The threat actors behind the BianLian ransomware have been observed exploiting security flaws in JetBrains TeamCity software to conduct their extortion-only attacks. According to a new report from GuidePoint Security, which responded to a recent intrusion, the incident “began with the exploitation of a TeamCity server which resulted in the deployment of a PowerShell implementation […]
Identity services provider Okta on Friday disclosed a new security incident that allowed unidentified threat actors to leverage stolen credentials to access its support case management system. “The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases,” David Bradbury, Okta’s chief security officer, said. “It should […]
A number of state-back threat actors from Russia and China have been observed exploiting a recent security flaw in the WinRAR archiver tool for Windows as part of their operations. The vulnerability in question is CVE-2023-38831 (CVSS score: 7.8), which allows attackers to execute arbitrary code when a user attempts to view a benign file […]
Despite the disruption to its infrastructure, the threat actors behind the QakBot malware have been linked to an ongoing phishing campaign since early August 2023 that led to the delivery of Ransom Knight (aka Cyclops) ransomware and Remcos RAT. This indicates that “the law enforcement operation may not have impacted Qakbot operators’ spam delivery infrastructure […]
Threat actors are exploiting poorly secured Microsoft SQL (MS SQL) servers to deliver Cobalt Strike and a ransomware strain called FreeWorld. Cybersecurity firm Securonix, which has dubbed the campaign DB#JAMMER, said it stands out for the way the toolset and infrastructure is employed. “Some of these tools include enumeration software, RAT payloads, exploitation and credential […]
An unidentified threat actor has deployed the Yashma ransomware variant since June 4, 2023, actively targeting English-speaking countries like:- Bulgaria China Vietnam While this new variant of Yashma ransomware has reemerged after being fixed last year since the release of a decryptor. This operation was recently identified by the cybersecurity researchers at Cisco Talos, who […]
A new analysis of Raspberry Robin’s attack infrastructure has revealed that it’s possible for other threat actors to repurpose the infections for their own malicious activities, making it an even more potent threat. Raspberry Robin (aka QNAP worm), attributed to a threat actor dubbed DEV-0856, is a malware that has increasingly come under the radar […]
Microsoft’s Dynamics 365 Customer Voice is a software that is primarily used to collect customer feedback.It may be utilized to gather data into actionable insights, track consumer feedback, and conduct polls of client satisfaction. To communicate with victims, hackers are exploiting the Static Expressway. In a nutshell, it’s a method for evading security scanners that […]
With the use of the Splunk software, real-time data can be collected, indexed, and corroborated in a searchable repository from which graphs, reports, alarms, dashboards, and visualizations may be produced. Machine data is used by Splunk to find patterns in data, provide metrics, identify issues, and provide information for business operations. On November 2, Splunk […]
By deploying a new Trojan named LOWZERO, integrated into an espionage campaign aimed against Tibetan organizations, the Chinese APT known as TA413 is exploiting a variety of flaws in Microsoft Office and Sophos Firewall. The majority of the targets were businesses connected to the exiled Tibetan administration as well as organizations connected to the Tibetan […]
Two crucial flaws in the firmware of several corporate printer models have been made public by Hewlett Packard. If exploited, these flaws would allow remote adversaries to execute malicious program on the vulnerable printer models. Due to insufficient bounds validation, the flaw (CVE-2022-28721), assessed as serious in severity with a CVSS scale of 9.8, is […]
The Cyber Security Agency of the United States (CISA) added to its catalog of vulnerabilities that are being actively exploited a recently discovered flaw in UnRAR. About the UnRAR vulnerability As CVE-2022-30333, this is a path traversal vulnerability in the version of RAR for Linux and UNIX systems. If successfully exploited, a malicious actor is […]
Today’s web has made hackers’ tasks remarkably easy. For the most part, hackers don’t even have to hide in the dark recesses of the web to take advantage of people any longer; they can be found right in plain sight on social media sites or forums, professionally advertised with their websites, and may even approach […]
OpenSSL is a famous cryptography library that provides an open source implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. It allows generating RSA private keys and performing encryption and decryption. A critical vulnerability in OpenSSL could allow a threat actor to achieve remote code execution (RCE) on server-side devices. Heap […]
The U.S. Drug Enforcement Administration (DEA) reports that it has begun an investigation into alleged cyberattacks that would have compromised up to 16 databases of federal agencies. According to KrebsOnSecurity researchers, this incident could be related to a cybercriminal group whose members pose as law enforcement officers in order to access sensitive information. A few […]
Cybercriminal groups have been exploiting a critical vulnerability in F5 BIG-IP solutions to erase file systems on affected devices, rendering servers completely useless. Tracked as CVE-2022-1388, successful exploitation of the flaw would allow remote threat actors to execute commands on BIG-IP network devices with root user privileges, making it a critical security risk. The company […]
Cybersecurity specialists report that hacking groups are actively exploiting CVE-2021-20038, a severe vulnerability in SonicWall Secure Mobile Access (SMA) gateways, fixed in late 2021. The flaw was described as an unauthenticated stack-based buffer overflow residing in the SMA 100 Series devices (including SMA 200, 210, 400, 410 and 500v). Threat actors can exploit the flaw […]
One of Australia leading water supply platforms confirmed that its systems were compromised by threat actors for nine long months. Apparently, threat actors left malicious files on a web server to redirect legitimate traffic to a video platform as early as 2020. Sunwater acknowledged the computer intrusion after filing a notification with local authorities, who […]
A new threat emerged recently in the wild that drops malware like Qakbot and Cobalt Strike onto negotiated systems and networks; this new threat is dubbed as “Squirrelwaffle” and threat actors are actively spreading Squirrelwaffle through several malicious email campaigns. Shortly after the disruption of the widely used botnet, Emotet by the law enforcement agencies, […]
The IT security researchers at Proofpoint have discovered a new malware campaign in which threat actors from a group called TA544 are targeting organizations in Italy with Ursnif banking trojan. Ursnif (also known as Gozi) has a history of targeting Italian organizations over the past year. The malware is capable of stealing banking information from […]
According to researchers, cybercriminals are abusing legitimate challenge and response services like Google’s reCAPTCHA or deploying customized fake CAPTCHA-like validation. Palo Alto Networks’ Unit 42 researchers have published a detailed report on how cybercriminals exploit CAPTCHA features including Google’s I Am Not A Robot Function dubbed reCAPTCHA to carry out their scams against unsuspected users. These […]