The Hacker News
Kasseika Ransomware Using BYOVD Trick to Disarms Security Pre-Encryption
Kasseika, the latest ransomware kid on the block, is using a sneaky trick called BYOVD to disarm your defenses before encrypting your files! It even
The Hacker News
Free Decryptor Released for Black Basta and Babuk's Tortilla Ransomware Victims
Researchers have released decryptors for both the Tortilla variant of Babuk ransomware and Black Basta ransomware
Bleeping Computer
Decryptor for Babuk ransomware variant released after hacker arrested
Researchers from Cisco Talos working with the Dutch police obtained a decryption tool for the Tortilla variant of Babuk ransomware and shared intelligence that led to the arrest of the ransomware's operator.
Infosecurity News
New Decryption Key Available for Babuk Tortilla Ransomware Victims
Cisco Talos announced that a decryption key for the Babuk Tortilla ransomware variant is available for victims to download
Bleeping Computer
Over 20,000 vulnerable Microsoft Exchange servers exposed to attacks
Tens of thousands of Microsoft Exchange email servers in Europe, the U.S., and Asia exposed on the public internet are vulnerable to remote code execution flaws.
SecurityWeek
CISA Releases Cybersecurity Guidance for Healthcare, Public Health Organizations
New CISA guidance details cyber threats and risks to healthcare and public health organizations and recommends mitigations.
The Hacker News
Earth Lusca's New SprySOCKS Linux Backdoor Targets Government Entities
Earth Lusca, a China-linked group, is using a stealthy Linux backdoor called SprySOCKS to target government entities worldwide.
Trend Micro
Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement
While monitoring Earth Lusca, we discovered an intriguing, encrypted file on the threat actor's server — a Linux-based malware, which appears to originate from the open-source Windows backdoor Trochilus, which we've dubbed SprySOCKS due to its swift behavior and SOCKS implementation.
The Hacker News
Microsoft Warns of New Phishing Campaign Targeting Corporations via Teams Messages
Microsoft sounds the alarm on Storm-0324's tactics, luring its prey through Teams messages to breach corporate networks.
Cyber Security News
Top 20 Most Exploited Vulnerabilities: Microsoft Products Draw Hackers
Cybersecurity researchers at Qualys recently unveiled the top 20 most exploited vulnerabilities and also affirmed that hackers are particularly drawn to the products of Microsoft.
Cyber Security News
Virtual Patching: what is it? Your Defense Against Exploits and Threats
Virtual patching protects an application by examining the web application traffic and blocking the attacks while they're in transit.
SecurityWeek
Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities
Five Eyes government agencies publish a list of the software vulnerabilities that were most frequently exploited in malicious attacks in 2022.
The Hacker News
Major Cybersecurity Agencies Collaborate to Unveil 2022's Most Exploited Vulnerabilities
CISA, NSA, FBI, & global partners disclose the top exploited vulnerabilities of 2022.
CyberScoop
Top 12 vulnerabilities list highlights troubling reality: many organizations still aren't patching
The list includes well-known vulnerabilities impacting Fortinet's VPNs and Log4Shell that hackers still routinely exploit.
The Record
Fortinet VPN bug tops CISA’s list of most exploited vulnerabilities in 2022
A joint advisory from the Five Eyes nations warns that malicious cyber actors are exploiting older software vulnerabilities more frequently than recently disclosed ones.
Security Affairs
In 2022, more than 40% of zero-day exploits used in the wild were variations of previous issues
Google’s Threat Analysis Group Google states that more than 40% of zero-day flaws discovered in 2022 were variants of previous issues. The popular Threat Analysis Group (TAG) Maddie Stone wrote Google’s fourth annual year-in-review of zero-day flaws exploited in-the-wild [2021, 2020, 2019], it is built off of the mid-year 2022 review. In 2022, the researchers […]
Security Affairs
Iranian Charming Kitten APT used a new BellaCiao malware in recent wave of attacks
Iran-linked APT group Charming Kitten employed a new malware dubbed BellaCiao in attacks against victims in the U.S., Europe, the Middle East and India. Iran-linked Charming Kitten group, (aka APT35, Phosphorus, Newscaster, and Ajax Security Team) made the headlines in 2014 when experts at iSight issued a report describing the most elaborate net-based spying campaign organized by Iranian hackers using social media. Microsoft has been tracking the threat actors at […]
CSO
Iranian cyberspies deploy new malware implant on Microsoft Exchange Servers
Attacks using the BellaCiao malware dropper seem to be customized for specific targets.
Infosecurity News
Falling Dwell Time May Be Down to Faster Threat Activity
Sophos warns against simple interpretation of the data
The Hacker News
The Service Accounts Challenge: Can't See or Secure Them Until It's Too Late
Attackers love to hunt down unwatched service accounts for lateral movement and ransomware spread. Don't let your organization be their next victim.
Bleeping Computer
15 million public-facing services vulnerable to CISA KEV flaws
Over 15 million publicly facing services are susceptible to at least one of the 896 vulnerabilities listed in CISA's KEV (known exploitable vulnerabilities) catalog.
Bleeping Computer
Exchange Online to block emails from vulnerable on-prem servers
Microsoft is introducing a new Exchange Online security feature that will automatically start throttling and eventually block all emails sent from "persistently vulnerable Exchange servers" 90 days after the admins are pinged to secure them.
The Hacker News
Cryptojacking Group TeamTNT Suspected of Using Decoy Miner to Conceal Data Exfiltration
Cryptojacking group TeamTNT suspected to be behind new strain of Monero-mining malware discovered by Cado Security
The DFIR Report
2022 Year in Review - The DFIR Report
As we move into the new year, it’s important to reflect on some of the key changes and developments we observed and reported on in 2022. This year’s year-in-review report … Read More
CSO
Unpatched old vulnerabilities continue to be exploited: Report
The top five exploited vulnerabilities in 2022 include several high-severity flaws in Microsoft Exchange, Zoho ManageEngine products, and virtual private network solutions from Fortinet, Citrix and Pulse Secure.
Bleeping Computer
Microsoft urges Exchange admins to remove some antivirus exclusions
Microsoft says some antivirus exclusions previously recommended for Exchange servers should be removed to boost their security.
Bleeping Computer
Microsoft Exchange ProxyShell flaws exploited in new crypto-mining attack
A new malware dubbed 'ProxyShellMiner' exploits the Microsoft Exchange ProxyShell vulnerabilities to deploy cryptocurrency miners throughout a Windows domain to generate profit for the attackers.
Cyber Security News
Microsoft Security Updates - 9 Critical Flaws Fixed Along With 3 Zero-Days
As part of their second Patch Tuesday for the year, Microsoft recently released patches for 78 vulnerabilities along with the three actively exploited zero-day vulnerabilities overnight, 66 of which were marked important by the company.
DarkReading
9 New Microsoft Bugs to Patch Now
78 new CVEs patched in this month's batch — nearly half of which are remotely executable and three of which attackers already are exploiting.
Bleeping Computer
Microsoft: Over 100 threat actors deploy ransomware in attacks
Microsoft revealed today that its security teams are tracking more than 100 threat actors deploying ransomware during attacks.
ZDNet
Microsoft warning: Protect this critical piece of your tech infrastructure
Microsoft warns admins to keep Exchange Server updated as the platform is constantly being targeted by attackers.
The Hacker News
Microsoft Urges Customers to Secure On-Premises Exchange Servers
Microsoft urges customers keep their servers up to date and implement additional security measures, such as enabling Windows Extended Protection.
Bleeping Computer
Microsoft urges admins to patch on-premises Exchange servers
Microsoft urged customers today to keep their on-premises Exchange servers patched by applying the latest supported Cumulative Update (CU) to have them always ready to deploy an emergency security update.
DarkReading
Cybercriminals Target Telecom Provider Networks
The growing use of mobile devices for MFA and the proliferation of 5G and VoIP in general could result in more attacks in future, experts say.
ZDNet
Microsoft's first Patch Tuesday of 2023 delivers a massive 98 fixes
Microsoft kicks off 2023 with a bumper January Patch Tuesday.
Bleeping Computer
Over 60,000 Exchange servers vulnerable to ProxyNotShell attacks
More than 60,000 Microsoft Exchange servers exposed online are yet to be patched against the CVE-2022-41082 remote code execution (RCE) vulnerability, one of the two security flaws targeted by ProxyNotShell exploits.
CSO
Log4Shell remains a big threat and a common cause for security breaches
Log4Shell is likely to remain a favored vulnerability to exploit as organizations lack visibility into their software supply chains.
The Record
Guacamaya leaks spark debate about militarization, spyware, but no accountability
The Guacamaya leaks in September exposed corruption, militarization and surveillance throughout Latin America.
The Hacker News
FIN7 Cybercrime Syndicate Emerges as Major Player in Ransomware Landscape
An analysis of the FIN7 cybercrime syndicate has revealed its organizational hierarchy and role as a partner in various ransomware attacks.
SecurityWeek
Ransomware Uses New Exploit to Bypass ProxyNotShell Mitigations
Play ransomware operators seen achieving RCE on Exchange server with requests made through OWA endpoint, bypassing Microsoft’s ProxyNotShell mitigations.
CyberSecurity Dive
Incident responders brace for end-of-year cyber scaries
Fears of the next SolarWinds or Log4j-style incident hitting over the holidays have some cybersecurity experts on edge.
DarkReading
Iranian APT Targets US With Drokbk Spyware via GitHub
The custom malware used by the state-backed Iranian threat group Drokbk has so far flown under the radar by using GitHub as a "dead-drop resolver" to more easily evade detection.
The Hacker News
Chinese Hackers Target Middle East Telecoms in Latest Cyber Attacks
China-linked APT group BackdoorDiplomacy has been spotted launching sophisticated cyber attacks against telecom companies in the Middle East.
DarkReading
One Year After Log4Shell, Most Firms Are Still Exposed to Attack
Though there have been fewer than expected publicly reported attacks involving the vulnerability, nearly three-quarters of organizations remain exposed to it.
Naked Security
S3 Ep110: Spotlight on cyberthreats – an expert speaks [Audio + Text]
Latest episode – security expert John Shier explains what the real-life cybercrime stories in the Sophos Threat Report can teach us
Naked Security
How to hack an unpatched Exchange server with rogue PowerShell code
Review your servers, your patches and your authentication policies – there’s a proof-of-concept out
The Hacker News
Hive Ransomware Attackers Extorted $100 Million from Over 1,300 Companies Worldwide
More than 1,300 companies around the world were attacked by the Hive ransomware-as-a-service (RaaS) scheme, netting the hackers $100 million in illici
Security Affairs
Avast details Worok espionage group’s compromise chain
Cyber espionage group Worok abuses Dropbox API to exfiltrate data via using a backdoor hidden in apparently innocuous image files. Researchers from cybersecurity firm Avast observed the recently discovered espionage group Worok abusing Dropbox API to exfiltrate data via using a backdoor hidden in apparently innocuous image files. The experts started their investigation from the analysis published […]
The Hacker News
Worok Hackers Abuse Dropbox API to Exfiltrate Data via Backdoor Hidden in Images
A recently discovered cyber espionage group dubbed Worok has been abusing Dropbox API to exfiltrate data stolen by malware hiding in image files.
Cyber Security News
Hackers Hide Information-Stealing Malware in PNG Files Using Steganography
Experts at Avast, who built on the discoveries of ESET, the first to notice and report on the threat group known as “Worok”, conceals malware within PNG images to silently infect victims' computers with information-stealing malware.
Naked Security
Exchange 0-days fixed (at last) – plus 4 brand new Patch Tuesday 0-days!
In all the excitement, we kind of lost track ourselves. Were there six 0-days, or only four?
Trend Micro
LV Ransomware Exploits ProxyShell in Attack on a Jordan-based Company
Our blog entry provides a look at an attack involving the LV ransomware on a Jordan-based company from an intrusion analysis standpoint
Naked Security
S3 Ep103: Scammers in the Slammer (and other stories) [Audio + Text]
Latest episode – listen and learn now (or read and revise, if the written word is your thing)…
The Record
Microsoft updates guidance for ‘ProxyNotShell’ bugs after researchers get around mitigations
Microsoft updated the guidance it provided for CVE-2022-41040 and CVE-2022-41082 but researchers are concerned it still not enough.
The Hacker News
Mitigation for Exchange Zero-Days Bypassed! Microsoft Issues New Workarounds
Microsoft has revised its mitigation measures for the newly disclosed and actively exploited zero-day vulnerabilities in Exchange Server.
DarkReading
Microsoft Updates Mitigation for Exchange Server Zero-Days
Researchers had discovered that Microsoft's original mitigation steps for the so-called "ProxyNotShell" flaws was easily bypassed.
SecurityWeek
Mitigation for ProxyNotShell Exchange Vulnerabilities Easily Bypassed
A mitigation proposed by Microsoft and others for the Exchange server vulnerabilities tracked as ProxyNotShell can be easily bypassed.
The Hacker News
ProxyNotShell – the New Proxy Hell?
There is a new exploit, ProxyNotShell, being exploited in the wild to take advantage of the recent Microsoft exchange vulnerabilities.
CSO
Microsoft mitigation for new Exchange Server zero-day exploits can be bypassed
No permanent fix for the Exchange Server vulnerabilities is yet available, but other steps can mitigate the risk.
SecurityWeek
Microsoft Links Exploitation of Exchange Zero-Days to State-Sponsored Hacker Group
Microsoft believes a single state-sponsored threat group — linked by others to China — has exploited the new Exchange zero-days to hack less than 10 organizations.
SecurityWeek
CISA Warns of Attacks Exploiting Recent Atlassian Bitbucket Vulnerability
CISA has added to its KEV catalog a recent Atlassian Bitbucket flaw and two Microsoft Exchange zero-days.
CyberSecurity Dive
Microsoft warns of potential escalation for Exchange server zero days
The actor, which Microsoft says is state sponsored, installed Chopper web shells to gain hands-on-keyboard access, conduct Active Directory reconnaissance and exfiltrate data.
Security Affairs
Guacamaya hacktivists stole sensitive data from Mexico and Latin American countries
A hacker group called Guacamaya stole classified government information from multiple military and government agencies across several Latin American countries. Among the data stolen by a group of hackers called Guacamaya (macaw in Spanish) there was a huge trove of emails from Mexico’s Defense Department, which shed the light on the poor resilience of the […]
Naked Security
S3 Ep102.5: “ProxyNotShell” Exchange bugs – an expert speaks [Audio + Text]
Who’s affected, what you can do while waiting for Microsoft’s patches, and how to plan your threat hunting…
The Hacker News
State-Sponsored Hackers Likely Exploited MS Exchange 0-Days Against ~10 Organizations
Microsoft says state-sponsored hackers likely exploited the recently disclosed zero-day vulnerabilities in Exchange servers.
Security Affairs
Witchetty APT used steganography in attacks against Middle East entities
A cyberespionage group, tracked as Witchetty, used steganography to hide a previously undocumented backdoor in a Windows logo. Broadcom’s Symantec Threat Hunter Team observed a threat actor, tracked as Witchetty, using steganography to hide a previously undocumented backdoor in a Windows logo. The group used the backdoor in attacks against Middle Eastern governments. The cyber […]
Ars Technica
High-severity Microsoft Exchange 0-day under attack threatens 220,000 servers
Microsoft said it's working on an accelerated schedule to roll out a patch.
DarkReading
Cybercriminals See Allure in BEC Attacks Over Ransomware
While ransomware seems stalled, business email compromise (BEC) attacks continue to make profits from the ProxyShell and Log4j vulnerabilities, nearly doubling in the latest quarter.
Infosecurity News
Hackers Hide Malware in Windows Logo, Target Middle East Governments
The group continued to use the LookBack backdoor, but also several new types of malware
The Record
Mexican president confirms ‘Guacamaya’ hack targeting regional militaries
Mexico's president confirmed a widely reported cyberattack that leaked sensitive documents from militaries across Central and South America.
The Record
Microsoft confirms two Exchange Server zero days are being used in cyberattacks
Microsoft confirms it is aware of “limited targeted attacks” using vulnerabilities.
DarkReading
Microsoft Confirms Pair of Blindsiding Exchange Zero-Days, No Patch Yet
The "ProxyNotShell" security vulnerabilities can be chained for remote code execution and total takeover of corporate email platforms.
Naked Security
URGENT! Microsoft Exchange double zero-day – “like ProxyShell, only different”
Double-play 0-day in Exchange – what you need to know, and what you can do
SecurityWeek
Microsoft Confirms Exploitation of Two Exchange Server Zero-Days
Microsoft has confirmed that it’s aware of two Exchange Server zero-day vulnerabilities being exploited in targeted attacks.
SecurityWeek
Chinese Cyberespionage Group 'Witchetty' Updates Toolset in Recent Attacks
Part of the Cicada group, Witchetty has been observed progressively updating its toolset in recent attacks against Middle Eastern and African targets.
The Hacker News
Cyber Attacks Against Middle East Governments Hide Malware in Windows logo
A threat actor targeting Middle Eastern governments has been observed using a steganographic trick to hide an undocumented backdoor in a Windows logo.
SecurityWeek
Microsoft Exchange Attacks: Zero-Day or New ProxyShell Exploit?
Researchers report seeing new Microsoft Exchange zero-day being exploited in the wild, but it may just be a variation of the old ProxyShell exploit.
Security Affairs
Unpatched Microsoft Exchange Zero-Day actively exploited in the wild
Security researchers are warning of a new Microsoft Exchange zero-day that are being exploited by malicious actors in the wild. Cybersecurity firm GTSC discovered two Microsoft Exchange zero-day vulnerabilities that are under active exploitation in attacks in the wild. Both flaws were discovered by the researchers as part of an incident response activity in August […]
The Hacker News
WARNING: New Unpatched Microsoft Exchange Zero-Day Under Active Exploitation
Researchers warn of a new unpatched zero-day vulnerability in Microsoft Exchange servers that is being exploited by attackers to achieve RCE.
CyberSecurity Dive
Microsoft investigating 2 zero-day vulnerabilities in Exchange Server
One vulnerability is a server-side request forgery, while the second allows remote-code execution when an attacker has access to PowerShell.
Bleeping Computer
New Microsoft Exchange zero-days reportedly exploited in attacks
Threat actors are exploiting yet-to-be-disclosed Microsoft Exchange zero-day bugs allowing for remote code execution, according to claims made by security researchers at Vietnamese cybersecurity outfit GTSC, who first spotted and reported the attacks.
Bleeping Computer
New Microsoft Exchange zero-day actively exploited in attacks
Threat actors are exploiting yet-to-be-disclosed Microsoft Exchange zero-day bugs allowing for remote code execution, according to claims made by security researchers at Vietnamese cybersecurity outfit GTSC, who first spotted and reported the attacks.
Bleeping Computer
New Microsoft Exchange zero-days actively exploited in attacks
Threat actors are exploiting yet-to-be-disclosed Microsoft Exchange zero-day bugs allowing for remote code execution, according to claims made by security researchers at Vietnamese cybersecurity outfit GTSC, who first spotted and reported the attacks.
Bleeping Computer
Hacking group hides backdoor malware inside Windows logo image
Security researchers have discovered a malicious campaign by the 'Witchetty' hacking group, which uses steganography to hide a backdoor malware in a Windows logo.
DarkReading
Espionage Group Wields Steganographic Backdoor Against Govs, Stock Exchange
APT group Witchetty (aka LookingFrog) has exploited the ProxyShell and ProxyLogon vulnerabilities to gain initial access and deploy new custom cyber tools against government agencies and a stock exchange.
Infosecurity News
Allies Warn of Iranian Ransom Attacks Using Log4Shell
US authorities indict and sanction in fresh crackdown
SecurityWeek
US, UK, Canada and Australia Link Iranian Government Agency to Ransomware Attacks
Government agencies in the US, UK, Canada, and Australia say APTs associated with Iran’s IRGC have been engaging in data encryption and extortion operations.
DarkReading
Unflagging Iranian Threat Activity Spurs Warnings, Indictments From US Government
Authorities are cracking down on persistent cybercriminal attacks from APTs associated with Iran's Islamic Revolutionary Guard Corps.
The Hacker News
U.S. Charges 3 Iranian Hackers and Sanctions Several Others Over Ransomware Attacks
United States charges 3 Iranian hackers who carried out ransomware attacks on hundreds of organizations around the world and imposes sanctions on
SecurityWeek
New Cyberespionage Group 'Worok' Targeting Entities in Asia
ESET has identified a new cyberespionage group that has been targeting private and public entities in Asia, the Middle East, and Africa since 2020.
DarkReading
Mysterious 'Worok' Group Launches Spy Effort With Obfuscated Code, Private Tools
The threat actor — whose techniques and procedures do not match known groups — has created custom attack tools, including a program that hides scripts in .PNG images.
Bleeping Computer
New Worok cyber-espionage group targets governments, high-profile firms
A newly discovered cyber-espionage group has been hacking governments and high-profile companies in Asia since at least 2020 using a combination of custom and existing malicious tools.
The Hacker News
Worok Hackers Target High-Profile Asian Companies and Governments
Researchers uncover targeted attacks by cyber espionage hacking group Worok against high-profile Asian companies and governments.
DarkReading
Researchers Spot Snowballing BianLian Ransomware Gang Activity
The operators of the emerging cross-platform ransomware BianLian increased their command and control infrastructure this month, indicating an acceleration in their operational pace.
Infosecurity News
New Ransomware Group BianLian Activity Exploding
The threat actor using the common Go programming language and a custom toolkit claims twenty victims
.jpg)
The Hacker News
Researchers Detail Emerging Cross-Platform BianLian Ransomware Attacks
Researchers describe the operations and techniques used by the operators of the emerging cross-platform BianLian ransomware.
Bleeping Computer
BlackByte ransomware gang is back with new extortion tactics
The BlackByte ransomware is back with version 2.0 of their operation, including a new data leak site utilizing new extortion techniques borrowed from LockBit.
SecurityWeek
Cyberattack Victims Often Attacked by Multiple Adversaries: Research
New research shows that cyberattack victims are often attacked by multiple adversaries – usually, in rapid succession but sometimes simultaneously.
The Record
U.S. and Australian security agencies release list of 2021's 'top' malware strains
The most commonly seen malware strains in 2021 include Agent Tesla, Qakbot, TrickBot, GootLoader and several others, according to a new list released by CISA and the Australian Cyber Security Centre.
CyberSecurity Dive
Most cyberattacks come from ransomware, email compromise
Attackers are scanning for vulnerabilities in unpatched systems within 15 minutes, stressing the pace and scale of the threat.
Loading more articles....