Security Affairs
+1,400 CrushFTP servers vulnerable to CVE-2024-4040
Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks exploiting recently disclosed CVE-2024-4040 vulnerability.
Security Affairs
Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks exploiting recently disclosed CVE-2024-4040 vulnerability.
Security Affairs
CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities catalog.
HACKRead
A critical zero-day vulnerability in CrushFTP, a popular file transfer software, allows attackers to download sensitive system files.
Security Affairs
Threat actors exploited a critical zero-day vulnerability in the CrushFTP enterprise in targeted attacks, Crowdstrike experts warn.
Infosecurity News
A joint advisory from Europol and US and Dutch government agencies estimated that Akira made around $42m in ransomware proceeds from March 2023 to January 2024
Bleeping Computer
A vulnerability tracked as CVE-2024-31497 in PuTTY 0.68 through 0.80 could potentially allow attackers with access to 60 cryptographic signatures to recover the private key used for their generation.
The DFIR Report
Key Takeaways We provide a range of services, one of which is our Threat Feed, specializing in monitoring Command and Control frameworks like Cobalt Strike, Metasploit, Sliver, Viper, Mythic, Havoc, … Read More
Cyber Security News
Cisco Systems, Inc. announced the release of its semiannual security advisory bundle, addressing vulnerabilities in its IOS XR Software.
Ars Technica
Terrapin isn't likely to be mass-exploited, but there's little reason not to patch.
Bleeping Computer
2023 was a big year for cybersecurity, with significant cyberattacks, data breaches, new threat groups emerging, and, of course, zero-day vulnerabilities.
Bleeping Computer
The latest variants of the P2Pinfect botnet are now focusing on infecting devices with 32-bit MIPS (Microprocessor without Interlocked Pipelined Stages) processors, such as routers and IoT devices.
Infosecurity News
Cado Security found the variant while investigating files uploaded to an SSH honeypot
Bleeping Computer
This article takes a deep dive into the OWASP Top 10 and advises on how to test your web applications for susceptibility to these security risks.
DarkReading
The English-speaking cyberattack group behind the MGM and Caesars Entertainment attacks is adding unique capabilities and gaining in sophistication. Prepare now, Microsoft says.
Cyber Security News
Multiple vulnerabilities have been discovered in Titan MFT and Titan SFTP servers owned by South River Technologies.
The Hacker News
Milesight's industrial routers risk unauthorized web interface access, while Titan MFT and Titan SFTP servers face remote
The Hacker News
Curl library, backbone of data transfers, to address TWO security vulnerabilities on October 11, 2023.
CSO
A report by Proofpoint identifies the new Trojan as undocumented and possessing information-stealing capabilities.
Infosecurity News
Discovered by Proofpoint, ZenRAT is a modular remote access trojan targeting Windows users
Bleeping Computer
The malware loader 'Bumblebee' has broken its two-month vacation with a new campaign that employs new distribution techniques that abuse 4shared WebDAV services.
Latest Hacking News
Multiple vulnerabilities riddled Cisco’s NX-OS and FXOS software, putting the networking devices at risk. Cisco patched the vulnerabilities with updated NX-OS and FXOS versions, urging Nexus and Firepower users to upgrade their systems as soon
Security Affairs
Cisco addressed three high-severity flaws in NX-OS and FXOS software that could cause denial-of-service (DoS) conditions. Cisco this week addressed multiple flaws in its products, including three high-severity flaws in NX-OS and FXOS software. An attacker can exploit these three issues to cause a denial-of-service (DoS) condition. Below is the list of flaws addressed by […]
Security Affairs
The Colorado Department of Health Care Policy & Financing (HCPF) disclose a data breach after MOVEit attack on IBM. The Colorado Department of Health Care Policy & Financing (HCPF) disclosed a data breach that impacted more than four million individuals. The incident is the result of a MOVEit attack on IBM, threat actors accessed the […]
Bleeping Computer
The list of LOLBAS files - legitimate binaries and scripts present in Windows that can be abused for malicious purposes, will include the main executables for Microsoft's Outlook email client and Access database management system.
Bleeping Computer
A new 'Nitrogen' initial access malware campaign uses Google and Bing search ads to promote fake software sites that infect unsuspecting users with Cobalt Strike and ransomware payloads.
Security Affairs
Personal data of the personnel at the Dublin Airport was compromised due to a MOVEit attack on professional service provider Aon. Data of about 3000 employees of Dublin Airport (DDA) were compromised after professional service provider Aon fell victim to a MOVEit Transfer attack. Dublin Airport notified local authorities and Ireland’s Data Protection Commission. Aon […]
Bleeping Computer
The BlackCat ransomware group (aka ALPHV) is running malvertizing campaigns to lure people into fake pages that mimic the official website of the WinSCP file-transfer application for Windows but instead push malware-ridden installers.
Security Affairs
Clop ransomware group added five new victims of MOVEit attacks to its dark web leak site, including Schneider Electric and Siemens Energy. The Clop ransomware group added five new victims of MOVEit attacks to its dark web leak site, including the industrial giants Schneider Electric and Siemens Energy. Both Schneider Electric and Siemens Energy provide […]
Security Affairs
Norton parent firm, Gen Digital, was the victim of a ransomware attack that exploited the recently disclosed MOVEit zero-day vulnerability. Gen Digital Inc. (formerly Symantec Corporation and NortonLifeLock) is a multinational software company that provides cybersecurity software and services. The company owns multiple brands, including Norton, Avast, LifeLock, Avira, AVG, ReputationDefender, and CCleaner. Gen Digital said it was the victim of a ransomware attack, […]
Security Affairs
The U.S. government announced up to a $10 million bounty for information linking the Clop ransomware gang to a foreign government. The US goverment is offering up to a $10 million bounty for information linking CL0P Ransomware Gang or any other threat actors targeting U.S. critical infrastructure to a foreign government. The bounty is covered […]
Naked Security
Twice more unto the breach… third patch tested and released, shut down web access until you’ve applied it
Bleeping Computer
Progress warned MOVEit Transfer customers to restrict all HTTP access to their environments after info on a new SQL injection (SQLi) vulnerability was shared online today.
Security Affairs
UK communications regulator Ofcom suffered a data breach after a Clop ransomware attack exploiting the MOVEit file transfer zero-day. UK’s communications regulator Ofcom disclosed a data breach after a Clop ransomware attack. The threat actors exploited the zero-day flaw (CVE-2023-34362,) in MOVEit file transfer and access the infrastructure of the regulator. A spokesperson for Ofcom […]
Security Affairs
Security firm Horizon3 released proof-of-concept (PoC) exploit code for the remote code execution (RCE) flaw CVE-2023-34362 in the MOVEit Transfer MFT. MOVEit Transfer is a managed file transfer that is used by enterprises to securely transfer files using SFTP, SCP, and HTTP-based uploads. The vulnerability is a SQL injection vulnerability, it can be exploited by […]
Naked Security
Backdoors, exploits, and Little Bobby Tables. Listen now! (Full transcript available…)
Security Affairs
Clop ransomware group claims to have hacked hundreds of companies globally by exploiting MOVEit Transfer vulnerability. The Clop ransomware group may have compromised hundreds of companies worldwide by exploiting a vulnerability in MOVEit Transfer software. MOVEit Transfer is a managed file transfer that is used by enterprises to securely transfer files using SFTP, SCP, and […]
Security Affairs
The BBC and British Airways were both impacted by the data breach suffered by the payroll provider Zellis. As a result of the cyber attack on the payroll provider Zellis, the personal data of employees at the BBC and British Airways has been compromised and exposed. “Zellis, a payroll company based in the UK, is […]
Naked Security
Little Bobby Tables is back!
Security Affairs
Microsoft attributes the recent campaign exploiting a zero-day in the MOVEit Transfer platform to the Clop ransomware gang. The Clop ransomware gang (aka Lace Tempest) is credited by Microsoft for the recent campaign that exploits a zero-day vulnerability, tracked as CVE-2023-34362, in the MOVEit Transfer platform. Microsoft is attributing attacks exploiting the CVE-2023-34362 MOVEit Transfer […]
Bleeping Computer
Microsoft has linked the Clop ransomware gang to recent attacks exploiting a zero-day vulnerability in the MOVEit Transfer platform to steal data from organizations.
Cyber Security News
MOVEit Transfer software was discovered to be vulnerable to a potential privilege escalation and unauthorized access to the environment.
Security Affairs
US CISA added actively exploited Progress MOVEit Transfer zero-day vulnerability to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added a Progress MOVEit Transfer SQL injection vulnerability, tracked as CVE-2023-34362, to its Known Exploited Vulnerabilities Catalog. Threat actors are actively exploiting a zero-day vulnerability in the Progress MOVEit Transfer file transfer product […]
Security Affairs
Threat actors are exploiting a zero-day flaw in Progress Software’s MOVEit Transfer product to steal data from organizations. Threat actors are actively exploiting a zero-day vulnerability in the Progress MOVEit Transfer file transfer product to steal data from organizations. MOVEit Transfer is a managed file transfer that is used by enterprises to securely transfer files […]
Bleeping Computer
Hackers are actively exploiting a zero-day vulnerability in the MOVEit Transfer file transfer software to steal data from organizations.
Cyber Security News
GoDaddy, a leading web hosting company, has reported a security breach in which its cPanel shared hosting environment was breached by unknown attackers.
Bleeping Computer
Web hosting giant GoDaddy says unknown attackers have stolen source code and installed malware on its servers after breaching its cPanel shared hosting environment in a multi-year attack.
Naked Security
It’s a bug fix for a bug fix. A memory leak was turned into a double-free that has now been turned into correct code…
Bleeping Computer
The notorious FIN7 hacking group uses an auto-attack system that exploits Microsoft Exchange and SQL injection vulnerabilities to breach corporate networks, steal data, and select targets for ransomware attacks based on financial size.
Cyber Security News
Wireshark Team launched its new version of Wireshark 4.0.0 with new enhancements updates for Protocol Support, Updated Capture File Support.
CSO
Corrupting files is faster, cheaper, and less likely to be stopped by endpoint protection tools than encrypting them.
Bleeping Computer
The BlackCat ransomware (aka ALPHV) isn't showing any signs of slowing down, and the latest example of its evolution is a new version of the gang's data exfiltration tool used for double-extortion attacks.
Trend Micro
Play is a new ransomware that takes a page out of Hive and Nokoyawa's playbook. The many similarities among them indicate that Play, like Nokoyawa, may be a Hive affiliate.
Naked Security
Learn how to write plain-speaking and purposeful security advisories from one of the most widely-used open source tools in the world.
ZDNet
Changes made to protect against attacks that ciphertext now, in order to decrypt later.
Security Affairs
TransUnion South Africa discloses a data breach, threat actors who stolen sensitive data, demanded a ransom payment not to release stolen data. TransUnion South Africa announced that threat actors compromised a company server based in South Africa using stolen credentials. Threat actors have stolen company data and demanded a ransom payment not to release stolen […]
Bleeping Computer
TransUnion South Africa has disclosed that hackers breached one of their servers using stolen credentials and demanded a extortion demand not to release stolen data.
Security Affairs
Deadbolt ransomware operators are targeting Asustor NAS (network-attached storage) appliances. Storage solutions provider Asustor is warning its customers of a wave of Deadbolt ransomware attacks targeting its NAS devices. Since January, DeadBolt ransomware operators are targeting QNAP NAS devices worldwide, its operators claim the availability of a zero-day exploit that allows them to encrypt the […]
SecurityWeek
Storage solutions provider Asustor this week issued a warning to alert users of Deadbolt ransomware attacks targeting its network-attached storage (NAS) appliances.
The Hacker News
Deadbolt ransomware malware is now targeting ASUSTOR's network-attached storage (NAS) devices.
ZDNet
The hackers are demanding bitcoin ransom payments from an unknown number of users.
Bleeping Computer
The DeadBolt ransomware is now targeting ASUSTOR NAS devices by encrypting files and demanding a $1,150 ransom in bitcoins.
The DFIR Report
In this report, we observed threat actors deploy multiple Cobalt Strike DLL beacons, perform internal discovery using Windows utilities, execute lateral movement using AnyDesk and RDP, dump credentials multiple ways, exfiltrate data and deploy domain wide ransomware in as little as 42 hours from initial access.
ThreatPost
The threat group, first identified in June, focuses solely on data exfiltration and subsequent extortion, and has already targeted 40 victims since September.
Bleeping Computer
A newly discovered malware family has been infecting Linux systems concealed in legitimate binaries. Dubbed FontOnLake, the threat delivers backdoor and rootkit components.