PoC Exploit Emerges for Critical RCE Bug in Ivanti Endpoint Manager

June 13, 2024 at 03:40PM Researchers developed a proof-of-concept exploit for an SQL injection bug, CVE-2024-29824, in Ivanti Endpoint Manager. The bug allows unauthenticated attackers to execute code remotely, posing a significant threat. Ivanti responded promptly, releasing a patch within six weeks. Organizations are advised to implement the patch and restrict access to the management … Read more

Cryptojacking Campaign Targets Misconfigured Kubernetes Clusters

June 12, 2024 at 10:09AM Cybersecurity researchers have uncovered an ongoing cryptojacking campaign targeting misconfigured Kubernetes clusters to mine Dero cryptocurrency. The threat actors abused anonymous access to launch malicious container images containing a DERO miner. The attack involves targeting externally accessible Kubernetes API servers and uses obfuscation techniques to resist analysis. The attacker’s tactics … Read more

Black Basta Ransomware May Have Exploited MS Windows Zero-Day Flaw

June 12, 2024 at 07:39AM Symantec reports that threat actors using Black Basta ransomware exploited a privilege escalation flaw in Microsoft’s Windows Error Reporting Service as a zero-day, patched in March 2024. Symantec’s observation points to attempts to exploit the vulnerability in an unsuccessful ransomware attack. It also highlights the emergence of a new ransomware … Read more

Hackers Exploit Legitimate Packer Software to Spread Malware Undetected

June 6, 2024 at 06:18AM Threat actors are employing legitimate packer software like BoxedApp to distribute malware, targeting financial and government sectors. Malware families like Agent Tesla and Remcos are being propagated using NSIXloader. Another packer codenamed Kiteshield has been used by threat actors to target Linux systems. These techniques aim to evade endpoint security … Read more

Hackers Use MS Excel Macro to Launch Multi-Stage Malware Attack in Ukraine

June 4, 2024 at 08:13AM A sophisticated cyber attack targeting endpoints in Ukraine aims to deploy Cobalt Strike and establish control over compromised hosts. The attack involves a multi-stage malware strategy using a Microsoft Excel file with an embedded VBA macro. The attack employs evasion techniques, location-based checks, and manipulation of DLL files for persistence … Read more

Researcher Uncovers Flaws in Cox Modems, Potentially Impacting Millions

June 3, 2024 at 06:30AM Security researcher Sam Curry has identified authorization bypass issues in Cox modems, allowing potential unauthorized access and the execution of malicious commands. Following responsible disclosure, the U.S. broadband provider promptly addressed the vulnerabilities. Curry’s analysis revealed potential access to sensitive customer data and the ability to modify device settings, posing … Read more

Beyond Threat Detection – A Race to Digital Security

May 31, 2024 at 08:09AM The digital landscape presents both benefits and threats as sharing digital content expands, particularly through email, documents, and chat. Cybersecurity is a relentless battle, with threat actors continuously evolving tactics to outpace defenses. Everfox’s innovative prevention-based approach, especially its transformation-based Content Disarm and Reconstruction, is non-reliant on detection and effectively … Read more

Microsoft’s ‘Recall’ Feature Draws Criticism From Privacy Advocates

May 24, 2024 at 02:32PM Microsoft is introducing “Recall,” an AI-powered feature that enables users to find and remember content on their PC. The technology takes periodic snapshots, storing them locally and fully encrypted. However, this has raised privacy concerns, as critics worry about potential exposure of sensitive information. Microsoft assures users of control and … Read more

Hackers Created Rogue VMs to Evade Detection in Recent MITRE Cyber Attack

May 24, 2024 at 12:51PM MITRE Corporation disclosed a cyber attack on a not-for-profit company in late December 2023, revealing details of the attack involving rogue virtual machines created within the VMware environment. The attack, attributed to a China-linked threat actor, exploited Ivanti Connect Secure flaws and highlights the need for organizations to remain vigilant … Read more

Fake Antivirus Websites Deliver Malware to Android and Windows Devices

May 24, 2024 at 09:51AM Threat actors are using fake websites posing as legitimate antivirus solutions like Avast, Bitdefender, and Malwarebytes to distribute malware targeting Android and Windows devices. The malware can steal sensitive information. The firms also observed a new Android banking trojan called Antidot, posing as a Google Play update, to facilitate information … Read more