NEWS
HotRat: New Variant of AsyncRAT Malware Spreading Through Pirated Software
A new variant of AsyncRAT malware dubbed HotRat is being distributed via free, pirated versions of popular software and utilities such as video games, image and sound editing software, and Microsoft Office. "HotRat malware equips attackers with a wide array of...
Sophisticated BundleBot Malware Disguised as Google AI Chatbot and Utilities
A new malware strain known as BundleBot has been stealthily operating under the radar by taking advantage of .NET single-file deployment techniques, enabling threat actors to capture sensitive information from compromised hosts. "BundleBot is abusing the dotnet bundle...
Local Governments Targeted for Ransomware – How to Prevent Falling Victim
Regardless of the country, local government is essential in most citizens' lives. It provides many day-to-day services and handles various issues. Therefore, their effects can be far-reaching and deeply felt when security failures occur. In early 2023, Oakland,...
DDoS Botnets Hijacking Zyxel Devices to Launch Devastating Attacks
Several distributed denial-of-service (DDoS) botnets have been observed exploiting a critical flaw in Zyxel devices that came to light in April 2023 to gain remote control of vulnerable systems. "Through the capture of exploit traffic, the attacker's IP address was...
Citrix NetScaler ADC and Gateway Devices Under Attack: CISA Urges Immediate Action
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory on Thursday warning that the newly disclosed critical security flaw in Citrix NetScaler Application Delivery Controller (ADC) and Gateway devices is being abused to drop web shells on...
Mallox Ransomware Exploits Weak MS-SQL Servers to Breach Networks
Mallox ransomware activities in 2023 have witnessed a 174% increase when compared to the previous year, new findings from Palo Alto Networks Unit 42 reveal. "Mallox ransomware, like many other ransomware threat actors, follows the double extortion trend: stealing data...
Critical Flaws in AMI MegaRAC BMC Software Expose Servers to Remote Attacks
Two more security flaws have been disclosed in AMI MegaRAC Baseboard Management Controller (BMC) software that, if successfully exploited, could allow threat actors to remotely commandeer vulnerable servers and deploy malware. "These new vulnerabilities range in...
Apache OpenMeetings Web Conferencing Tool Exposed to Critical Vulnerabilities
Multiple security flaws have been disclosed in Apache OpenMeetings, a web conferencing solution, that could be potentially exploited by malicious actors to seize control of admin accounts and run malicious code on susceptible servers. "Attackers can bring the...
North Korean State-Sponsored Hackers Suspected in JumpCloud Supply Chain Attack
An analysis of the indicators of compromise (IoCs) associated with the JumpCloud hack has uncovered evidence pointing to the involvement of North Korean state-sponsored groups, in a style that's reminiscent of the supply chain attack targeting 3CX. The findings come...
A Few More Reasons Why RDP is Insecure (Surprise!)
If it seems like Remote Desktop Protocol (RDP) has been around forever, it's because it has (at least compared to the many technologies that rise and fall within just a few years.) The initial version, known as "Remote Desktop Protocol 4.0," was released in 1996 as...
Turla’s New DeliveryCheck Backdoor Breaches Ukrainian Defense Sector
The defense sector in Ukraine and Eastern Europe has been targeted by a novel .NET-based backdoor called DeliveryCheck (aka CAPIBAR or GAMEDAY) that's capable of delivering next-stage payloads. The Microsoft threat intelligence team, in collaboration with the Computer...
New P2PInfect Worm Targeting Redis Servers on Linux and Windows Systems
Cybersecurity researchers have uncovered a new cloud targeting, peer-to-peer (P2P) worm called P2PInfect that targets vulnerable Redis instances for follow-on exploitation. "P2PInfect exploits Redis servers running on both Linux and Windows Operating Systems making it...
Microsoft Expands Cloud Logging to Counter Rising Nation-State Cyber Threats
Microsoft on Wednesday announced that it's expanding cloud logging capabilities to help organizations investigate cybersecurity incidents and gain more visibility after facing criticism in the wake of a recent espionage attack campaign aimed at its email...
Adobe Rolls Out New Patches for Actively Exploited ColdFusion Vulnerability
Adobe has released a fresh round of updates to address an incomplete fix for a recently disclosed ColdFusion flaw that has come under active exploitation in the wild. The critical shortcoming, tracked as CVE-2023-38205 (CVSS score: 7.5), has been described as an...
CISA and NSA Issue New Guidance to Strengthen 5G Network Slicing Against Threats
U.S. cybersecurity and intelligence agencies have released a set of recommendations to address security concerns with 5G standalone network slicing and harden them against possible threats. "The threat landscape in 5G is dynamic; due to this, advanced monitoring,...
How to Manage Your Attack Surface?
Attack surfaces are growing faster than security teams can keep up. To stay ahead, you need to know what's exposed and where attackers are most likely to strike. With cloud migration dramatically increasing the number of internal and external targets, prioritizing...
Chinese APT41 Hackers Target Mobile Devices with New WyrmSpy and DragonEgg Spyware
The prolific China-linked nation-state actor known as APT41 has been linked to two previously undocumented strains of Android spyware called WyrmSpy and DragonEgg. "Known for its exploitation of web-facing applications and infiltration of traditional endpoint devices,...
Exploring the Dark Side: OSINT Tools and Techniques for Unmasking Dark Web Operations
On April 5, 2023, the FBI and Dutch National Police announced the takedown of Genesis Market, one of the largest dark web marketplaces. The operation, dubbed "Operation Cookie Monster," resulted in the arrest of 119 people and the seizure of over $1M in...