Progress discloses second critical flaw in Telerik Report Server in as many months

July 26, 2024 at 09:37AM Progress Software’s latest security advisory warns about a critical CVE-2024-6327 vulnerability in Telerik Report Server, with potential for remote code execution on versions prior to 10.1.24.709. There’s special concern due to previous successful attacks via a similar vulnerability. Another CVE-2024-6096 vulnerability in Telerik Reporting also poses a serious risk, requiring … Read more

Is GhostEmperor Back? Sygnia Finds Clues in Recent Cyber Incident

July 24, 2024 at 12:06PM The GhostEmperor threat group, initially identified by Kaspersky in 2021, saw a potential resurgence in a 2023 compromise investigated by Sygnia. They associated the new compromise with similarities in infection chains and the use of the Demodex rootkit. However, uncertainty remains whether this represents the return of GhostEmperor or a … Read more

New APT Group “CloudSorcerer” Targets Russian Government Entities

July 8, 2024 at 12:34PM A new cyber espionage group called CloudSorcerer has been detected targeting Russian government entities using cloud services for command-and-control (C2) and data exfiltration. The group’s innovative tactics and use of cloud resources, including Microsoft Graph, Yandex Cloud, Dropbox, and GitHub, demonstrates a sophisticated approach to cyber espionage and data collection. … Read more

New KV-Botnet Targeting Cisco, DrayTek, and Fortinet Devices for Stealthy Attacks

December 15, 2023 at 09:54AM A new botnet named KV-botnet, compromising firewalls and routers from various manufacturers, is used for covert data transfer by advanced persistent threat actors, particularly the China-linked threat actor Volt Typhoon. The botnet’s two clusters target high-profile victims and utilize IP addresses based in China. The operators also focus on removing … Read more