An Iranian-linked threat actor known as Rocket Kitten has been observed actively exploiting a recently patched VMware vulnerability to gain initial access and deploy the Core Impact penetration testing tool on vulnerable systems. Tracked as CVE-2022-22954 (CVSS score: 9.8), the critical issue concerns a case of remote code execution (RCE) vulnerability affecting VMware Workspace ONE […]
A security flaw in the Windows Print Spooler component that was patched by Microsoft in February is being actively exploited in the wild, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned. To that end, the agency has added the shortcoming to its Known Exploited Vulnerabilities Catalog, requiring Federal Civilian Executive Branch (FCEB) agencies […]
The recently disclosed critical Spring4Shell vulnerability is being actively exploited by threat actors to execute the Mirai botnet malware, particularly in the Singapore region since the start of April 2022. “The exploitation allows threat actors to download the Mirai sample to the ‘/tmp’ folder and execute them after permission change using ‘chmod,’” Trend Micro researchers […]
A variant of the Mirai botnet called Beastmode has been observed adopting newly disclosed vulnerabilities in TOTOLINK routers between February and March 2022 to infect unpatched devices and expand its reach potentially. “The Beastmode (aka B3astmode) Mirai-based DDoS campaign has aggressively updated its arsenal of exploits,” Fortinet’s FortiGuard Labs Research team said. “Five new exploits […]
The CSA and FBI have collaboratively conducted various types of analysis over hacking activity. There have been speculations on Russian State-Sponsored threat actors and their targets over Ukraine and other parts of the world. Recently, they have exploited an NGO that was using Cisco’s Duo MFA which had enabled access to cloud and email accounts […]
An analysis of SMS phone-verified account (PVA) services has led to the discovery of a rogue platform built atop a botnet involving thousands of infected Android phones, once again underscoring the flaws with relying on SMS for account validation. SMS PVA services, since gaining prevalence in 2018, provide users with alternative mobile numbers that can […]
Cybersecurity specialists from Akamai reported the detection of a malicious campaign based on the abuse of Universal Plug and Play (UPnP) protocols in order to hack routers and use them for cybercriminal purposes. The campaign was identified as Eternal Silence and turns the affected routers into a proxy server part of a cybercriminal infrastructure. It […]
Cybersecurity specialists report that hacking groups are actively exploiting CVE-2021-20038, a severe vulnerability in SonicWall Secure Mobile Access (SMA) gateways, fixed in late 2021. The flaw was described as an unauthenticated stack-based buffer overflow residing in the SMA 100 Series devices (including SMA 200, 210, 400, 410 and 500v). Threat actors can exploit the flaw […]
The Chinese hackers are actively exploiting the Log4Shell Vulnerability in the Log4j library and it is identified as “CVE-2021-44228.” Microsoft experts have claimed that Chinese hackers are targeting the companies and individuals with a new ransomware strain for double extortion, “Night Sky.” In this ongoing ransomware operation, the hackers are exploiting the CVE-2021-44228 which is […]
The Chinese hackers are actively exploiting the Log4Shell Vulnerability in the Log4j library and it is identified as “CVE-2021-44228.” Microsoft experts have claimed that Chinese hackers are targeting the companies and individuals with a new ransomware strain for double extortion, “Night Sky.” In this ongoing ransomware operation, the hackers are exploiting the CVE-2021-44228 which is […]
An ongoing ZLoader malware campaign has been uncovered exploiting remote monitoring tools and a nine-year-old flaw concerning Microsoft’s digital signature verification to siphon user credentials and sensitive information. Israeli cybersecurity company Check Point Research, which has been tracking the sophisticated infection chain since November 2021, attributed it to a cybercriminal group dubbed MalSmoke, citing similarities […]
Microsoft is warning of continuing attempts by nation-state adversaries and commodity attackers to take advantage of security vulnerabilities uncovered in the Log4j open-source logging framework to deploy malware on vulnerable systems. “Exploitation attempts and testing have remained high during the last weeks of December,” Microsoft Threat Intelligence Center (MSTIC) said in revised guidance published earlier […]
These attacks started on December 13th in which the Conti gang focused on targeting VMWare vCenter servers vulnerable to Log4Shell attacks. Advanced Intelligence (AdvIntel) security firm has discovered that the Conti ransomware gang is the first cybercriminal group to adopt and embed the Log4Shell vulnerability in their operations targeting VMware vCenter Servers. “A week after […]
A report by the security firm Kaspersky details the detection of a hacking group using an Internet Information Services (IIS) web server module identified as Owowa, with which they seek to intercept access credentials and execute remote code in Microsoft Exchange Outlook Web Access implementations. According to the researchers, Owowa is a .NET v4.0 assembly […]
An emergency security update has been released recently by the Apache Software Foundation to fix a 0-day vulnerability in the popular Log4j logging library. This 0-day vulnerability in Log4j was exploited by the threat actors to deploy ransomware. The Log4j is a Java library that is widely used in business systems and web applications. The […]
As a preventive measure, Quebec, Canada, decided to shut down some 4,000 government websites due to the risk of exploitation of a critical vulnerability affecting a popular registration system. Éric Caire, minister of digital transformation of the region, mentions that this vulnerability would put online platforms in the education, health and public administration sectors at […]
Apache has released Log4j version 2.15.0 to address the critical RCE vulnerability and users are urged to apply the update immediately. The Apache Foundation’s Log4j is a widely used open-source tool by enterprise apps and cloud services. The bad news is that a security vulnerability has been identified in this tool, reported by Alibaba Cloud […]
According to Cisco Talos, abusing the flaw would allow an attacker with limited access to get higher privileges and become an administrator. A Windows Installer security vulnerability, tracked as CVE-2021-41379, was patched by Microsoft, but according to a report from Cisco Talos, hackers already had created malware to exploit this privilege escalation flaw identified in the enterprise […]
Cybersecurity agencies from Australia, the U.K., and the U.S. on Wednesday released a joint advisory warning of active exploitation of Fortinet and Microsoft Exchange ProxyShell vulnerabilities by Iranian state-sponsored actors to gain initial access to vulnerable systems for follow-on activities, including data exfiltration and ransomware. The threat actor is believed to have leveraged multiple Fortinet […]
The infamous Mirai botnet lets threat actors use compromised devices to carry out large-scale and crippling DDoS attacks. Critical Microsoft Azure vulnerabilities reported and patched earlier this week are actively exploited by threat actors and cybercriminals. Dubbed the OMIGOD flaws; the vulnerabilities were originally discovered by the Wiz Research Team. READ: Microsoft warns of Azure […]
A recent report claims that the iON TCS platform was compromised, resulting in the leak of multiple details about the JEE Mains exam. The Central Bureau of Investigation (CBI) has launched an investigation, hoping to quickly find information about the perpetrators of the attack. TCS iON is a system designed to conduct nationwide exams, including […]