Security Affairs
+1,400 CrushFTP servers vulnerable to CVE-2024-4040
Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks exploiting recently disclosed CVE-2024-4040 vulnerability.
Security Affairs
CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog
CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities catalog.
HACKRead
Popular File Transfer Software CrushFTP Hit by Zero-Day Exploit
A critical zero-day vulnerability in CrushFTP, a popular file transfer software, allows attackers to download sensitive system files.
Security Affairs
Critical CrushFTP zero-day exploited in attacks in the wild
Threat actors exploited a critical zero-day vulnerability in the CrushFTP enterprise in targeted attacks, Crowdstrike experts warn.
Infosecurity News
Akira Ransomware Group Rakes in $42m, 250 Organizations Impacted
A joint advisory from Europol and US and Dutch government agencies estimated that Akira made around $42m in ransomware proceeds from March 2023 to January 2024
Bleeping Computer
PuTTY SSH client flaw allows recovery of cryptographic private keys
A vulnerability tracked as CVE-2024-31497 in PuTTY 0.68 through 0.80 could potentially allow attackers with access to 60 cryptographic signatures to recover the private key used for their generation.
The DFIR Report
From OneNote to RansomNote: An Ice Cold Intrusion - The DFIR Report
Key Takeaways We provide a range of services, one of which is our Threat Feed, specializing in monitoring Command and Control frameworks like Cobalt Strike, Metasploit, Sliver, Viper, Mythic, Havoc, … Read More
.webp)
Cyber Security News
Cisco Released IOS XR Software Security Advisory
Cisco Systems, Inc. announced the release of its semiannual security advisory bundle, addressing vulnerabilities in its IOS XR Software.
Ars Technica
Millions still haven’t patched Terrapin SSH protocol vulnerability
Terrapin isn't likely to be mass-exploited, but there's little reason not to patch.
Bleeping Computer
The biggest cybersecurity and cyberattack stories of 2023
2023 was a big year for cybersecurity, with significant cyberattacks, data breaches, new threat groups emerging, and, of course, zero-day vulnerabilities.
Bleeping Computer
Stealthier version of P2Pinfect malware targets MIPS devices
The latest variants of the P2Pinfect botnet are now focusing on infecting devices with 32-bit MIPS (Microprocessor without Interlocked Pipelined Stages) processors, such as routers and IoT devices.
Infosecurity News
Rust-Based Botnet P2Pinfect Targets MIPS Architecture
Cado Security found the variant while investigating files uploaded to an SSH honeypot
Bleeping Computer
The OWASP Top 10: What They Are and How to Test Them
This article takes a deep dive into the OWASP Top 10 and advises on how to test your web applications for susceptibility to these security risks.
DarkReading
Microsoft: 0ktapus Cyberattackers Evolve to 'Most Dangerous' Status
The English-speaking cyberattack group behind the MGM and Caesars Entertainment attacks is adding unique capabilities and gaining in sophistication. Prepare now, Microsoft says.
Cyber Security News
Titan File Transfer Server Flaws Let Attackers Execute Remote Code
Multiple vulnerabilities have been discovered in Titan MFT and Titan SFTP servers owned by South River Technologies.
The Hacker News
Experts Warn of Severe Flaws Affecting Milesight Routers and Titan SFTP Servers
Milesight's industrial routers risk unauthorized web interface access, while Titan MFT and Titan SFTP servers face remote
The Hacker News
Security Patch for Two New Flaws in Curl Library Arriving on October 11
Curl library, backbone of data transfers, to address TWO security vulnerabilities on October 11, 2023.
CSO
New Trojan ZenRAT masquerades as Bitwarden password manager
A report by Proofpoint identifies the new Trojan as undocumented and possessing information-stealing capabilities.
Infosecurity News
ZenRAT Malware Uncovered in Bitwarden Impersonation
Discovered by Proofpoint, ZenRAT is a modular remote access trojan targeting Windows users
Bleeping Computer
Bumblebee malware returns in new attacks abusing WebDAV folders
The malware loader 'Bumblebee' has broken its two-month vacation with a new campaign that employs new distribution techniques that abuse 4shared WebDAV services.
Latest Hacking News
Cisco Patched Multiple NX-OS And FXOS Vulnerabilities
Multiple vulnerabilities riddled Cisco’s NX-OS and FXOS software, putting the networking devices at risk. Cisco patched the vulnerabilities with updated NX-OS and FXOS versions, urging Nexus and Firepower users to upgrade their systems as soon
Security Affairs
Cisco fixes 3 high-severity DoS flaws in NX-OS and FXOS software
Cisco addressed three high-severity flaws in NX-OS and FXOS software that could cause denial-of-service (DoS) conditions. Cisco this week addressed multiple flaws in its products, including three high-severity flaws in NX-OS and FXOS software. An attacker can exploit these three issues to cause a denial-of-service (DoS) condition. Below is the list of flaws addressed by […]
Security Affairs
Colorado HCPF Department notifies 4 million individuals after IBM MOVEit breach
The Colorado Department of Health Care Policy & Financing (HCPF) disclose a data breach after MOVEit attack on IBM. The Colorado Department of Health Care Policy & Financing (HCPF) disclosed a data breach that impacted more than four million individuals. The incident is the result of a MOVEit attack on IBM, threat actors accessed the […]
.png)
Bleeping Computer
Hackers can abuse Microsoft Office executables to download malware
The list of LOLBAS files - legitimate binaries and scripts present in Windows that can be abused for malicious purposes, will include the main executables for Microsoft's Outlook email client and Access database management system.
Bleeping Computer
New Nitrogen malware pushed via Google Ads for ransomware attacks
A new 'Nitrogen' initial access malware campaign uses Google and Bing search ads to promote fake software sites that infect unsuspecting users with Cobalt Strike and ransomware payloads.
Security Affairs
MOVEit attack on Aon exposed data of the staff at the Dublin Airport
Personal data of the personnel at the Dublin Airport was compromised due to a MOVEit attack on professional service provider Aon. Data of about 3000 employees of Dublin Airport (DDA) were compromised after professional service provider Aon fell victim to a MOVEit Transfer attack. Dublin Airport notified local authorities and Ireland’s Data Protection Commission. Aon […]
Bleeping Computer
BlackCat ransomware pushes Cobalt Strike via WinSCP search ads
The BlackCat ransomware group (aka ALPHV) is running malvertizing campaigns to lure people into fake pages that mimic the official website of the WinSCP file-transfer application for Windows but instead push malware-ridden installers.
Security Affairs
Schneider Electric and Siemens Energy are two more victims of a MOVEit attack
Clop ransomware group added five new victims of MOVEit attacks to its dark web leak site, including Schneider Electric and Siemens Energy. The Clop ransomware group added five new victims of MOVEit attacks to its dark web leak site, including the industrial giants Schneider Electric and Siemens Energy. Both Schneider Electric and Siemens Energy provide […]
Security Affairs
Norton parent firm Gen Digital, was victim of a MOVEit ransomware attack too
Norton parent firm, Gen Digital, was the victim of a ransomware attack that exploited the recently disclosed MOVEit zero-day vulnerability. Gen Digital Inc. (formerly Symantec Corporation and NortonLifeLock) is a multinational software company that provides cybersecurity software and services. The company owns multiple brands, including Norton, Avast, LifeLock, Avira, AVG, ReputationDefender, and CCleaner. Gen Digital said it was the victim of a ransomware attack, […]
Security Affairs
US govt offers $10 million bounty for info linking Clop ransomware gang to a foreign government.
The U.S. government announced up to a $10 million bounty for information linking the Clop ransomware gang to a foreign government. The US goverment is offering up to a $10 million bounty for information linking CL0P Ransomware Gang or any other threat actors targeting U.S. critical infrastructure to a foreign government. The bounty is covered […]
Naked Security
MOVEit mayhem 3: “Disable HTTP and HTTPS traffic immediately”
Twice more unto the breach… third patch tested and released, shut down web access until you’ve applied it
Bleeping Computer
MOVEit Transfer customers warned of new flaw as PoC info surfaces
Progress warned MOVEit Transfer customers to restrict all HTTP access to their environments after info on a new SQL injection (SQLi) vulnerability was shared online today.
Security Affairs
UK communications regulator Ofcom hacked with a MOVEit file transfer zero-day
UK communications regulator Ofcom suffered a data breach after a Clop ransomware attack exploiting the MOVEit file transfer zero-day. UK’s communications regulator Ofcom disclosed a data breach after a Clop ransomware attack. The threat actors exploited the zero-day flaw (CVE-2023-34362,) in MOVEit file transfer and access the infrastructure of the regulator. A spokesperson for Ofcom […]
Security Affairs
Experts released PoC exploit for MOVEit Transfer CVE-2023-34362 flaw
Security firm Horizon3 released proof-of-concept (PoC) exploit code for the remote code execution (RCE) flaw CVE-2023-34362 in the MOVEit Transfer MFT. MOVEit Transfer is a managed file transfer that is used by enterprises to securely transfer files using SFTP, SCP, and HTTP-based uploads. The vulnerability is a SQL injection vulnerability, it can be exploited by […]
Naked Security
S3 Ep138: I like to MOVEit, MOVEit
Backdoors, exploits, and Little Bobby Tables. Listen now! (Full transcript available…)
Security Affairs
Clop ransomware gang claims the hack of hundreds of victims exploiting MOVEit Transfer bug
Clop ransomware group claims to have hacked hundreds of companies globally by exploiting MOVEit Transfer vulnerability. The Clop ransomware group may have compromised hundreds of companies worldwide by exploiting a vulnerability in MOVEit Transfer software. MOVEit Transfer is a managed file transfer that is used by enterprises to securely transfer files using SFTP, SCP, and […]
Security Affairs
British Airways, BBC and Boots were impacted the by Zellis data breach
The BBC and British Airways were both impacted by the data breach suffered by the payroll provider Zellis. As a result of the cyber attack on the payroll provider Zellis, the personal data of employees at the BBC and British Airways has been compromised and exposed. “Zellis, a payroll company based in the UK, is […]
Naked Security
MOVEit zero-day exploit used by data breach gangs: The how, the why, and what to do…
Little Bobby Tables is back!
Security Affairs
Microsoft blames Clop ransomware gang for ‘MOVEit Transfer’ attacks
Microsoft attributes the recent campaign exploiting a zero-day in the MOVEit Transfer platform to the Clop ransomware gang. The Clop ransomware gang (aka Lace Tempest) is credited by Microsoft for the recent campaign that exploits a zero-day vulnerability, tracked as CVE-2023-34362, in the MOVEit Transfer platform. Microsoft is attributing attacks exploiting the CVE-2023-34362 MOVEit Transfer […]
Bleeping Computer
Microsoft links Clop ransomware gang to MOVEit data-theft attacks
Microsoft has linked the Clop ransomware gang to recent attacks exploiting a zero-day vulnerability in the MOVEit Transfer platform to steal data from organizations.
Cyber Security News
MOVEit Transfer Critical Vulnerability Let Attackers Escalate Privileges
MOVEit Transfer software was discovered to be vulnerable to a potential privilege escalation and unauthorized access to the environment.
Security Affairs
CISA adds Progress MOVEit Transfer zero-day to its Known Exploited Vulnerabilities catalog
US CISA added actively exploited Progress MOVEit Transfer zero-day vulnerability to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added a Progress MOVEit Transfer SQL injection vulnerability, tracked as CVE-2023-34362, to its Known Exploited Vulnerabilities Catalog. Threat actors are actively exploiting a zero-day vulnerability in the Progress MOVEit Transfer file transfer product […]
Security Affairs
MOVEit Transfer software zero-day actively exploited in the wild
Threat actors are exploiting a zero-day flaw in Progress Software’s MOVEit Transfer product to steal data from organizations. Threat actors are actively exploiting a zero-day vulnerability in the Progress MOVEit Transfer file transfer product to steal data from organizations. MOVEit Transfer is a managed file transfer that is used by enterprises to securely transfer files […]
Bleeping Computer
New MOVEit Transfer zero-day mass-exploited in data theft attacks
Hackers are actively exploiting a zero-day vulnerability in the MOVEit Transfer file transfer software to steal data from organizations.
Cyber Security News
GoDaddy Hacked - Attackers Breached Cpanel and Stolen Source Code
GoDaddy, a leading web hosting company, has reported a security breach in which its cPanel shared hosting environment was breached by unknown attackers.
Bleeping Computer
GoDaddy: Hackers stole source code, installed malware in multi-year breach
Web hosting giant GoDaddy says unknown attackers have stolen source code and installed malware on its servers after breaching its cPanel shared hosting environment in a multi-year attack.
Naked Security
OpenSSH fixes double-free memory bug that’s pokable over the network
It’s a bug fix for a bug fix. A memory leak was turned into a double-free that has now been turned into correct code…
Bleeping Computer
FIN7 hackers create auto-attack platform to breach Exchange servers
The notorious FIN7 hacking group uses an auto-attack system that exploits Microsoft Exchange and SQL injection vulnerabilities to breach corporate networks, steal data, and select targets for ransomware attacks based on financial size.
Cyber Security News
Wireshark 4.0.0 Released - What's New!! - Cyber Security News
Wireshark Team launched its new version of Wireshark 4.0.0 with new enhancements updates for Protocol Support, Updated Capture File Support.
CSO
Ransomware operators might be dropping file encryption in favor of corrupting files
Corrupting files is faster, cheaper, and less likely to be stopped by endpoint protection tools than encrypting them.
Bleeping Computer
BlackCat ransomware’s data exfiltration tool gets an upgrade
The BlackCat ransomware (aka ALPHV) isn't showing any signs of slowing down, and the latest example of its evolution is a new version of the gang's data exfiltration tool used for double-extortion attacks.
Trend Micro
Play Ransomware's Attack Playbook Unmasks it as Another Hive Affiliate like Nokoyawa
Play is a new ransomware that takes a page out of Hive and Nokoyawa's playbook. The many similarities among them indicate that Play, like Nokoyawa, may be a Hive affiliate.
Naked Security
Serious Security: Learning from curl’s latest bug update
Learn how to write plain-speaking and purposeful security advisories from one of the most widely-used open source tools in the world.
ZDNet
OpenSSH now defaults to protecting against quantum computer attacks
Changes made to protect against attacks that ciphertext now, in order to decrypt later.
Security Affairs
Crooks claims to have stolen 4TB of data from TransUnion South Africa
TransUnion South Africa discloses a data breach, threat actors who stolen sensitive data, demanded a ransom payment not to release stolen data. TransUnion South Africa announced that threat actors compromised a company server based in South Africa using stolen credentials. Threat actors have stolen company data and demanded a ransom payment not to release stolen […]
Bleeping Computer
Hackers claim to breach TransUnion South Africa with 'Password' password
TransUnion South Africa has disclosed that hackers breached one of their servers using stolen credentials and demanded a extortion demand not to release stolen data.
Security Affairs
Deadbolt Ransomware targets Asustor and QNap NAS Devices
Deadbolt ransomware operators are targeting Asustor NAS (network-attached storage) appliances. Storage solutions provider Asustor is warning its customers of a wave of Deadbolt ransomware attacks targeting its NAS devices. Since January, DeadBolt ransomware operators are targeting QNAP NAS devices worldwide, its operators claim the availability of a zero-day exploit that allows them to encrypt the […]
SecurityWeek
Deadbolt Ransomware Targeting Asustor NAS Devices
Storage solutions provider Asustor this week issued a warning to alert users of Deadbolt ransomware attacks targeting its network-attached storage (NAS) appliances.
The Hacker News
Warning — Deadbolt Ransomware Targeting ASUSTOR NAS Devices
Deadbolt ransomware malware is now targeting ASUSTOR's network-attached storage (NAS) devices.
ZDNet
Asustor warns users of Deadbolt ransomware attacks | ZDNet
The hackers are demanding bitcoin ransom payments from an unknown number of users.
Bleeping Computer
DeadBolt ransomware now targets ASUSTOR devices, asks 50 BTC for master key
The DeadBolt ransomware is now targeting ASUSTOR NAS devices by encrypting files and demanding a $1,150 ransom in bitcoins.
The DFIR Report
Diavol Ransomware
In this report, we observed threat actors deploy multiple Cobalt Strike DLL beacons, perform internal discovery using Windows utilities, execute lateral movement using AnyDesk and RDP, dump credentials multiple ways, exfiltrate data and deploy domain wide ransomware in as little as 42 hours from initial access.
ThreatPost
'Karakurt' Extortion Threat Emerges, But Says No to Ransomware
The threat group, first identified in June, focuses solely on data exfiltration and subsequent extortion, and has already targeted 40 victims since September.
Bleeping Computer
FontOnLake malware infects Linux systems via trojanized utilities
A newly discovered malware family has been infecting Linux systems concealed in legitimate binaries. Dubbed FontOnLake, the threat delivers backdoor and rootkit components.