The Hacker News
Mirai-based Botnet Exploiting Zero-Day Bugs in Routers and NVRs for Massive DDoS Attacks
Active malware campaign exploits zero-day vulnerabilities to create a Mirai-based DDoS botnet targeting routers and NVR devices.
Security Affairs
APT29 group exploited WinRAR 0day in attacks against embassies
Russia-linked cyberespionage group APT29 has been observed leveraging the CVE-2023-38831 vulnerability in WinRAR in recent attacks.
Security Affairs
DarkCasino joins the list of APT groups exploiting WinRAR 0day
The DarkCasino APT group leveraged a recently disclosed WinRAR zero-day vulnerability tracked as CVE-2023-38831.
The Hacker News
Experts Uncover DarkCasino: New Emerging APT Threat Exploiting WinRAR Flaw
DarkCasino: From Zero-Day Exploit to APT Threat! Cybersecurity experts classify DarkCasino as a powerful APT group after exploiting a WinRAR flaw
The Hacker News
Alert: OracleIV DDoS Botnet Targets Public Docker Engine APIs to Hijack Containers
Publicly-accessible Docker Engine API instances are under attack! Threat actors aim to create a DDoS botnet called OracleIV.
The Hacker News
Google TAG Detects State-Backed Threat Actors Exploiting WinRAR Flaw
Google TAG security experts uncover Russian and Chinese state-backed threat actors exploiting WinRAR vulnerability (CVE-2023-38831)
Bleeping Computer
Google links WinRAR exploitation to multiple state hacking groups
Google says multiple state-backed hacking groups are gaining arbitrary code execution on targets' systems by exploiting a high-severity vulnerability in WinRAR, a compression software with over 500 million users.
Bleeping Computer
Google links WinRAR exploitation to Russian, Chinese state hackers
Google says that several state-backed hacking groups have joined ongoing attacks exploiting a high-severity vulnerability in WinRAR, a compression software used by over 500 million users, aiming to gain arbitrary code execution on targets' systems.
The Hacker News
Iranian APT Group OilRig Using New Menorah Malware for Covert Operations
Iranian cyber group OilRig strikes again with spear-phishing campaign, deploying a new Menorah malware for cyberespionage.
Trend Micro
APT34 Deploys Phishing Attack With New Malware
We observed and tracked the advanced persistent threat (APT) APT34 group with a new malware variant accompanying a phishing attack comparatively similar to the SideTwist backdoor malware. Following the campaign, the group abused a fake license registration form of an African government agency to target a victim in Saudi Arabia.
The Hacker News
Red Cross-Themed Phishing Attacks Distributing DangerAds and AtlasAgent Backdoors
Beware of AtlasCross! They're using Red Cross-themed phishing to deploy sneaky backdoors.
Bleeping Computer
New AtlasCross hackers use American Red Cross as phishing lure
A new APT hacking group named 'AtlasCross' targets organizations with phishing lures impersonating the American Red Cross to deliver backdoor malware.
The Hacker News
Alert: Phishing Campaigns Deliver New SideTwist Backdoor and Agent Tesla Variant
Iranian hackers deploying SideTwist backdoor in fresh phishing attack. Separate campaign features new variant of Agent Tesla
Ars Technica
Microsoft signing keys keep getting hijacked, to the delight of Chinese threat actors
What's the point of locks when hackers can easily get the keys to unlock them?
The Hacker News
WinRAR Security Flaw Exploited in Zero-Day Attacks to Target Traders
The recent WinRAR vulnerability was exploited as a zero-day since April to compromise traders' devices and withdraw money.
Infosecurity News
WinRAR Vulnerability Affects Traders Worldwide
Group-IB said cyber-criminals used the flaw to create archives packaged with DarkMe, GuLoader and Remcos RAT
Security Affairs
Carderbee APT targets Hong Kong orgs via supply chain attacks
A previously unknown APT group, tracked as Carderbee, was behind a supply chain attack against Hong Kong organizations. Symantec Threat Hunter Team reported that a previously unknown APT group, tracked as Carderbee, used a malware-laced version of the legitimate Cobra DocGuard software to carry out a supply chain attack aimed at organizations in Hong Kong. […]
SecurityWeek
New 'Carderbee' APT Targeted Chinese Security Software in Supply Chain Attack
A new APT called Carderbee has been observed deploying the PlugX backdoor via a supply chain attack targeting organizations in Hong Kong.
Infosecurity News
New Chinese APT Group Launches Supply Chain Attacks
Legitimate software used to deploy backdoor malware
CyberScoop
Previously unknown hacking group targets Hong Kong organizations in supply chain cyberattack
The unknown and unattributed hackers compromised legitimate software in apparent focused attack, researchers said.
The Record
Legitimate software tainted in attacks on Hong Kong organizations, report says
Symantec says it found abuse of the legitimate Cobra DocGuard software by a previously unknown advanced persistent threat (APT) group that it's labeling as Carderbee.
Infosecurity News
Microsoft: Critical CODESYS Flaws Could Shut Down Power Plants
The vulnerabilities put critical infrastructure organizations at risk of attacks such as remote code execution (RCE) and denial of service (DoS)
CSO
Google urges users to update Chrome to address zero-day vulnerability
Google has released Chrome version 112.0.5615.121 to address a vulnerability that can allow malicious code execution on Windows, Mac, and Linux systems.
Security Affairs
Two critical flaws affect CODESYS ICS Automation Software
CODESYS addressed 11 security flaws in the ICS Automation Software that could lead to information disclosure and trigger a denial-of-service (DoS) condition. CODESYS has released security patches to fix eleven 11 vulnerabilities in its ICS Automation Software. CoDeSys is a development environment for programming controller applications according to the international industrial standard IEC 61131-3. The […]
Infosecurity News
Chinese Researchers Find Critical Security Flaws in CoDeSys Automation Software
Vulnerabilities could allow attackers to gain unauthorized access to company resources or carry out denial-of-service attacks
Latest Hacking News
Code Injection Vulnerability Found In Spring Cloud Framework
Researchers discovered a significant security vulnerability in the Spring Cloud Function allowing code injection attacks. While the vendors have fixed the bug, the patch awaits rollout in the stable release. Spring Cloud Framework Vulnerability According to the