phishing Attack Campaign
Security researchers have uncovered a sophisticated phishing campaign using tens of thousands of malicious domains to spread malware and generate advertising revenue. Fangxiao Fangxiao- The threat actor has been active [...]
-
North Korean Hackers Targeting Europe and Latin America with Updated DTrack Backdoor GalleryNorth Korean Hackers Targeting Europe and Latin America with Updated DTrack Backdoor
Compromised, Exploitation, Internet Security, malicious cyber actors, Malicious extension, Malware, Security Advisory, Security Update
North Korean Hackers Targeting Europe and Latin America with Updated DTrack Backdoor
North Korea-linked APT Lazarus is using a new version of the DTrack backdoor to attack organizations in Europe and Latin America, Kaspersky researchers warn. What is Dtrack backdoor? DTrack allows criminals to upload, [...]
F5 Released Hotfixes for BIG-IP and iControl REST Vulnerabilities
The vulnerability CVE-2022-41622 makes BIG-IP and BIG-IQ vulnerable to unauthenticated remote code execution (RCE) via cross-site request forgery due to Big-IP’s SOAP API lacking CSRF protection and other protective measures. CVE-2022-41622 and CVE-2022-41800 Vulnerabilities An attacker may trick [...]
Critical vulnerability in Spotify’s Backstage discovered, patched
A critical unauthenticated remote code execution vulnerability in Spotify’s Backstage project has been found and fixed, and developers are advised to take immediate action in their environments. What is all [...]
Windows Kerberos authentication breaks after November updates
Microsoft on Sunday reported that after installing updates released on the most recent Patch Tuesday on Nov. 8, security teams might have issues with Kerberos authentication on Windows Servers with [...]
Over 15,000 WordPress Sites Compromised in Malicious SEO Campaign
Security researchers have spotted an intriguing malware campaign designed to increase the search engine rankings of spam websites under the control of threat actors. Over 15,000 WordPress and other sites have [...]
-
New “Earth Longzhi” APT Targets Ukraine and Asian Countries with Custom Cobalt Strike Loaders GalleryNew “Earth Longzhi” APT Targets Ukraine and Asian Countries with Custom Cobalt Strike Loaders
Internet Security, IOC's, malicious cyber actors, Malware, Mobile Security, Security Advisory, Security Update
New “Earth Longzhi” APT Targets Ukraine and Asian Countries with Custom Cobalt Strike Loaders
A new APT group, Earth Longzhi, reportedly targeted organizations in East Asia, Southeast Asia, and Ukraine using a Cobalt Strike loader. The group, active since at least 2020, is considered [...]
Warning: New Massive Malicious Campaigns Targeting Top Indian Banks’ Customers
Trend Micro researchers observed an uptick in attacks targeting bank customers in India, the common entry point being a text message with a phishing link. The SMS content urges the [...]
Several Cyber Attacks Observed Leveraging IPFS Decentralized Network
A new web3 technology is being abused widely by threat actors, according to security researchers from tech giant Cisco. What is IPFS ? The InterPlanetary File System (IPFS) is a [...]
-
Microsoft November 2022 Patch Tuesday Fixed 11 Critical Vulnerabilities and 6 Zero-Days GalleryMicrosoft November 2022 Patch Tuesday Fixed 11 Critical Vulnerabilities and 6 Zero-Days
Forensic Investigation, Internet Security, malicious cyber actors, Microsoft, Security Advisory, Security Update, vulnerability
Microsoft November 2022 Patch Tuesday Fixed 11 Critical Vulnerabilities and 6 Zero-Days
Microsoft November 2022 Patch Tuesday has been released with patches for a total of 68 vulnerabilities, which include 6 actively exploited zero days and 11 critical vulnerabilities. Microsoft has fixed [...]
New Laplas Clipper Malware Targeting Cryptocurrency Users via SmokeLoader
Threat actors have developed a new approach to deceive cryptocurrency users. They are using Laplas Clipper, a new feature-rich clipboard stealer that allows hackers to gain more control and insights [...]
Experts Find URLScan Security Scanner Inadvertently Leaks Sensitive URLs and Data
Sensitive URLs to shared documents, password reset pages, team invites, payment invoices and more are publicly listed and searchable on urlscan.io, a security tool used to analyze URLs. What is urlscan.io? [...]
-
Robin Banks Phishing Service for Cybercriminals Returns with Russian Server GalleryRobin Banks Phishing Service for Cybercriminals Returns with Russian Server
Exploitation, Internet Security, IOC's, malicious cyber actors, Malicious extension, Malware, phishing, Security Advisory, Security Update, Tips
Robin Banks Phishing Service for Cybercriminals Returns with Russian Server
A phishing-as-a-service (PhaaS) platform known as Robin Banks has relocated its attack infrastructure to DDoS-Guard, a Russian provider of bulletproof hosting services. DDoS-Guard takes over from Cloudflare after the latest caused a [...]
Researchers Find Links b/w Black Basta Ransomware and FIN7 Hackers
A new analysis of tools put to use by the Black Basta ransomware operation has identified ties between the threat actor and the FIN7 (aka Carbanak) group. Black Basta has [...]
OpenSSL Announced Two High-Severity Vulnerabilities Are Fixed
OpenSSL released patches for two vulnerabilities that have caused widespread concern among cybersecurity experts and researchers over the last week and a half. OpenSSL is a commonly used code library [...]
Dropbox breached, GitHub repositories stolen
File-hosting company Dropbox revealed on Tuesday that it has suffered a phishing incident. Attackers took 130 code repositories using stolen credentials after gaining access to one of Dropbox's GitHub accounts. The attacker eventually [...]
Emotet botnet starts blasting malware again after 5 month break
The malicious program operators have been silent for five months and have now again started to spam emails with malicious programs after the vacation. Emotet is the malware typically spread [...]
A New Rising Social Engineering Trend: Callback Phishing
Callback phishing emerged as a hybrid social engineering technique that combines phishing and vishing. The phishing technique used to steal sensitive data or transmit harmful packages via email and vishing. Malicious attachments [...]
Fodcha DDoS Botnet Resurfaces with New Capabilities
Researchers have discovered a new version of the Fodcha DDoS botnet, featuring upgrades to deter analysis by security researchers and the ability to inject ransom demands into packets. Fodecha DDOS [...]
Actively exploited Windows MoTW zero-day gets unofficial patch
A free unofficial patch is available for a Mark-of-the-web (MoTW) security vulnerability impacting Windows 10 and 11, Bleeping Computer reports. The actively exploited zero-day flaw lets files signed with malformed signatures [...]
Chrome issues urgent zero-day fix – update now!
Google has announced an update for Chrome issues that fixes an in-the-wild exploit. Mitigation for chrome issues If you’re a Chrome user on Windows, Mac, or Linux, you should update as soon [...]
Newly Unsealed Indictment Charges the Operator of Raccoon Infostealer
U.S. officials have charged a Ukrainian national over his alleged role in the Raccoon Infostealer malware-as-a-service operation that infected millions of computers worldwide. The U.S. Department of Justice accused Sokolovsky [...]
Microsoft links Raspberry Robin worm to Clop ransomware attacks
Microsoft has discovered recent activity that links the Raspberry Robin worm to human-operated ransomware attacks. The experts noticed that threat actors tracked as DEV-0950 used Clop ransomware to encrypt the network of organizations previously [...]
Windows 10 KB5018482 update released with nineteen improvements
Despite the release of Windows 11 this early October, there have been updates for Windows 10, still. There are 19 improvements released in the KB5018482 Preview cumulative update for Windows [...]
Apple Releases Patch for Exploited Zero-Day
Apple on Monday disclosed and patched a kernel-level zero-day vulnerability affecting many of its iOS devices. The severity of the flaw is unknown, and the bug was submitted by an [...]
22 Years Old Vulnerability in SQLite Allows Arbitrary Code Execution
The security expert Andreas Kellas detailed a high-severity vulnerability, tracked as CVE-2022-35737 (CVSS score: 7.5), in the SQLite database library, which was introduced in October 2000. The CVE-2022-35737 flaw is an integer [...]
SideWinder APT Using New WarHawk Backdoor to Target Entities in Pakistan
SideWinder, a prolific nation-state actor mainly known for targeting Pakistan military entities, compromised the official website of the National Electric Power Regulatory Authority (NEPRA) to deliver a tailored malware called WarHawk. [...]
Ursnif Malware Moving to Ransomware Operations from Bank Account Theft
Ursnif (a.k.a. Gozi), a former banking trojan, has been repurposed as a generic backdoor. Threat actors could use the new variant to distribute ransomware. Ursnif (a.k.a. Gozi), a former banking trojan, has been repurposed [...]
New Prestige Ransomware Targeting Polish and Ukrainian Organizations
The Prestige ransomware first appeared in the threat landscape on October 11 in attacks occurring within an hour of each other across all victims. A notable feature of this campaign [...]
Venus Ransomware targets publicly exposed Remote Desktop services
The malicious actors behind the relatively new Venus ransomware are hacking publicly exposed Remote Desktop Services to encrypt Windows devices. Venus Ransomware The Venus Ransomware seems to have started operating [...]
New Chinese Cyberespionage Group Targeting IT Service Providers and Telcos
Telecommunications and IT company providers in the Middle East and Asia are currently being specific by a beforehand undocumented Chinese-talking menace team dubbed WIP19. "Throughout this activity, the threat actor [...]
New Chinese Malware Attack Framework Targets Windows, macOS, and Linux Systems
A beforehand undocumented command-and-manage (C2) framework dubbed Alchimist is most likely currently being used in the wild to focus on Windows, macOS, and Linux devices. The Alchimist C2 can generate [...]
Aruba Released Patches for EdgeConnect’s Critical Vulnerabilities
Aruba addressed multiple critical severity vulnerabilities in the EdgeConnect Enterprise Orchestrator that can be exploited by remote attackers to compromise the vulnerable host. According to the company, a network-based attacker [...]
Critical RCE Vulnerability with Max CVSS Score in VM2 Sandbox Library
A critical vulnerability in vm2 might let a remote attacker bypass the sandbox environment and execute shell commands on the device hosting the sandbox. About the Vulnerability The most widely used Javascript sandbox library is vm2, which receives [...]
Microsoft Patch Tuesday Fixes New Windows Zero-Day; No Patch for Exchange Server Bugs
Microsoft released fixes for a Windows zero-day and a publicly disclosed vulnerability on October Patch Tuesday but security updates for two Exchange Server zero-days discovered last month are still in [...]
Researchers Detail Malicious Tools Used by Cyberespionage Group Earth Aughisky
A brand new piece of analysis has detailed the more and more refined nature of the malware toolset employed by a sophisticated persistent risk (APT) group named Earth Aughisky. Earth Aughisky [...]
Unpatched RCE Vulnerability in Zimbra Actively Exploited
Zimbra-CVE-2022-41352 is an unpatched remote code execution vulnerability in Zimbra Collaboration Suite discovered in the wild due to active exploitation. The vulnerability is due to the method (cpio) in which Zimbra’s antivirus [...]
LilithBot Malware, a new MaaS offered by the Eternity Group
Zscaler researchers linked a recently discovered sample of a new malware called LilithBot to the Eternity group. What is LilithBot Malware? LilithBot, a multipurpose malware sample, was found by ThreatLabz. Further investigation [...]
Hackers Can Use ‘App Mode’ in Chromium Browsers’ for Stealth Phishing Attacks
In what’s a new phishing technique, it has been shown that the Application Mode attribute in Chromium-primarily based web browsers can be abused to generate “real looking desktop phishing applications.” [...]
Details Released for Recently Patched new macOS Archive Utility Vulnerability
Security researchers have shared facts about a now-addressed security flaw in Apple’s macOS functioning technique that could be possibly exploited to run destructive applications in a manner that can bypass [...]
BlackByte ransomware abuses legit driver to disable security products
The BlackByte ransomware gang is using a new technique that researchers are calling “Bring Your Own Driver,” which enables bypassing protections by disabling more than 1,000 drivers used by various [...]
Experts Warn of New RatMilad Android Spyware Targeting Enterprise Devices
A novel Android malware referred to as RatMilad has been observed concentrating on a Middle Jap business cell device by concealing by itself as a VPN and phone selection spoofing [...]
Researchers Link Cheerscrypt Linux-Based Ransomware to Chinese Hackers
The recently learned Linux-Based ransomware pressure acknowledged as Cheerscrypt has been attributed to a Chinese cyber espionage team regarded for working short-lived ransomware techniques. Cybersecurity agency Sygnia attributed the assaults [...]
Microsoft Exchange server zero-day mitigation can be bypassed
Last week, Microsoft confirmed that two zero-day vulnerabilities in Microsoft Exchange recently disclosed by researchers at cybersecurity firm GTSC are being actively exploited in the wild. The first flaw, tracked as CVE-2022-41040, [...]
Hackers Exploiting Dell Driver Vulnerability to Deploy Rootkit on Targeted Computers
The North Korea-backed Lazarus Team has been observed deploying a Windows rootkit by taking gain of an exploit in a Dell firmware driver, highlighting new tactics adopted by the state-sponsored [...]
Threat Actors Impersonate GitHub, Zoom, and Cloudflare to Steal User Information
On September 16, GitHub discovered phishing attacks by hackers impersonating CircleCI. During the attack, users are warned of session expiration and directed to log in again using their GitHub credentials. How GitHub Credentials Stolen [...]
Hacking group hides backdoor malware in Windows logo image
Security researchers have discovered a malicious campaign by the hacking group ‘Witchetty’, which uses steganography to hide backdoor malware in a Windows logo. Witchetty is believed to have close ties [...]
Researchers Warn of New Go-based Malware Targeting Windows and Linux Systems
A new, multi-functional Go-based malware dubbed Chaos has been rapidly growing in volume in recent months to ensnare a wide range of Windows, Linux, small office/home office (SOHO) routers, and enterprise servers [...]
Sophisticated Covert Cyberattack Campaign Targets Military Contractors
A cyberattack campaign, potentially bent on cyber espionage, is highlighting the increasingly sophisticated nature of cyberthreats targeting defense contractors in the US and elsewhere. The covert campaign, which researchers at Securonix detected [...]
Threat Actors Utilize PowerPoint Files to Distribute Graphite Malware
Threat actors started utilizing PowerPoint presentations as a code execution method and delivering Graphite malware in targeted attacks. APT28 (Fancy Bear), a threat actor group linked to Russia, has recently been seen [...]
FARGO ransomware targets vulnerable Microsoft SQL servers in new wave of attacks
Microsoft SQL servers are succumbing to FARGO ransomware, security researchers at AhnLab Security Emergency Response Center (ASEC) have warned. Cybersecurity researchers from AhnLab Security say that the newly detected malware [...]
China-linked TA413 group targets Tibetan entities with new backdoor
A China-linked cyberespionage group, tracked as TA413 (aka LuckyCat), is exploiting recently disclosed flaws in Sophos Firewall (CVE-2022-1040) and Microsoft Office (CVE-2022-30190) to deploy a never-before-detected backdoor called LOWZERO in attacks aimed at [...]
BlackCat Ransomware Attackers Spotted Fine-Tuning Their Malware Arsenal
BlackCat Ransomware attackers fine-tuning their malware arsenal in a bid to remain undercover and expand their reach. According to Symantec, “Among some of the more notable developments has been the use of [...]
CISA Urges to Patch ManageEngine Against RCE Vulnerability
The US Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical Java deserialisation bug affecting multiple Zoho ManageEngine products to its Known Exploited Vulnerabilities (KEV) catalogue and warned that the [...]
Hackers Using Malicious OAuth Apps to Take Over Email Servers
Microsoft on Thursday warned of a consumer-facing attack that made use of rogue OAuth applications on compromised cloud tenants to ultimately seize control of Exchange servers and spread spam. “The [...]
Record DDoS Attack with 25.3 Billion Requests Abused HTTP/2 Multiplexing
Cybersecurity company Imperva has disclosed that it mitigated a dispersed denial-of-company (DDoS) attack with a whole of more than 25.3 billion requests on June 27, 2022. According to reports, the [...]
Europol and Bitdefender Release Free Decryptor for LockerGoga Ransomware
Cybersecurity firm Bitdefender published a new decryptor on Friday for LockerGoga, a strain of ransomware best known for its 2019 attack on Norwegian aluminum giant Norsk Hydro. The new decryptor is a [...]
Microsoft Teams’ GIFShell Attack
The newly published GIFShell attack method, which occurs through Microsoft Teams, is a perfect example of how threat actors can exploit legitimate features and configurations that haven't been correctly set. [...]
Trend Micro Warnes for Actively Exploited RCE Flaw in Apex One
Trend Micro recently released a patch for an actively exploited flaw in its endpoint security platform, Apex One. The security software provider published an advisory to report six vulnerabilities and advised their customers [...]
Hackers Had Access to LastPass’s Development Systems for Four Days
Password management solution LastPass shared more details pertaining to the security incident last month, disclosing that the threat actor had access to its systems for a four-day period in August [...]
North Korean Hackers Spreading Trojanized Versions of PuTTY Client Application
Researchers believe that hackers with links to North Korean government have been pushing the Trojanized Version of PuTTY networking tool in a bid to hack the networks of organizations they [...]
WordPress Sites Compromised Due to FishPig Supply Chain Attack
Threat actors infected FishPig’s distribution server as part of a supply chain attack. The vendor’s service integrates Adobe’s Magento eCommerce platform into WordPress websites. Attackers injected malicious code into FishPig’s software to [...]
Phishing page embeds keylogger to steal passwords as you type
A novel phishing campaign is underway, targeting Greeks with phishing sites that mimic the state's official tax refund platform and steal credentials as they type them. The campaign aims to [...]
Loader Malware Emotet is Now Led by Quantum and BlackCat
Emotet (also known as SpmTools) is a sophisticated, modular banking trojan. Emotetmostly serves as a downloader or dropper of other banking trojans. It is a loader-as-a-service (LaaS). It is mainly distributed by spam emails (malspam). [...]
Microsoft’s Latest Security Update Fixes 64 New Flaws, Including a Zero-Day
Microsoft on Tuesday released fixes to eliminate 64 new security flaws across its software lineup, including a zero-day flaw that has been actively exploited in real-world attacks. Of the 64 [...]
Apple Releases iOS and macOS Updates to Patch Actively Exploited Zero-Day Flaw
Apple iPhone, iPad, and Mac security update fixes actively exploited zero-day vulnerability, which allows hackers to carry out cyberattacks. Apple iPhone, Mac Security Update Fixes Zero-Day Flaw As per the [...]
Cisco Patches High-Severity Vulnerability in SD-WAN vManage
The patches for a high-severity vulnerability in the binding configuration of SD-WAN vManage software containershas been announced by Cisco. The vulnerability tracked as CVE-2022-20696, the issue exists because of insufficientprotection [...]
Lampion Banking Malware Reappears in WeTransfer Phishing Attacks
Lampion malware operators use the free file-sharing platform WeTransfer to perform phishing attacks. This way, attackers can avoid security alerts since they are tricking users into downloading from a trustworthy service. The malware [...]
High-Severity Firmware Security Flaws Left Unpatched in HP Enterprise Devices
A set of six high-severity firmware vulnerabilities impacting a broad range of HP Enterprise devices are still waiting to be patched, although some of them were publicly disclosed since July [...]
Hackers Exploit Zero-Day in WordPress BackupBuddy Plugin in ~5 Million Attempts
A zero-day flaw in a WordPress plugin known as BackupBuddy is being actively exploited, WordPress safety firm Wordfence has disclosed. BackupBuddy The BackupBuddy vulnerability impacts versions 8.5.8.0 through 8.7.4.1 and is under attack [...]
North Korean Lazarus hackers take aim at U.S. energy providers
The North Korean state-sponsored crime ring Lazarus Group is behind a new cyberespionage campaign with the goal to steal data and trade secrets from energy providers across the US, Canada [...]
Cisco Released Patches for Vulnerabilities Affecting Several Products
Cisco has released updates to address vulnerabilities affecting multiple products. The vulnerability, identified as CVE-2022-28199 (CVSS 8.6), is due to improper error handling in the network stack of DPDK, which enables a remote attacker to cause [...]
The North Face Warns of Major Credential Stuffing Campaign
Outdoor clothing giant The North Face has notified customers that their account may have been compromised, after noticing unusual activity on its website last month. It detected the credential stuffing attack on [...]
North Korean Hackers Deploying New MagicRAT Malware in Targeted Campaigns
The Lazarus Group, a well-known North Korean nation-state actor, has been connected to the MagicRAT remote access trojan. Lazarus Team, also known as APT38, Dark Seoul, Hidden Cobra, and Zinc, refers [...]
New Stealthy Shikitega Malware Targeting Linux Systems and IoT Devices
A stealthy new form of malware is targeting Linux systems in attacks that can take full control of infected devices – and it is using this access to install crypto-mining [...]
QNAP Fixes Zero-Day Recently Leveraged by DeadBolt Ransomware
The Taiwanese company QNAP cautions customers about DeadBolt ransomware attacks upon exploiting a zero-day vulnerability in Photo Station. QNAP detected the issue on September 3. In its security bulletin, QNAP explains that the ransomware exploits this [...]
New EvilProxy Phishing Service Allowing Cybercriminals to Bypass 2-Factor Security
A new Phishing-as-a-Service (PhaaS) named EvilProxy (also known as Moloch) was seen for sale in dark web forums, according to the Resecurity team. What Does EvilProxy Phishing do ? "EvilProxy actors [...]
SharkBot malware found on Google Play Store stealing login info again
The information stealing and banking data-targeting Android malware was found installed with the help of applications masquerading as antivirus or cleaner applications on the official Google Play Store. SharkBot The [...]
Critical RCE Vulnerability in the Atlassian Bitbucket Server and Data Center
A Vulnerability has been discovered in Atlassian Bitbucket Server and Data Center which could allow for remote code execution. Bitbucket is a Git-based source code repository hosting service owned by [...]
Apple Releases iOS Update for Older iPhones to Fix Actively Exploited Vulnerability
Apple has released a new iOS 12 build for customers using the older models of iPhones, iPads and even iPod. The software update comes with a fix for security vulnerability [...]
New Golang-based ‘Agenda Ransomware’ Can Be Customized For Each Victim
Cybersecurity company Trend Micro is raising the alarm on a new ransomware family called Agenda, which has been used in attacks on organizations in Asia and Africa. Agenda Ransomware Agenda targets [...]
Google Launches New Open Source Bug Bounty to Tackle Supply Chain Attacks
Google on Tuesday announced it's launching a new bug bounty program that focuses specifically on open-source software. The payouts will range from $100 to $31,337 depending on the severity of the [...]
Microsoft Uncovers New Post-Compromise Malware Used by Nobelium Hackers
The danger actor behind the SolarWinds source chain attack has been connected to still a further “extremely specific” publish-exploitation malware that could be utilized to manage persistent accessibility to compromised [...]
Okta Hackers Behind Twilio and Cloudflare Breach Hit Over 130 Organizations
The threat actor behind the attacks on Twilio and Cloudflare earlier this month has been linked to a broader phishing campaign aimed at 136 organizations that resulted in a cumulative [...]
LastPass developer systems hacked to steal source code
Password management firm LastPass was hacked last week, allowing threat actors to steal the company’s source code and proprietary technical information. LastPass Developer It is one of the largest password [...]
Crypto Miners Using Tox P2P Messenger as Command and Control Server
Threat actors have begun to make use of the Tox peer-to-peer on the spot messaging service as a command-and-control methodology, marking a shift from its earlier function as a contact [...]
Hackers Using Fake DDoS Protection Pages to Distribute Malware
Recently security experts from Sucuri, spotted JavaScript injections targeting WordPress sites to display fake DDoS Protection pages which lead victims to download remote access trojan malware. WordPress, DDoS, malware Hacked [...]
GitLab Issues Patch for Critical Flaw in its Community and Enterprise Software
GitLab released patches where they fixed a critical remote code execution vulnerability. It is labeled CVE-2022-2884 with a CVSS score of 9.9. This critical vulnerability in the GitHub Import API can be exploited by [...]
Meet Borat RAT, a New Unique Triple Threat
Atlanta-based mostly cyber risk intelligence corporation, Cyble found out a new Remote Accessibility Trojan (RAT) malware. RAT Malware RAT malware generally aids cybercriminals achieve total command of a victim’s program, [...]
New Grandoreiro Banking Malware Campaign Targeting Spanish Manufacturers
Organizations in the Spanish-speaking nations of Mexico and Spain are in the crosshairs of a new campaign designed to deliver the Grandoreiro banking trojan. Grandoreiro Malware KeyloggingAuto-Updation for newer versions and modulesWeb-Injects and [...]
Apple security updates fix 2 zero-days used to hack iPhones, Macs
Apple has launched emergency safety updates at the moment to repair two zero-day vulnerabilities beforehand exploited by attackers to hack iPhones, iPads, or Macs. Apple has released an emergency security [...]
Windows KB5012170 update causing BitLocker recovery screens, boot issues
Windows users who have installed a new KB5012170 security update for Secure Boot have encountered various issues, ranging from boots failing with BitLocker Recovery prompts to performance issues. During the [...]
Researchers found one-click exploits in Discord and Teams
A group of security researchers found a series of vulnerabilities in the software underlying popular apps like Discord, Microsoft Teams, Slack and many others, which are used by tens of [...]
Chinese Hackers Backdoored MiMi Chat App to Target Windows, Linux, macOS Users
Reports from cybersecurity firms SEKOIA and Trend Micro confirm that a new effort by the Chinese threat actor Lucky Mouse involves using a trojanized version of a cross-platform messaging software to backdoor devices. An [...]
SOVA malware adds ransomware feature to encrypt Android devices
Sova malware adds new features that make it more dangerous to a wider range of Android payment and banking app users. SOVA Malware The Sova Android banking malware first appeared [...]
Palo Alto Networks: New PAN-OS DDoS flaw exploited in attacks
Threat actors are exploiting a vulnerability, tracked as CVE-2022-0028 a high severity issue in Palo Alto Networks devices running the PAN-OS to launch reflected amplification denial-of-service attacks. PAN-OS DDOS flaw The root [...]
Researchers Warn of Ongoing Mass Exploitation of Zimbra RCE Vulnerability
The US Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two disadvantages of it Catalog of known vulnerabilities in useciting evidence of active exploitation. Two high-severity issues are related to vulnerabilities in [...]
Cisco hacked by Yanluowang ransomware gang, 2.8GB allegedly stolen
Cisco confirmed today that the Yanluowang ransomware group infiltrated its corporate network in late May and that the actor attempted to blackmail them, threatening to leak stolen files online. Yanluowang [...]
Experts Uncover Details on Maui Ransomware Attack by North Korean Hackers
The first-ever incident possibly linked to the ransomware family known as Maui occurred on April 15, 2021, and targeted an unnamed Japanese housing company. Kaspersky’s disclosure comes a month after [...]
Windows 11 KB5016629 update fixes Start Menu, File Explorer issues
Microsoft has released the Windows 11 KB5016629 cumulative update with security updates, improvements, including fixes for File Explorer and the Start Menu and a new Focus Assist feature. What's new [...]
Microsoft: Exchange ‘Extended Protection’ needed to fully patch new bugs
Microsoft says that some of the Exchange Server flaws addressed as part of the August 2022 Patch Tuesday also require admins to manually enable Extended Protection on affected servers to [...]
CISA warns of Windows and UnRAR flaws exploited in the wild
The U.S. Cybersecurity and Infrastructure Security Agency has added two more flaws to its catalog of Known Exploited Vulnerabilities, based on evidence of active exploitation. CVE-2022-34713 and informally referred to [...]
-
New IoT RapperBot Malware Targeting Linux Servers via SSH Brute-Forcing Attack GalleryNew IoT RapperBot Malware Targeting Linux Servers via SSH Brute-Forcing Attack
Exploitation, IOC's, Linux Malware, malicious cyber actors, Malware, Mobile Security, Security Advisory, Security Update, Targeted Attacks
New IoT RapperBot Malware Targeting Linux Servers via SSH Brute-Forcing Attack
A new IoT botnet malware dubbed RapperBot has been noticed promptly evolving its capabilities because it was 1st discovered in mid-June 2022. RapperBot Malware RapperBot has limited DDoS capabilities, it [...]
New GwisinLocker ransomware encrypts Windows and Linux ESXi servers
A new ransomware family called ‘GwisinLocker’ targets South Korean industrial and pharmaceutical companies. GwisinLocker ransomware ReversingLabs researchers discovered a new ransomware family targeting Linux-based systems. The malware, dubbed GwisinLocker was [...]
Critical RCE vulnerability impacts 29 models of DrayTek routers
Researchers at Trellix have discovered a critical unauthenticated remote code execution (RCE) vulnerability impacting 29 models of the DrayTek Vigor series of business routers. The vulnerability is tracked as CVE-2022-32548 [...]
Russian organizations attacked with new Woody RAT malware
On Wednesday, Hackers attacks Russian organizations with the newly discovered malware, allowing them to take control and steal information from compromised devices remotely. According to Malwarebytes, one of the Russian [...]
VMware Releases Patches for Several New Flaws Affecting Multiple Products
VMware on Tuesday released updates to address 10 security flaws affecting several products that could be used by unauthenticated attackers to perform malicious activities. CVE-2022-31656 to CVE-2022-31665 Issues tracked from [...]
VirusTotal Reveals Most Impersonated Software in Malware Attacks
Threat actors are increasingly mimicking legitimate applications like Skype, Adobe Reader, and VLC Player as a means to abuse trust relationships and increase the likelihood of a successful social engineering [...]
Gootkit Loader Resurfaces with Updated Tactic to Compromise Targeted Computers
The operators of the Gootkit access-as-a-service (AaaS) malware have resurfaced with updated techniques to compromise unsuspecting victims. All about GootKit : The Gootkit Access-as-a-Service (AaaS) malware's operators have reemerged with [...]
North Korean Hackers Using Malicious Browser Extension to Spy on Email Accounts
A group of North Korean hackers is using a rogue Microsoft Edge or Chrome plugin to track or access user email accounts. Cybersecurity firm Volexity attributed the malware to an activity cluster it calls SharpTongue, [...]
Researchers Warns of Increase in Phishing Attacks Using Decentralized IPFS Network
The decentralized file system solution known as IPFS is becoming the new "hotbed" for hosting phishing sites, researchers have warned. What’s with IPFS and why do attackers use it? IPFS [...]
LibreOffice Releases Software Update to Patch 3 New Vulnerabilities
The team behind LibreOffice has released security updates to fix three security flaws in the productivity software, one of which could be exploited to achieve arbitrary code execution on affected [...]
-
Malicious IIS Extensions Gaining Popularity Among Cyber Criminals for Persistent Access GalleryMalicious IIS Extensions Gaining Popularity Among Cyber Criminals for Persistent Access
Compromised, Internet Security, malicious cyber actors, Malicious extension, Malware, Security Advisory, Security Update, Tips
Malicious IIS Extensions Gaining Popularity Among Cyber Criminals for Persistent Access
Risk actors are significantly abusing Internet Details Services (IIS) extensions to backdoor servers as a means of establishing a “long lasting persistence mechanism.” Microsoft 365 Defender Research Team released a [...]
Experts Find Similarities Between New LockBit 3.0 and BlackMatter Ransomware
Cybersecurity researchers have reiterated similarities involving the hottest iteration of the LockBit ransomware and BlackMatter, a rebranded variant of the DarkSide ransomware strain that closed store in November 2021. The [...]
Windows 11 now blocks RDP brute-force attacks by default
Recent Windows 11 builds come with the Account Lockout Policy policy enabled by default which will automatically lock user accounts (including Administrator accounts) after 10 failed sign-in attempts for 10 [...]
Candiru Spyware Caught Exploiting Google Chrome Zero-Day to Target Journalists
An Israeli spyware outfit turned the actively exploited, but now patched, Google Chrome zero-day issue into a weapon that it deployed to assault Middle Eastern journalists. Candiru Spyware The exploitation [...]
Microsoft Resumes Blocking Office VBA Macros by Default After ‘Temporary Pause’
Microsoft announced today that it resumed the rollout of VBA macro auto-blocking in downloaded Office documents after temporarily rolling it back earlier this month following user feedback. Earlier this February, Microsoft [...]
New Linux Malware Framework Lets Attackers Install Rootkit on Targeted Systems
A never ever-in advance of-observed Linux malware has been dubbed a “Swiss Military Knife” for its modular architecture and its functionality to set up rootkits. Lightning Framework This previously undetected [...]
Atlassian fixes critical Confluence hardcoded credentials flaw
Atlassian has patched a crucial hardcoded credentials vulnerability in Confluence Server and Information Heart that would let distant, unauthenticated attackers log into weak, unpatched servers. One of the flaws – CVE-2022-26136 – [...]
Experts Uncover New CloudMensis Spyware Targeting Apple macOS Users
Cybersecurity researchers have taken the wraps off a earlier undocumented spyware focusing on the Apple macOS working technique. The malware, codename CloudMensis by Slovakian cybersecurity company ESET, is said to exclusively use [...]
Russian Hackers Using DropBox and Google Drive to Drop Malicious Payloads
State-backed hackers part of Russia's Federation Foreign Intelligence Service (SVR) have started using Google Drive legitimate cloud storage service to evade detection. APT29, also tracked beneath the monikers Cozy Bear, [...]
New Air-Gap Attack Uses SATA Cable as an Antenna to Transfer Radio Signals
Researchers , have published a paper that demonstrates how a hacker could extract data from an otherwise secure system via its SATA cable. The attack uses the SATA cable itself [...]
7 Phases of Incident Response
Incident Response :Sensitive data and confidential information are the new gold in the digital age, and cyber criminals are naturally always in pursuit of this goldmine. To streamline the process [...]
Netwrix Auditor Bug Could Lead to Active Directory Domain Compromise
Netwrix IT asset tracker and compliance auditor, used across more than 11,500 organizations, contains a critical Insecure Object Deserialization vulnerability that could lead to Active Directory domain compromise. Netwrix The firm [...]
Juniper Releases Patches for Critical Flaws in Junos OS and Contrail Networking
Juniper Networks this week announced the release of patches for more than 30 vulnerabilities across its portfolio, including severe flaws in Contrail Networking and Junos OS. Two advisories describing a total of [...]
New UEFI firmware flaws impact over 70 Lenovo laptop models
The UEFI firmware used in several laptops made by Lenovo is vulnerable to three buffer overflow vulnerabilities that could enable attackers to hijack the startup routine of Windows installations. Lenovo [...]
Amazon squashes years-old authentication bugs in AWS Kubernetes service
AWS fixed three authentication bugs present in one line of code in its IAM Authenticator for Kubernetes, used by the cloud giant's popular managed Kubernetes service Amazon EKS, that could [...]
ChromeLoader: New Stubborn Malware Campaign
A new browser hijacker/adware campaign named ChromeLoader also known as Choziosi Loader and ChromeBack was discovered. Despite using simple malicious advertisements, the malware became widespread, potentially leaking data from thousands [...]
Microsoft: Windows Autopatch is now generally available
Microsoft on Monday announced the general availability of a feature called Autopatch that automatically keeps Windows and Office software up-to-date on enrolled endpoints. Microsoft Auto Patch Microsoft's new auto patch service It [...]
Checkmate Ransomware Targets QNAP SMB Services
New Checkmate ransomware has been discovered targeting QNAP NAS devices. Although the attacks are still being investigated, it is known that these new ransomware attacks through SMB services are accessible via the internet. QNAP [...]
TrickBot Gang Shifted its Focus on “Systematically” Targeting Ukraine
The operators of the TrickBot malware have resorted to systematically targeting Ukraine since the onset of the war. The group is believed to have orchestrated at minimum 6 phishing strategies [...]
Hive Ransomware Upgraded to Rust to Deliver More Sophisticated Encryption
Researchers from Microsoft Security have spotted an upgraded version of the ransomware-as-a-service (RaaS) dubbed Hive. Hive Ransomware Hive was first detected in June 2021, with the data-encrypting software being offered [...]
Researchers Warn of New OrBit Linux Malware That Hijacks Execution Flow
A new and entirely undetected Linux threat dubbed Orbit, signally a growing trend of malware attacks towards operating system. Orbit Malware The malware gets its name from one of the [...]
AsyncRAT being distributed to vulnerable MYSQL servers
The ShadowServer foundation has recently released a report showing that there are about 3.6 million MySQL servers exposed to outside. Along with MS-SQL server, MySQL server is one of the [...]
Researchers Uncover Malicious NPM Packages Stealing Data from Apps and Web Forms
Researchers have uncovered a software supply-chain attack involving packages hosted on the Node Package Manager (npm), which is the package manager for the Node.js JavaScript platform. The campaign leveraged malicious [...]
Gitlab patches critical RCE bug in latest security release
Gitlab has patched a critical vulnerability that could allow an attacker to execute code remotely. The security issue, which has been rated as critical, has been discovered in all versions of GitLab, [...]
Microsoft: Raspberry Robin worm already infected hundreds of networks
Raspberry Robin is a Windows worm discovered by cybersecurity researchers from Red Canary, the malware propagates through removable USB devices. The malicious code uses Windows Installer to reach out to QNAP-associated [...]
Jenkins discloses dozens of zero-day bugs in multiple plugins
The Jenkins security team announced 34 security vulnerabilities affecting 29 plugins for the Jenkins open-source automation server. 29 of these bugs are zero-days still waiting to be patched. It is a [...]
AstraLocker 2.0 infects users directly from Word attachments
AstraLocker 2.0 is a ransomware variant belonging to the Babuk family. It recently released its second major release, and according to threat analysts, its operators are involved in rapid attacks that drop [...]
evilnum hackers return in new operation targeting migration orgs
The Evilnum hacking group have been targeting European organisations that are involved in international migration, showing renewed signs of malicious activity within the group. Campaign Details Zscaler’s analysts have discovered [...]
New ZuoRAT malware targets SOHO routers in North America, Europe
A multistage remote access trojan (RAT) named ZuoRAT has been targeting remote workers with the help of small office/ home office (SOHO) routers across North America and Europe since 2020. [...]
Android Malware Called ‘Revive’ Poses as 2FA App For Spain’s BBVA Bank
The 2FA application necessary to access BBVA bank accounts in Spain is impersonated by a new Android banking malware called Revive. Instead of aiming to infect consumers of various financial [...]
Microsoft Exchange bug abused to hack building automation systems
A Chinese-speaking threat actor has hacked into the building automation systems (used to control HVAC, fire, and security functions) of several Asian organizations to backdoor their networks and gain access [...]
Critical Security Flaws Identified in CODESYS ICS Automation Software
CODESYS has launched patches to handle as many as 11 safety flaws that, if efficiently exploited, may end in info disclosure and a denial-of-service (DoS) situation, amongst others. The vulnerability [...]
Attackers exploited a zero-day in Mitel VOIP devices to compromise a network
CrowdStrike researchers recently investigated the compromise of a Mitel VOIP appliance as an entry point in a ransomware attack against the network of an organization. Mitel VOIP Mitel VOIP devices [...]
Dark Web Profile: Netwalker Ransomware
Many ransomware gangs have attempted and failed to quake the cybersecurity landscape. But some have broken through and even rearranged it with their obfuscatory cyberattack methods. Netwalker ransomware is an example of such a [...]
Malicious Windows ‘LNK’ attacks made easy with new Quantum builder
Malware researchers have noticed a new tool that helps cybercriminals build malicious. LNK files to deliver payloads for the initial stages of an attack. Some of the prevalent malware families [...]
Chinese language hackers use ransomware as decoy for cyber espionage
Two Chinese language hacking teams conducting cyber espionage and stealing mental property from Japanese and western firms are deploying ransomware as a decoy. The use of ransomware in espionage operations [...]
Google patched 14 vulnerabilities with release of chrome 103
Google announced the release of Chrome 103 to the stable channel with patches for a total of 14 vulnerabilities, including nine reported by external researchers. CVE-2022-2156, which is described as [...]
Chinese hackers target script kiddies with info-stealer trojan
Cybersecurity researchers have discovered a new campaign attributed to the chinese "Tropic Trooper" hacking group. Tropic Trooper was previously observed targeting Philippines, Hong Kong and Taiwan; while the two latest [...]
Russian govt hackers hit Ukraine with Cobalt Strike, CredoMap malware
The Ukrainian CERT is warning that russian hacking groups are exploiting the Follina code execution vulnerability in new phishing campaigns to install the CredoMap malware and Cobalt Strike beacons. This [...]
VMware Spring Cloud Function Dos Vulnerability
In Vmware Spring Cloud Function versions 3.2.5 and older unsupported versions, it is possible for a user who directly interacts with framework provided lookup functionality to cause denial of service [...]
New ToddyCat APT group targets Exchange servers in Asia, Europe
A complicated persistent menace (APT) group dubbed ToddyCat has been focusing on Microsoft Trade servers all through Asia and Europe for greater than a year. Whereas monitoring the group’s exercise, [...]
BRATA Malware Becomes an Advanced Threat
The malicious attacker driving the BRATA banking trojan has upgraded its techniques and added information-stealing features to the malware. Cleafy, an Italian mobile security firm, has followed BRATA activity and [...]
730K WordPress Sites Force-Updated To Patch Critical Plugin Bug
WordPress sites using Ninja Forms, a forms builder plugin with more than 1 million installations, have been force-updated this week to a new build that addresses a critical security vulnerability. The [...]
High-Severity RCE Vulnerability Reported in Popular Fastjson Library
Cybersecurity researchers have detailed a recently patched high-severity security vulnerability in the popular Fastjson library that could be potentially exploited to achieve remote code execution. Tracked as CVE-2022-25845 -The package com.alibaba:fastjson before [...]
Ransomware Gang Creates Site for Victims to Search for Their Stolen Data
The ALPHV ransomware gang, also known as BlackCat has created a dedicated website that allows the customers and employees of their victims to check if their data was stolen in [...]
Hackers exploit three-year-old Telerik flaws to deploy cobalt strike
The "Blue Mockingbird" group has targeted Telerik UI vulnerabilities to compromise servers. The threat actor installed the Cobalt Strike beacon and mined Monero. The flaw leveraged by the attacker is CVE-2019-18935, a critical severity that [...]
New Hertzbleed side-channel attack affects Intel,AMD CPUs
A new side-channel attack known as Hertzbleed allows remote attackers to steal full cryptographic keys by observing variations in CPU frequency enabled by dynamic voltage and frequency scaling(DVFS). This is [...]
Citrix Releases Security Updates for Application Delivery Management
Citrix has released security updates to address vulnerabilities in application delivery management. An attacker could exploit these vulnerabilities to take control of an affected system. Corruption of the system by [...]
New Zimbra Email Vulnerability Could Let Attackers Steal Your Login Credentials
Zimbra is an enterprise-level email solution, similar to Microsoft Exchange. It comes with mail servers, load balancing features, a powerful web interface, and more. Tracked as CVE-2022-27924 (CVSS score: 7.5), [...]
Hello XD ransomware now drops a backdoor while encrypting
Cybersecurity researchers report increased activity of the Hello XD ransomware, whose operators are now deploying an stronger encryption .Instead, it prefers to direct the impacted victim to negotiations through TOX [...]
Emotet Malware is Now Harvesting Credit Card Information from Google Chrome Browser
Google Chrome has been infected with a new type of malware known as Emotet, which steal users' confidential credit card information. Proofpoint security researchers have found that the botnet is now [...]