HACKRead
Cybercriminals Exploit ActiveMQ Flaw to Spread GoTitan Botnet, PrCtrl Rat
The recently discovered GoTitan botnet is built on the Golang programming language, whereas PrCtrl Rat is a .NET program.
Cyber Security News
GoTitan Botnet Actively Exploiting Apache ActiveMQ Vulnerability
Attackers are exploiting the recently discovered critical security vulnerability tracked as (CVE-2023-46604) affecting Apache ActiveMQ.
Cyber Security News
Hackers using Weaponized Office Document to Exploit Windows Search RCE
A new attack chain campaign has been discovered which involves the exploitation of CVE-2023-36884 and CVE-2023-36584. CVE-2023-36884.
Trend Micro
ParaSiteSnatcher How Malicious Chrome Extensions Target Brazil
We detail the modular framework of malicious Chrome extensions that consist of various highly obfuscated components that leverage Google Chrome API to monitor, intercept, and exfiltrate victim data.
Cyber Security News
Splunk RCE Vulnerability Let Attackers Upload Malicious File
A high-severity Remote Code Execution (RCE) flaw in Splunk Enterprise has been discovered, enabling an attacker to upload malicious files.
Trend Micro
CVE-2023-46604 (Apache ActiveMQ) Vulnerability Exploited to Infect Systems With Cryptominers and Rootkits
We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner.
Cyber Security News
Wireshark 4.2.0 Released - What’s New!
Wireshark is a popular open-source network protocol analyzer that is primarily used by security experts and network administrators.
The Hacker News
New PoC Exploit for Apache ActiveMQ Flaw Could Let Attackers Fly Under the Radar
New PoC exploit for CVE-2023-46604 flaw in Apache ActiveMQ could let attackers stealthily execute malicious code.
Bleeping Computer
Hackers breach healthcare orgs via ScreenConnect remote access
Security researchers are warning that hackers are targeting multiple healthcare organizations in the U.S. by abusing the ScreenConnect remote access tool.
Bleeping Computer
Malicious Solana, Kucoin packages infect NuGet devs with SeroXen RAT
Malicious NuGet packages appearing to have over 2 million downloads impersonate crypto wallets, crypto exchange, and Discord libraries to infect developers with the SeroXen remote access trojan.
Cyber Security News
SAP Patches for XSS, Log Injection & Other Vulnerabilities
SAP has released the security patches for the Patch Day of October 2023 in which they have a release of new Security Notes and 2 updates.
SecurityWeek
SAP Releases 7 New Notes on October 2023 Patch Day
SAP has released seven new notes as part of its October 2023 Security Patch Day, all rated ‘medium severity’.
Cyber Security News
Threat Actors Employ Remote Admin Tools to Gain Access over Corporate Networks
Cybersecurity researchers at CRIL (Cyble Research and Intelligence Labs) noted a campaign targeting Russian users, where threat actors created phishing sites mimicking restricted apps
The DFIR Report
From ScreenConnect to Hive Ransomware in 61 hours - The DFIR Report
In 2022, The DFIR Report observed an increase in the adversarial usage of Remote Management and Monitoring (RMM) tools. When compared to post-exploitation channels that heavily rely on terminals, such … Read More
Latest Hacking News
Hackers Target Azerbaijan Users With A Novel Rust Malware
Researchers have caught a new malware campaign in the wild that deploys a novel Rust-based malware to Azerbaijan targets. While not linked to a known threat actor group, the campaign still includes some false flags,
The Hacker News
Operation Rusty Flag: Azerbaijan Targeted in New Rust-Based Malware Campaign
Researchers warn of a new sophisticated campaign, Operation Rusty Flag, deploying Rust-based malware in Azerbaijan.
Cyber Security News
Dastardly From BurpSuite: Lightweight Web App Security Scanner
Dastardly is a powerful web vulnerability DAST (Dynamic Application Security Testing) scanner developed to assist organizations.
SecurityWeek
Threat Actors Adopt, Modify Open Source 'SapphireStealer' Information Stealer
Cisco has observed multiple threat actors adopting the SapphireStealer information stealer after its source code was released on GitHub.
Bleeping Computer
New Android MMRat malware uses Protobuf protocol to steal your data
A novel Android banking malware named MMRat utilizes a rarely used communication method, protobuf data serialization, to more efficiently steal data from compromised devices.
The DFIR Report
HTML Smuggling Leads to Domain Wide Ransomware - The DFIR Report
We’ve previously reported on a Nokoyawa ransomware case in which the initial access was via an Excel macro and IcedID malware. This case, which also ended in Nokoyawa Ransomware, involved … Read More
Cyber Security News
Threat and Vulnerability Roundup for the week of August 20th to 26th
Critical flaws, exploits, and recent techniques for attacking have all been highlighted. We also offer the most latest software upgrades to keep your devices safe.
SecurityWeek
North Korean APT Hacks Internet Infrastructure Provider via ManageEngine Flaw
North Korea-linked Lazarus Group exploited a ManageEngine vulnerability to compromise an internet backbone infrastructure provider.
DarkReading
Adobe Patches Critical Deserialization Vulnerability, but Exploits Persist
The vulnerability was being exploited in the wild, targeting two versions of Adobe ColdFusion.
Bleeping Computer
Microsoft PowerShell Gallery vulnerable to spoofing, supply chain attacks
Lax policies for package naming on Microsoft's PowerShell Gallery code repository allow threat actors to perform typosquatting attacks, spoof popular packages and potentially lay the ground for massive supply chain attacks.
Bleeping Computer
Thousands of Android APKs use compression trick to thwart analysis
Threat actors increasingly distribute malicious Android APKs (packaged app installers) that resist decompilation using unsupported, unknown, or heavily tweaked compression algorithms.
DarkReading
Patch Now: OpenNMS Bug Steals Data, Triggers Denial of Service
Monitoring platform is trusted by Cisco, Savannah River Nuclear Solutions, and others in CISA's critical infrastructure Sectors, say Synopsys researchers.
Latest Hacking News
Zimbra Patched An XSS Zero-Day Vulnerability Under Active Attack
Zimbra recently addressed a severe zero-day vulnerability found actively exploited in the wild. While the vulnerability previously received a fix, Zimbra re-released the XSS zero-day patch with the latest software version, urging users to update. Active
SecurityWeek
Zimbra Patches Exploited Zero-Day Vulnerability
Zimbra has released patches for a cross-site scripting (XSS) vulnerability that has been exploited in malicious attacks.
Security Affairs
Zimbra fixed actively exploited zero-day CVE-2023-38750 in ZCS
Zimbra addressed a zero-day vulnerability exploited in attacks aimed at Zimbra Collaboration Suite (ZCS) email servers. Two weeks ago Zimbra urged customers to manually install updates to fix a zero-day vulnerability, now tracked as CVE-2023-38750, that is actively exploited in attacks against Zimbra Collaboration Suite (ZCS) email servers. Zimbra Collaboration Suite is a comprehensive open-source messaging and […]
Bleeping Computer
Zimbra patches zero-day vulnerability exploited in XSS attacks
Two weeks after the initial disclosure, Zimbra has released security updates that patch a zero-day vulnerability exploited in attacks targeting Zimbra Collaboration Suite (ZCS) email servers.
Naked Security
S3 Ep144: When threat hunting goes down a rabbit hole
Latest episode – check it out now!
Infosecurity News
How Cyber Threat Intelligence Practitioners Should Leverage Automation and AI
The Cyber Threat Intelligence Summit discussed how automation and generative AI could help CTI practitioners tackle the overload of data they have to process
The Hacker News
Cybercriminals Exploit Microsoft Word Vulnerabilities to Deploy LokiBot Malware
Cybercriminals are leveraging exploits for CVE-2021-40444 and CVE-2022-30190 to execute code through malicious Word files.
Cyber Security News
Hackers are Actively Exploiting Zero-day Flaw in Zimbra Server
Recent reports indicate that Zimbra Collaboration Suite 8.8.15 had a vulnerability that exists in the mom veto file on the web server .
Security Affairs
Indexing Over 15 Million WordPress Websites with PWNPress
Sicuranex’s PWNPress platforms indexed over 15 million WordPress websites, it collects data related to vulnerabilities and misconfigurations Leveraging the extensive Common Crawl dataset and pushing the boundaries of data analysis, cybersecurity firm Sicuranex successfully indexed over 15 million WordPress websites. This endeavor involved parsing the entire Web Archive Text (WAT) database, a massive 21 TiB repository, to identify […]
Cyber Security News
10 Mobile App Security Scanners to Detect Vulnerability in Applications 2023
Best Mobile app security scanners: 1. Android Debug Bridge 2. SandDroid 3. App-Ray4. Drozer 5. Synopsys 6. Quixxi 7. StacoAn 8. Ostorlab
Naked Security
Apple silently pulls its latest zero-day update – what now?
Previously, we said “do it today”, but now we’re forced back on: “Do not delay; do it as soon as Apple and your device will let you.”
Trend Micro
Tailing Big Head Ransomware’s Variants, Tactics, and Impact
We analyze the technical details of a new ransomware family named Big Head. In this entry, we discuss the Big Head ransomware’s similarities and distinct markers that add more technical details to initial reports on the ransomware.
Security Affairs
The Impacts of Data Loss on Your Organization
What are the causes of Data Loss and which are their impact on your organization? In today’s digital age, data has become the lifeblood of organizations, driving critical decision-making, improving operational efficiency, and allowing for smoother innovation. Simply put, businesses heavily rely on data. In an era where data has become the cornerstone of business […]
Bleeping Computer
BlackCat ransomware pushes Cobalt Strike via WinSCP search ads
The BlackCat ransomware group (aka ALPHV) is running malvertizing campaigns to lure people into fake pages that mimic the official website of the WinSCP file-transfer application for Windows but instead push malware-ridden installers.
SecurityWeek
MITRE Updates CWE Top 25 Most Dangerous Software Weaknesses
Use-after-free and OS command injection vulnerabilities reach the top five most dangerous software weaknesses in the 2023 CWE Top 25 list.
The Hacker News
MITRE Unveils Top 25 Most Dangerous Software Weaknesses of 2023: Are You at Risk?
Attention all software developers and programmers! MITRE's Top 25 list of dangerous software weaknesses for 2023 is here.
Trend Micro
Malvertising Used as Entry Vector for BlackCat Actors Also Leverage SpyBoy Terminator
We found that malicious actors used malvertising to distribute malware via cloned webpages of legitimate organizations. The distribution involved a webpage of the well-known application WinSCP, an open-source Windows application for file transfer. We were able to identify that this activity led to a BlackCat (aka ALPHV) infection, and actors also used SpyBoy, a terminator that tampers with protection provided by agents.
Trend Micro
Gaps in Azure Service Fabric’s Security Call for User Vigilance
In this blog post, we discuss different configuration scenarios that may lead to security issues with Azure Service Fabric, a distributed platform for deploying, managing, and scaling microservices and container applications.
Cyber Security News
10 Most Dangerous Injection Attacks in 2023
Injection Attack Types: *1. Code injection 2. SQL injection 3. Command injection 4. Cross-site scripting 5. XPath injection 6. CRLF injection
Security Affairs
Updated Android spyware GravityRAT steals WhatsApp Backups
An updated version of the Android remote access trojan GravityRAT can steal WhatsApp backup files and can delete files ESET researchers discovered an updated version of Android GravityRAT spyware that steals WhatsApp backup files and can delete files. The malware is distributed as the messaging apps BingeChat and Chatico. MalwareHunterTeam researchers first shared the hash for […]
Bleeping Computer
Android GravityRAT malware now steals your WhatsApp backups
A new Android malware campaign spreading the latest version of GravityRAT has been underway since August 2022, infecting mobile devices with a trojanized chat app named 'BingeChat,' which attempts to steal data from victims' devices.
Security Affairs
New Buhti ransomware operation uses rebranded LockBit and Babuk payloads
The recently identified Buhti operation targets organizations worldwide with rebranded LockBit and Babuk ransomware variants. Researchers from Symantec discovered a new ransomware operation called Buhti (aka Blacktail) that is using LockBit and Babuk variants to target Linux and Windows systems worldwide. The ransomware operation hasn’t its own ransomware payload, however, it uses a custom information […]
Bleeping Computer
New Buhti ransomware gang uses leaked Windows, Linux encryptors
A new ransomware operation named 'Buhti' uses the leaked code of the LockBit and Babuk ransomware families to target Windows and Linux systems, respectively.
The Hacker News
KeePass Exploit Allows Attackers to Recover Master Passwords from Memory
A newly discovered security flaw (CVE-2023-32784) in KeyPass password manager software could expose your master password in cleartext!
The DFIR Report
IcedID Macro Ends in Nokoyawa Ransomware - The DFIR Report
Threat actors have moved to other means of initial access, such as ISO files combined with LNKs or OneNote payloads, but some appearances of VBA macros in Office documents can … Read More
DarkReading
KeePass Vulnerability Imperils Master Passwords
A newly discovered bug in the open source password manager, if exploited, lets attackers retrieve a target's master password — and proof-of-concept code is available.
Bleeping Computer
New ransomware decryptor recovers data from partially encrypted files
Security researchers have shared a new Python-based ransomware recovery tool named 'White Phoenix' on GitHub, which lets victims of ransomware strains that use intermittent encryption recover their files for free.
Trend Micro
Attack on Security Titans: Earth Longzhi Returns With New Tricks
After months of dormancy, Earth Longzhi, a subgroup of advanced persistent threat (APT) group APT41, has reemerged using new techniques in its infection routine. This blog entry forewarns readers of Earth Longzhi’s resilience as a noteworthy threat.
Security Affairs
Russian APT Nomadic Octopus hacked Tajikistani carrier
Russian APT group Nomadic Octopus hacked a Tajikistani carrier to spy on government officials and public service infrastructures. Russian cyber espionage group Nomadic Octopus (aka DustSquad) has hacked a Tajikistani telecoms provider to spy on 18 entities, including high-ranking government officials, telecommunication services, and public service infrastructures. The cyberspies compromised a broad range of devices, […]
Bleeping Computer
Tencent QQ users hacked in mysterious malware attack, says ESET
The Chinese APT hacking group known as 'Evasive Panda' are behind a mysterious attack that distributed the MsgBot malware as part of an automatic update for the Tencent QQ messaging app.
CSO
Daon’s TrustX to offer SaaS-based, no-code identity journeys
TrustX’s AI/ML-powered platform builds, authenticates, and manages identity journeys through no-code, drag-and-drop orchestration.
Cyber Security News
Top 15 Best Ethical Hacking Tools - 2023
Best Ethical Hacking Tools: 1. Wireshark 2.NMAP 3. Burp Suite 4. Metasploit 5.Nikto 6. Intruder 7. Aircrack-Ng 8. Nessus 9. Acunetix and more
The Hacker News
Why Shadow APIs are More Dangerous than You Think
Shadow APIs are a growing threat for businesses of all sizes, and you might not even know they exist. Learn how they can lead to data breaches.
Bleeping Computer
Microsoft shares guidance to detect BlackLotus UEFI bootkit attacks
Microsoft has shared guidance to help organizations check if hackers targeted or compromised machines with the BlackLotus UEFI bootkit by exploiting the CVE-2022-21894 vulnerability.
Bleeping Computer
How to Secure Web Applications in a Growing Digital Attack Surface
External web applications can prove difficult to secure and are often targeted by hackers due to the range of vulnerabilities they may contain. These are 10 Common web application security risks you should know about.
The DFIR Report
Malicious ISO File Leads to Domain Wide Ransomware - The DFIR Report
IcedID continues to deliver malspam emails to facilitate a compromise. This case covers the activity from a campaign in late September of 2022. Post exploitation activities detail some familiar and … Read More
Trend Micro
Earth Preta Updated Stealthy Strategies
After months of investigation, we found that several undisclosed malware and interesting tools used for exfiltration purposes were being used by Earth Preta. We also observed that the threat actors were actively changing their tools, tactics, and procedures (TTPs) to bypass security solutions. In this blog entry, we will introduce and analyze the other tools and malware used by the threat actor.
Ars Technica
If your Netgear Orbi router isn’t patched, you’ll want to change that pronto
The threat is serious enough to warrant a manual check ASAP.
CSO
Dark Pink APT group linked to new KamiKakaBot attacks in Southeast Asia
The latest APT cyberattacks on ASEAN countries use similar techniques as a previous Dark Pink KamiKakaBot campaign, including phishing.
Security Affairs
Dark Pink APT targets Govt entities in South Asia
Researchers reported that Dark Pink APT employed a malware dubbed KamiKakaBot against Southeast Asian targets. In February 2023, EclecticIQ researchers spotted multiple KamiKakaBot malware samples that were employed by the Dark Pink APT group (aka Saaiwc) in attacks against government entities in Southeast Asia countries. The activity of the group was first detailed by Group-IB […]
CSO
New variant of the IceFire ransomware targets Linux enterprise systems
Traditionally known to target only Windows systems, the new Linux version of the IceFire ransomware exploits an IBM Aspera Faspex file-sharing vulnerability, according to SentinelLabs.
Security Affairs
VMware NSX Manager bugs actively exploited in the wild since December
Security researchers warn of hacking attempts in the wild exploiting critical vulnerabilities in VMware NSX Manager. Cyber security firm Wallarm is warning of ongoing attacks exploiting the critical flaws, tracked as CVE-2021-39144 (CVSS score of 9.8) and CVE-2022-31678 (CVSS score of 9.1), in VMware NSX Manager. VMware NSX is a network virtualization solution that is […]
Ars Technica
A world of hurt for Fortinet and Zoho after users fail to install patches
Attackers are capitalizing on organizations' failure to patch critical vulnerabilities.
The Hacker News
Experts Sound Alarm Over Growing Attacks Exploiting Zoho ManageEngine Products
Researchers have identified a concerning uptick in opportunistic cyberattacks that exploit a critical RCE vulnerability in Zoho ManageEngine products.
Bleeping Computer
VMware warns admins of critical Carbon Black App Control flaw
VMware has released a critical security upgrade to address a critical injection vulnerability that impacts several versions of Carbon Black App Control for Windows.
The Hacker News
VMware Patches Critical Vulnerability in Carbon Black App Control Product
Urgent security update for VMware Carbon Black App Control users! A critical injection vulnerability (CVE-2023-20858) has been discovered.
Security Affairs
Cisco fixed critical RCE bug in ClamAV Open-Source Antivirus engine
Cisco addressed a critical vulnerability in the ClamAV open source antivirus engine that can lead to remote code execution on vulnerable devices. Cisco fixed a critical flaw, tracked as CVE-2023-20032 (CVSS score: 9.8), in the ClamAV open source antivirus engine. The vulnerability resides in the residing in the HFS+ file parser component, an attacker can trigger […]
The Hacker News
Critical RCE Vulnerability Discovered in ClamAV Open-Source Antivirus Software
Google security engineer Simon Scannell has found a critical RCE vulnerability in the open source ClamAV antivirus engine.
Bleeping Computer
Microsoft Exchange ProxyShell flaws exploited in new crypto-mining attack
A new malware dubbed 'ProxyShellMiner' exploits the Microsoft Exchange ProxyShell vulnerabilities to deploy cryptocurrency miners throughout a Windows domain to generate profit for the attackers.
Bleeping Computer
Hackers backdoor Microsoft IIS servers with new Frebniis malware
Hackers are deploying a new malware named 'Frebniss' on Microsoft's Internet Information Services (IIS) that stealthily executes commands sent via web requests.
Cyber Security News
Android 14 - What's New in Security
Android 14 Developer Preview is released. The most widely used mobile operating system in the world which includes improvements to security and privacy has been available.
Bleeping Computer
Android 14 to block malware from abusing sensitive permissions
Google has announced the release of the first developer preview for Android 14, the next major version of the world's most popular mobile operating system, which comes with security and privacy enhancements, among other things.
The DFIR Report
Collect, Exfiltrate, Sleep, Repeat - The DFIR Report
In this intrusion from August 2022, we observed a compromise that was initiated with a Word document containing a malicious VBA macro, which established persistence and communication to a command … Read More
Naked Security
Password-stealing “vulnerability” reported in KeePass – bug or feature?
Is it a vulnerability if someone with control over your account can mess with files that your account is allowed to access anyway?
Bleeping Computer
KeePass disputes vulnerability allowing stealthy password theft
The development team behind the open-source password management software KeePass is disputing what is described as a newly found vulnerability that allows attackers to stealthily export the entire database in plain text.
The Hacker News
3 Lifehacks While Analyzing Orcus RAT in a Malware Sandbox
New to malware analysis? Don't miss our latest post on "3 Lifehacks While Analyzing Orcus RAT in a Malware Sandbox" for some pro tips.
Security Affairs
CISA added Zoho ManageEngine RCE (CVE-2022-47966) to its Known Exploited Vulnerabilities Catalog
US CISA added the Zoho ManageEngine RCE vulnerability CVE-2022-47966 to its Known Exploited Vulnerabilities Catalog. The US CISA added the Zoho ManageEngine remote code execution flaw (CVE-2022-47966) to its Known Exploited Vulnerabilities Catalog. The CVE-2022-47966 flaw is an unauthenticated remote code execution vulnerability that impacts multiple Zoho products with SAML SSO enabled in the ManageEngine setup. The […]
CSO
Attackers exploiting critical flaw in many Zoho ManageEngine products
The ManageEngine vulnerability is easy to exploit and enables remote code execution. Patches are available.
Cyber Security News
New 10 Best Web Application Firewall (WAF) - 2023
Best Web Application Firewall Solutions - 1.AppTrana, 2.Imperva Cloud WAF, 3.Cloudflare WAF, 4.F5 WAF, 5.Azure WAF, 6.Akamai , 7.Fortinet waf
SecurityWeek
In-the-Wild Exploitation of Recent ManageEngine Vulnerability Commences
Rapid7 says it is seeing organizations compromised in attacks exploiting a recently patched Zoho ManageEngine vulnerability.
Security Affairs
Experts released PoC exploit for critical Zoho ManageEngine RCE flaw
Researchers released Proof-of-concept exploit code for remote code execution flaw CVE-2022-47966 impacting multiple Zoho ManageEngine products. The CVE-2022-47966 flaw is an unauthenticated remote code execution vulnerability that impacts multiple Zoho products with SAML SSO enabled in the ManageEngine setup. The issue also impacts products that had the feature enabled in the past. The root cause of […]
Bleeping Computer
New 'Blank Image' attack hides phishing scripts in SVG files
An unusual phishing technique has been observed in the wild, hiding empty SVG files inside HTML attachments pretending to be DocuSign documents.
Cyber Security News
What is OAuth 2.0 ? How it Works ? A Detailed Explanation of Authorization Framework
OAuth 2.0 is the industry-standard protocol for authorization. OAuth 2.0 supersedes the work done on the original OAuth protocol.
SecurityWeek
Azure Services SSRF Vulnerabilities Exposed Internal Endpoints, Sensitive Data
Orca security researchers have shared details on four SSRF vulnerabilities in Azure services, including two that could be exploited without authentication.
Trend Micro
Batloader Malware Abuses Legitimate Tools Uses Obfuscated JavaScript Files in Q4 2022 Attacks
We discuss the Batloader malware campaigns we observed in the last quarter of 2022, including our analysis of Water Minyades-related events (This is the intrusion set we track behind the creation of Batloader).
The Hacker News
Dark Pink APT Group Targets Governments and Military in APAC Region
Researchers have uncovered details of an ongoing hacking campaign by the APT hacker group Dark Pink, targeting military and government organizations
Naked Security
Popular JWT cloud security library patches “remote” code execution hole
It’s remotely triggerable, but attackers would already have pretty deep network access if they could “prime” your server for compromise.
Cyber Security News
Most Important Python Security Tools for Ethical Hackers & Penetration Testers 2023
python security tools are used in the cybersecurity industries and the python is one of the widely used programming languages
Trend Micro
Raspberry Robin Malware Targets Telecom, Governments
We found samples of the Raspberry Robin malware spreading in telecommunications and government office systems beginning September. The main payload itself is packed with more than 10 layers for obfuscation and is capable of delivering a fake payload once it detects sandboxing and security analytics tools.
Infosecurity News
API Vulnerabilities Discovered in LEGO Marketplace
The vulnerabilities, which are now fixed, could have put sensitive customer data at risk
Bleeping Computer
LEGO BrickLink bugs let hackers hijack accounts, breach servers
Security analysts have discovered two API security vulnerabilities in BrickLink.com, LEGO Group's official second-hand and vintage marketplace for LEGO bricks.
Security Affairs
Crooks use HTML smuggling to spread QBot malware via SVG files
Talos researchers uncovered a phishing campaign distributing the QBot malware to Windows systems using SVG files. Talos researchers uncovered a phishing campaign distributing the QBot malware using a new technique that leverages Scalable Vector Graphics (SVG) images embedded in HTML email attachments. HTML smuggling is a highly evasive technique for malware delivery that leverages legitimate HTML5 […]
Bleeping Computer
Attackers use SVG files to smuggle QBot malware onto Windows systems
QBot malware phishing campaigns have adopted a new distribution method using SVG files to perform HTML smuggling that locally creates a malicious installer for Windows.
Cyber Security News
How to Effectively Handle Data Security During Pentest?
A lot of data is generated during pentest engagements: vulnerabilities, open ports, vulnerable IP, it gets tough to keep everything tracked.
Bleeping Computer
Google Chrome extension used to steal cryptocurrency, passwords
An information-stealing Google Chrome browser extension named 'VenomSoftX' is being deployed by Windows malware to steal cryptocurrency and clipboard contents as users browse the web.
Naked Security
S3 Ep109: How one leaked email password could drain your business [Audio + Transcript]
Latest episode – listen now! Cybersecurity news plus loads of great advice…
SecurityWeek
Zendesk Vulnerability Could Have Given Hackers Access to Customer Data
An SQL injection vulnerability in Zendesk Explore could have allowed a threat actor to leak Zendesk customer account data.
Security Affairs
Apple out-of-band patches fix remote code execution bugs in iOS and macOS
Apple released out-of-band patches for iOS and macOS to fix a couple of code execution vulnerabilities in the libxml2 library. Apple released out-of-band patches for iOS and macOS to address two code execution flaws, tracked as CVE-2022-40303 and CVE-2022-40304, in the libxml2 library for parsing XML documents. The two vulnerabilities were discovered by Google Project […]
SecurityWeek
Apple Patches Remote Code Execution Flaws in iOS, macOS
Apple has released patches for two arbitrary code execution vulnerabilities impacting the libxml2 library in iOS and macOS.
ZDNet
iPhone iOS 16.1.1 fixes two security vulnerabilities - time to update
Two security flaws could allow attackers to remotely crash apps or run commands on iPhones and iPads.
Naked Security
Emergency code execution patch from Apple – but not an 0-day
Not a zero-day, but important enough for a quick-fire patch to one system library…
The DFIR Report
Follina Exploit Leads to Domain Compromise
In early June 2022, we observed an intrusion where a threat actor gained initial access by exploiting the CVE-2022-30190 (Follina) vulnerability which triggered a Qbot infection chain.
Trend Micro
LV Ransomware Exploits ProxyShell in Attack on a Jordan-based Company
Our blog entry provides a look at an attack involving the LV ransomware on a Jordan-based company from an intrusion analysis standpoint
Naked Security
S3 Ep105: WONTFIX! The MS Office cryptofail that “isn’t a security flaw” [Audio + Text]
The coolest video game ever! And lots of solid cybersecurity advice – listen now!
Cyber Security News
Windows Event Log Analysis - Complete Incident Response Guide
Windows Event Log Analysis ideally helps to analyze system logs into a SIEM or other log aggregator to support effective incident response.
Security Affairs
Experts uncovered novel Malware persistence within VMware ESXi Hypervisors
Researchers from Mandiant have discovered a novel malware persistence technique within VMware ESXi Hypervisors. Mandiant detailed a novel technique used by malware authors to achieve administrative access within VMware ESXi Hypervisors and take over vCenter servers and virtual machines for Windows and Linux to perform the following actions: Send commands to the hypervisor that will […]
Bleeping Computer
New malware backdoors VMware ESXi servers to hijack virtual machines
Hackers have found a new method to establish persistence on VMware ESXi hypervisors to control vCenter servers and virtual machines for Windows and Linux while avoiding detection.
CSO
Zoho ManageEngine flaw is actively exploited, CISA warns
Threat actors are exploiting unpatched ManageEngine instances. CISA adds the vulnerability to its catalog and Zoho urges customers to check their deployments.
Bleeping Computer
Russian hackers use new info stealer malware against Ukrainian orgs
Russian hackers have been targeting Ukrainian entities with previously unseen info-stealing malware during a new espionage campaign that is still active.
Latest Hacking News
Six-Year-Old Blind SSRF Vulnerability Risks WordPress Sites To DDoS Attacks
Researchers discovered a severe blind SSRF vulnerability in WordPress that could allow DDoS attacks. Notably, the vulnerability existed in the WordPress platform for at least six years. WordPress Blind SSRF Vulnerability According to a recent post from
The DFIR Report
Dead or Alive? An Emotet Story
In this intrusion from May 2022, we observed a domain-wide compromise that started from a malware ridden Excel document containing the never-dying malware, Emotet. The post-exploitation started ver…
SecurityWeek
Rapid7 Flags Multiple Flaws in Sigma Spectrum Infusion Pumps
Security researchers at Rapid7 discover multiple vulnerabilities in Sigma Spectrum infusion pump battery units, including the storing of WiFi credentials on non-volatile memory.
Infosecurity News
IRS Leaks 120,000 Taxpayers' Personal Details
US government still working out what went wrong
CyberNews
Data of 120,000 taxpayers leaked| Cybernews
The Internal Revenue Service (IRS) identified “an inadvertent” leak of confidential information of about 120,000 individuals.
Security Affairs
IRS mistakenly published confidential info for roughly 120K taxpayers
The Internal Revenue Service (IRS) mistakenly leaked confidential information for approximately 120,000 taxpayers. Bad news for approximately 120,000 taxpayers who filed a form 990-T as part of their tax returns, the Internal Revenue Service has accidentally leaked their confidential information. Form 990-T is a form that a tax exempt organization files with the IRS to report its unrelated business income and to figure the tax owed on that income. On Friday, the IRS announced it has […]
Bleeping Computer
IRS data leak exposes personal info of 120,000 taxpayers
The Internal Revenue Service has accidentally leaked confidential information for approximately 120,000 taxpayers who filed a form 990-T as part of their tax returns.
Bleeping Computer
Windows 11 KB5016691 preview update released with 22 changes
Microsoft has released the optional KB5016691 Preview cumulative update for Windows 11 with 22 fixes or improvements.
Latest Hacking News
Vulnerability In FreeIPA System Could Expose User Credentials
A severe security vulnerability existed in the identity management system FreeIPA that would expose user credentials. Exploiting the vulnerability could allow an adversary to access sensitive data. FreeIPA System Vulnerability Security researcher Egor Dimitrenko from PT Swarm
Security Affairs
Russia-linked Gamaredon APT continues to target Ukraine
Russia-linked Gamaredon APT group targets Ukrainian entities with PowerShell info-stealer malware dubbed GammaLoad. Russia-linked Gamaredon APT group (aka Shuckworm, Actinium, Armageddon, Primitive Bear, and Trident Ursa) targets Ukrainian entities with PowerShell info-stealer malware dubbed GammaLoad, Symantec warns. The Computer Emergency Response Team of Ukraine (CERT-UA) confirmed the ongoing cyber espionage campaign. Symantec and TrendMicro first discovered the Gamaredon […]
Bleeping Computer
Russian hackers target Ukraine with default Word template hijacker
Threat analysts monitoring cyberattacks on Ukraine report that the operations of the notorious Russian state-backed hacking group 'Gamaredon' continue to heavily target the war-torn country.
Bleeping Computer
SOVA malware adds ransomware feature to encrypt Android devices
The SOVA Android banking trojan continues to evolve with new features, code improvements, and the addition of a new ransomware feature that encrypts files on mobile devices.
Bleeping Computer
Microsoft accounts targeted with new MFA-bypassing phishing kit
A new large-scale phishing campaign targeting credentials for Microsoft email services use a custom proxy-based phishing kit to bypass multi-factor authentication.
Cyber Security News
5 Best Tools to Scan Infrastructure as Code for Vulnerabilities 2022
Scan infrastructure is the accessibility that gives you the security level of infrastructure with Infrastructure as code model.
Naked Security
S3 Ep91: CodeRed, OpenSSL, Java bugs, Office macros [Audio + Text]
Latest episode – listen now! Great discussion, technical content, solid advice… all covered in plain English.
Trend Micro
Data Distribution Service: Mitigating Risks Part 3
In the final chapter of our blog series, we discuss mitigating strategies and recommendations to keep DDS protected from malicious actors.
Trend Micro
Data Distribution Service: Exploring Vulnerabilities and Risks Part 2
In part two of our series, we’ll highlight both known and new DDS vulnerabilities and what they mean for mission critical operations.
Computerworld
Think twice before deploying Windows’ Controlled Folder Access
The ransomware defense baked into Windows 10 and 11 lets users and admins protect certain folders from “untrusted” apps. But it may block apps you trust, causing frustration and wasted time. Caution is advised.
Bleeping Computer
Thunderbird 102 released with highly anticipated features, bug fixes
Mozilla has announced the release of Thunderbird 102, one of the world's most popular open-source email clients with an estimated userbase of over 25 million.
Security Affairs
Mitre shared 2022 CWE Top 25 most dangerous software weaknesses
The MITRE organization published the 2022 CWE Top 25 most dangerous software weaknesses. The MITRE shared the list of the 2022 top 25 most common and dangerous weaknesses, it could help organizations to assess internal infrastructure and determine their surface of attack. The presence of these vulnerabilities within the infrastructure of an organization could potentially expose it to […]
Bleeping Computer
MITRE shares this year's list of most dangerous software bugs
MITRE shared this year's top 25 most common and dangerous weaknesses impacting software throughout the previous two calendar years.
Ars Technica
How to get started with machine learning and AI
We wrap our heads around the basics of AI/ML and show you how to get a model off the ground.
Security Affairs
API Security Best Practices
Organizations face the constant need to protect these APIs from attacks so they can protect organizational data. Organizations are rapidly opening their ecosystem through Application Programming Interfaces (API) by ensuring seamless access to data and interaction with external software components and services. APIs are the gateway to providing the high security of data in an […]
Latest Hacking News
Zoom Patched Multiple Bugs Including An RCE Flaw
Heads up, Zoom users!, developers have rolled out an update for Zoom apps, patching multiple security bugs. Users must ensure they update their desktop and mobile devices to receive the fixes. Zoom Patched Numerous Bugs With
Ars Technica
Critical Zoom vulnerabilities fixed last week required no user interaction
If your machine failed to get them automatically, you're not alone.
Naked Security
Poisoned Python and PHP packages purloin passwords for AWS access
More supply chain trouble – this time with clear examples so you can learn how to spot this stuff yourself.
ThreatPost
Zoom Patches ‘Zero-Click’ RCE Bug
The Google Project Zero researcher found a bug in XML parsing on the Zoom client and server.
Infosecurity News
Messages Sent Through Zoom Can Expose People to Cyber-Attack
Videoconferencing platform, Zoom, has experienced several vulnerabilities in its software.
Security Affairs
Chaining Zoom bugs is possible to hack users in a chat by sending them a message
Security flaws in Zoom can be exploited to compromise another user over chat by sending specially crafted messages. A set of four security flaws in the popular video conferencing service Zoom could be exploited to compromise another user over chat by sending specially crafted Extensible Messaging and Presence Protocol (XMPP) messages.Tracked from CVE-2022-22784 through CVE-2022-22787, […]
SecurityWeek
Google Discloses Details of Zoom Zero-Click Remote Code Execution Exploit
Google Project Zero has disclosed the details of a zero-click remote code execution exploit targeting Zoom.
The Hacker News
New Zoom Flaws Could Let Attackers Hack Victims Just by Sending them a Message
Newly reported vulnerabilities in Zoom video conferencing software could allow attackers to hack into victims' systems.
ZDNet
Zoom patches XMPP vulnerability chain that could lead to remote code execution | ZDNet
Google Project Zero researcher finds holes in the different ways XML was parses on the Zoom client and server.
ThreatPost
Snake Keylogger Spreads Through Malicious PDFs
Microsoft Word also leveraged in the email campaign, which uses a 22-year-old Office RCE bug.
ZDNet
Microsoft warns: This botnet has new tricks to target Linux and Windows systems | ZDNet
Microsoft is warning admins of a botnet that employs multiple exploits and steals database credentials.
SecurityWeek
Cisco Patches Critical VM Escape in NFV Infrastructure Software
Vulnerabilities in Cisco Enterprise NFVIS could be abused to escape from the guest VM and inject commands on the host machine.
ZDNet
VM escape and root access bugs fixed in Cisco NFV infrastructure software | ZDNet
A trio of CVEs not related to each other patched by Cisco to fix the ability for attackers to escape from guest virtual machines, run commands as root, and leak system data.
Trend Micro
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service (DDS) standard and its implementations from a security angle. The full findings of this research will be presented in the S4X22 Conference in April 2022.
Bleeping Computer
Microsoft: New malware uses Windows bug to hide scheduled tasks
Microsoft has discovered a new malware used by the Chinese-backed Hafnium hacking group to maintain persistence on compromised Windows systems by creating and hiding scheduled tasks.
The Hacker News
Experts Shed Light on BlackGuard Infostealer Malware Sold on Russian Hacking Forums
Experts Shed Light on BlackGuard Infostealer Malware Sold on Russian Hacking Forums
The DFIR Report
APT35 Automates Initial Access Using ProxyShell
In this intrusion, we observed the initial exploitation of the ProxyShell vulnerabilities followed by some further post-exploitation activity, which included web shells, credential dumping, and specialized payloads.
The Hacker News
2 New Mozilla Firefox 0-Day Bugs Under Active Attack — Patch Your Browser ASAP!
Mozilla has pushed out-of-band software updates to its Firefox web browser to contain two high-impact security vulnerabilities, both of which it says
Latest Hacking News
Horde Webmail XSS Vulnerability Allows for Account Takeover
A severe vulnerability riddled the free browser-based groupware Horde Webmail allowing account takeovers. Despite the bug’s severity and prior bug report, the vendors haven’t patched the flaw yet. Horde Webmail Vulnerability According to a recent post from
Naked Security
Did we learn nothing from Y2K? Why are some coders still stuck on two digit numbers?
Calling all website coders: Y2K was then. V1H is now!
ThreatPost
Xenomorph Malware Burrows into Google Play Users, No Facehugger Required
Researchers discovered a new, modular banking trojan with ties to Cerberus and Alien that has the capability to become a much larger threat than it is now.
The Record
Microsoft temporarily disables MSIX protocol handler following malware abuse
Microsoft has temporarily disabled the MSIX protocol handler in Windows installations after the Emotet gang has abused it over the past three months to deploy malware on user systems.
Bleeping Computer
British Council exposed more than 100,000 files with student records
More than 100,000 files with student records belonging to British Council were found exposed online. An unsecured Microsoft Azure blob found on the internet by cybersecurity firm revealed student IDs, names, usernames and email addresses, and other personal information.
ZDNet
How to avoid an open source security nightmare | ZDNet
Just as it would be a mistake to say that all closed source projects are bug-free, it's a mistake to say that all open source projects are security risks. Different projects have different focuses; some of them are much more concerned with the security of their releases.
ZDNet
Microsoft: We're switching off Excel 4.0 macros by default to protect you against security threats | ZDNet
Microsoft has enabled a new setting that disables legacy Excel 4.0 macros by default.
ZDNet
For security alone, we could try paying open source projects properly | ZDNet
Instead of running around like headless chooks because a widely used piece of open source software is maintained by volunteers and has a massive hole in it, imagine paying someone to look after such software properly.
ZDNet
Amazon fixes security flaw in AWS Glue service | ZDNet
Amazon Web Services fixes a flaw that could give an attacker access to data of other users on its Glue managed data integration service.
Bleeping Computer
AWS fixes security flaws that exposed AWS customer data
Amazon Web Services (AWS) has addressed an AWS Glue security issue that allowed attackers to access and alter data linked to other AWS customer accounts.
Bleeping Computer
CISA alerts federal agencies of ancient bugs still being exploited
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its list of known exploited vulnerabilities with 15 new security issues that serve as a frequent attack vector against federal enterprises.
Trend Micro
Examining Log4j Vulnerabilities in Connected Cars and Charging Stations
In this entry we look into how Log4j vulnerabilities affect devices or properties embedded in or used for connected cars, specifically chargers, in-vehicle infotainment systems, and digital remotes for opening cars.
The DFIR Report
CONTInuing the Bazar Ransomware Story
In this report we will discuss a case from early August where we witnessed threat actors utilizing BazarLoader and Cobalt Strike to accomplish their mission of encrypting systems with Conti ransomware.
The DFIR Report
Trickbot Leads Up to Fake 1Password Installation
In this intrusion, we will take a look at a Trickbot infection, where soon after gaining access, the threat actor started to enumerate the target network and dump credential information. A setup file, which attempted to masquerade as a legitimate software installer, was deployed on several systems to fetch additional Cobalt Strike beacons.