Apr 20, 2024NewsroomVulnerability / Network Security Palo Alto Networks has shared more details of a critical security flaw impacting PAN-OS that has come under active exploitation in the wild by malicious actors. The company described the vulnerability, tracked as CVE-2024-3400 (CVSS score: 10.0), as "intricate" and a combination of two bugs in versions PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 … [Read more...]
Critical Update: CrushFTP Zero-Day Flaw Exploited in Targeted Attacks
Apr 20, 2024NewsroomVulnerability / Endpoint Security Users of the CrushFTP enterprise file transfer software are being urged to update to the latest version following the discovery of a security flaw that has come under targeted exploitation in the wild. "CrushFTP v11 versions below 11.1 have a vulnerability where users can escape their VFS and download system files," CrushFTP said in an … [Read more...]
BlackTech Targets Tech, Research, and Gov Sectors New 'Deuterbear' Tool
Apr 19, 2024NewsroomNetwork Security / Firmware Security Technology, research, and government sectors in the Asia-Pacific region have been targeted by a threat actor called BlackTech as part of a recent cyber attack wave. The intrusions pave the way for an updated version of modular backdoor dubbed Waterbear as well as its enhanced successor referred to as Deuterbear. "Waterbear is known for its … [Read more...]
How Attackers Can Own a Business Without Touching the Endpoint
Attackers are increasingly making use of "networkless" attack techniques targeting cloud apps and identities. Here's how attackers can (and are) compromising organizations – without ever needing to touch the endpoint or conventional networked systems and services. Before getting into the details of the attack techniques being used, let's discuss why these attacks are becoming more prevalent. … [Read more...]
Akira Ransomware Gang Extorts $42 Million; Now Targets Linux Servers
Threat actors behind the Akira ransomware group have extorted approximately $42 million in illicit proceeds after breaching the networks of more than 250 victims as of January 1, 2024. "Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities in North America, Europe, and Australia," cybersecurity agencies from the Netherlands and the U.S., … [Read more...]
Hackers Target Middle East Governments with Evasive "CR4T" Backdoor
Apr 19, 2024NewsroomCyber Espionage / Threat Intelligence Government entities in the Middle East have been targeted as part of a previously undocumented campaign to deliver a new backdoor dubbed CR4T. Russian cybersecurity company Kaspersky said it discovered the activity in February 2024, with evidence suggesting that it may have been active since at least a year prior. The campaign has been … [Read more...]
OfflRouter Malware Evades Detection in Ukraine for Almost a Decade
Apr 18, 2024NewsroomIncident Response / Cyber Espionage Select Ukrainian government networks have remained infected with a malware called OfflRouter since 2015. Cisco Talos said its findings are based on an analysis of over 100 confidential documents that were infected with the VBA macro virus and uploaded to the VirusTotal malware scanning platform. "The documents contained VBA code to drop and … [Read more...]
FIN7 Cybercrime Group Targeting U.S. Auto Industry with Carbanak Backdoor
Apr 18, 2024NewsroomCyber Attack / Malware The infamous cybercrime syndicate known as FIN7 has been linked to a spear-phishing campaign targeting the U.S. automotive industry to deliver a known backdoor called Carbanak (aka Anunak). "FIN7 identified employees at the company who worked in the IT department and had higher levels of administrative rights," the BlackBerry research and intelligence … [Read more...]
Recover from Ransomware in 5 Minutes—We will Teach You How!
Super Low RPO with Continuous Data Protection:Dial Back to Just Seconds Before an Attack Zerto, a Hewlett Packard Enterprise company, can help you detect and recover from ransomware in near real-time. This solution leverages continuous data protection (CDP) to ensure all workloads have the lowest recovery point objective (RPO) possible. The most valuable thing about CDP is that it does not use … [Read more...]
How to Conduct Advanced Static Analysis in a Malware Sandbox
Sandboxes are synonymous with dynamic malware analysis. They help to execute malicious files in a safe virtual environment and observe their behavior. However, they also offer plenty of value in terms of static analysis. See these five scenarios where a sandbox can prove to be a useful tool in your investigations. Detecting Threats in PDFs PDF files are frequently exploited by threat actors to … [Read more...]
New Android Trojan 'SoumniBot' Evades Detection with Clever Tricks
Apr 18, 2024NewsroomMobile Security / Malware A new Android trojan called SoumniBot has been detected in the wild targeting users in South Korea by leveraging weaknesses in the manifest extraction and parsing procedure. The malware is "notable for an unconventional approach to evading analysis and detection, namely obfuscation of the Android manifest," Kaspersky researcher Dmitry Kalinin said in … [Read more...]
Global Police Operation Disrupts 'LabHost' Phishing Service, Over 30 Arrested Worldwide
As many as 37 individuals have been arrested as part of an international crackdown on a cybercrime service called LabHost that has been used by criminal actors to steal personal credentials from victims around the world. Described as one of the largest Phishing-as-a-Service (PhaaS) providers, LabHost offered phishing pages targeting banks, high-profile organizations, and other service providers … [Read more...]
Hackers Exploit OpenMetadata Flaws to Mine Crypto on Kubernetes
Apr 18, 2024NewsroomContainer Security / Cryptocurrency Threat actors are actively exploiting critical vulnerabilities in OpenMetadata to gain unauthorized access to Kubernetes workloads and leverage them for cryptocurrency mining activity. That's according to the Microsoft Threat Intelligence team, which said the flaws have been weaponized since the start of April 2024. OpenMetadata is an … [Read more...]
Malicious Google Ads Pushing Fake IP Scanner Software with Hidden Backdoor
Apr 18, 2024NewsroomMalvertising / Endpoint Security A new Google malvertising campaign is leveraging a cluster of domains mimicking a legitimate IP scanner software to deliver a previously unknown backdoor dubbed MadMxShell. "The threat actor registered multiple look-alike domains using a typosquatting technique and leveraged Google Ads to push these domains to the top of search engine results … [Read more...]
Russian APT Deploys New 'Kapeka' Backdoor in Eastern European Attacks
Apr 17, 2024NewsroomRansomware / Cyber Espionage A previously undocumented "flexible" backdoor called Kapeka has been "sporadically" observed in cyber attacks targeting Eastern Europe, including Estonia and Ukraine, since at least mid-2022. The findings come from Finnish cybersecurity firm WithSecure, which attributed the malware to the Russia-linked advanced persistent threat (APT) group … [Read more...]
GenAI: A New Headache for SaaS Security Teams
The introduction of Open AI's ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, … [Read more...]
Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware
Apr 17, 2024NewsroomEncryption / Vulnerability Threat actors are exploiting unpatched Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. The attacks leverage CVE-2023-22518 (CVSS score: 9.1), a critical security vulnerability impacting the Atlassian Confluence Data Center and Server that allows an unauthenticated attacker to reset Confluence and create an … [Read more...]
Hackers Exploit Fortinet Flaw, Deploy ScreenConnect, Metasploit in New Campaign
Apr 17, 2024NewsroomVulnerability / Web Application Firewall Cybersecurity researchers have discovered a new campaign that's exploiting a recently disclosed security flaw in Fortinet FortiClient EMS devices to deliver ScreenConnect and Metasploit Powerfun payloads. The activity entails the exploitation of CVE-2023-48788 (CVSS score: 9.3), a critical SQL injection flaw that could permit an … [Read more...]
Cisco Warns of Global Surge in Brute-Force Attacks Targeting VPN and SSH Services
Apr 17, 2024NewsroomIoT Security / Network Security Cisco is warning about a global surge in brute-force attacks targeting various devices, including Virtual Private Network (VPN) services, web application authentication interfaces, and SSH services, since at least March 18, 2024. "These attacks all appear to be originating from TOR exit nodes and a range of other anonymizing tunnels and … [Read more...]
OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt
Apr 16, 2024NewsroomSupply Chain / Software Security Security researchers have uncovered a "credible" takeover attempt targeting the OpenJS Foundation in a manner that evokes similarities to the recently uncovered incident aimed at the open-source XZ Utils project. "The OpenJS Foundation Cross Project Council received a suspicious series of emails with similar messages, bearing different names … [Read more...]
- 1
- 2
- 3
- …
- 99
- Next Page »