Browsing tag
2021 was a year peppered by cyberattacks, with numerous data breaches happening. Not only that, but ransomware has also become a prominent player in the hackers’ world. Now, more than ever, it’s important for enterprises to step up cybersecurity measures. They can do this through several pieces of technology, such as an open-source security platform […]
Microsoft on Wednesday disclosed details of a new security vulnerability in SolarWinds Serv-U software that it said was being weaponized by threat actors to propagate attacks leveraging the Log4j flaws to compromise targets. Tracked as CVE-2021-35247 (CVSS score: 5.3), the issue is an “input validation vulnerability that could allow attackers to build a query given […]
The vulnerability was identified and fixed in 2013 but in 2014 Microsoft revised the fix allowing Malsmoke hackers in 2022 to spread ZLoader malware. Israel-based cybersecurity firm Check Point Research has been assessing a sophisticated infection chain since Nov 2021. Researchers have now published their report, stating that a new ZLoader malware campaign is underway […]
Microsoft is warning of continuing attempts by nation-state adversaries and commodity attackers to take advantage of security vulnerabilities uncovered in the Log4j open-source logging framework to deploy malware on vulnerable systems. “Exploitation attempts and testing have remained high during the last weeks of December,” Microsoft Threat Intelligence Center (MSTIC) said in revised guidance published earlier […]
The patch was issued for CVE-2021-40444 to prevent the execution of code that downloaded the Microsoft Cabinet (CAB) archive containing a malicious executable. Sophos Labs researchers have shared their findings over how attackers used a novel exploit to bypass a patch for a crucial vulnerability impacting the Microsoft Office file format. Researchers revealed that the […]
Malicious actors are deploying a previously undiscovered binary, an Internet Information Services (IIS) webserver module dubbed “Owowa,” on Microsoft Exchange Outlook Web Access servers with the goal of stealing credentials and enabling remote command execution. “Owowa is a C#-developed .NET v4.0 assembly that is intended to be loaded as a module within an IIS web […]
Microsoft has rolled out Patch Tuesday updates to address multiple security vulnerabilities in Windows and other software, including one actively exploited flaw that’s being abused to deliver Emotet, TrickBot, or Bazaloader malware payloads. The latest monthly release for December fixes a total of 67 flaws, bringing the total number of bugs patched by the company […]
Infection chains associated with the multi-purpose Qakbot malware have been broken down into “distinct building blocks,” an effort that Microsoft said will help to proactively detect and block the threat in an effective manner. The Microsoft 365 Defender Threat Intelligence Team dubbed Qakbot a “customizable chameleon that adapts to suit the needs of the multiple […]
The malware is dubbed CrypBot is essentially an information stealer that can obtain credentials for cryptocurrency wallets, browsers, credit cards, browser cookies, and capture screenshots from compromised devices. Cybersecurity solutions provider Red Canary revealed in its recent blog post that a malicious KMSPico installer is carrying malware that can steal user information from cryptocurrency wallets, […]
Dubbed Nickel by Microsoft; the group of Chinese hackers was actively using the websites for intelligence gathering from thanks tanks, human rights organizations, and government agencies in 29 countries. The Microsoft Digital Crimes Unit disrupted the activities of a hacking group based in China after a federal court allowed the company to seize the websites […]
Nobelium, the threat actor attributed to the massive SolarWinds supply chain compromise, has been once again linked to a series of attacks targeting multiple cloud solution providers, services, and reseller companies, as the hacking group continues to refine and retool its tactics at an alarming pace in response to public disclosures. The intrusions, which are […]
Microsoft on Monday announced the seizure of 42 domains used by a China-based cyber espionage group that set its sights on organizations in the U.S. and 28 other countries pursuant to a legal warrant issued by a federal court in the U.S. state of Virginia. The Redmond company attributed the malicious activities to a group […]
According to Cisco Talos, abusing the flaw would allow an attacker with limited access to get higher privileges and become an administrator. A Windows Installer security vulnerability, tracked as CVE-2021-41379, was patched by Microsoft, but according to a report from Cisco Talos, hackers already had created malware to exploit this privilege escalation flaw identified in the enterprise […]
The noteworthy aspect of this phishing campaign is that the emails were sent as replies to previously sent messages, due to which these appeared legit. According to the IT security researchers at Certitude, a Vienna-based consulting firm specializing in communication technology risks and information management, threat actors are exploiting unpatched Microsoft Exchange Servers to send […]
Unofficial patches have been issued to remediate an improperly patched Windows security vulnerability that could allow information disclosure and local privilege escalation (LPE) on vulnerable systems. Tracked as CVE-2021-24084 (CVSS score: 5.5), the flaw concerns an information disclosure vulnerability in the Windows Mobile Device Management component that could enable an attacker to gain unauthorized file […]
The ProxyShell vulnerabilities have prompted threat actors to launch domain-wide ransomware attacks against their targets, revealed a new research report from The DFIR Report. The report, published on Monday, explained that an unnamed and unpatched MS Exchange Server customer was targeted with ransomware attacks, and attackers exploited ProxyShell vulnerabilities to compromise the organization domain-wide. A […]
Microsoft recently discovered a critical security vulnerability in macOS, which as per Microsoft 365 Defender Research team’s researcher Jonathan Bar-Or, could have been used to install a rootkit on targeted Macbooks. The vulnerability was identified in System Integrity Protection (SIP) within the macOS ecosystem. Research suggests it could allow attackers to install a hardware interface […]
The prime target of this malware campaign is unsuspecting users on Windows 10. Rapid7 Managed Detection and Response team has shared details of their newly identified malware campaign, urging unsuspecting Windows users to remain cautious. This campaign is designed to steal sensitive data and cryptocurrency from infected PCs. In the latest campaign, the attackers install […]
Microsoft on Thursday disclosed details of a new vulnerability that could allow an attacker to bypass security restrictions in macOS and take complete control of the device to perform arbitrary operations on the device without getting flagged by traditional security solutions. Dubbed “Shrootless” and tracked as CVE-2021-30892, the “vulnerability lies in how Apple-signed packages with […]
Microsoft on Thursday disclosed an “extensive series of credential phishing campaigns” that takes advantage of a custom phishing kit that stitched together components from at least five different widely circulated ones with the goal of siphoning user login information. The tech giant’s Microsoft 365 Defender Threat Intelligence Team, which detected the first instances of the […]
A newly identified rootkit has been found with a valid digital signature issued by Microsoft that’s used to proxy traffic to internet addresses of interest to the attackers for over a year targeting online gamers in China. Bucharest-headquartered cybersecurity technology company Bitdefender named the malware “FiveSys,” calling out its possible credential theft and in-game-purchase hijacking […]