June 20, 2024 at 12:01PM A widespread campaign is targeting cryptocurrency users through fake virtual meeting software, Vortax, delivering infostealing malware such as Rhadamanthys, Stealc, and Atomic. The threat actor “Markopolo” is linked to this campaign, posing as a legitimate software company but actually engaging in credential harvesting. This campaign highlights an increased focus on … Read more
June 18, 2024 at 02:11PM VMware has issued a security advisory for critical vulnerabilities in vCenter Server, impacting versions 7.0 and 8.0, and Cloud Foundation versions 4.x and 5.x. The vulnerabilities include remote code execution and local privilege escalation flaws. The vendor has released fixes for the vulnerabilities and advises applying updates promptly to mitigate … Read more
June 18, 2024 at 07:35AM NHS Dumfries and Galloway’s CEO will notify residents of a recent cyberattack through personalized letters. The attack exposed patient and staff data, emphasizing the seriousness of the breach. Vulnerable individuals are a priority for analysis and will receive direct communication regarding the breach. Additionally, the letter details cybersecurity risks and … Read more
June 14, 2024 at 03:00PM Panera Bread has notified employees of a data breach following a “security incident” in March. The unauthorized access to internal files resulted in the theft of employees’ names, Social Security numbers, and possibly other employment-related information. Panera has offered a one-year membership to CyEx’s credit monitoring and identity theft resolution … Read more
June 13, 2024 at 03:33PM A newly identified North Korean threat actor, Moonstone Sleet, is expanding its distribution of malicious npm packages to public registries, targeting the software supply chain and open source code repositories. It differentiates itself through various techniques, posing a growing risk to the open source community. Organizations are urged to implement … Read more
June 12, 2024 at 06:16PM Symantec’s threat hunters suspect Black Basta ransomware gang exploited a Windows privilege escalation bug, CVE-2024-26169, before Microsoft’s patch. Symantec’s analysis suggests the ransomware could have been compiled pre-patch, allowing “at least one group” to exploit the vulnerability as a zero-day. The ransomware gang, tracked as Storm-1811, used social engineering attacks … Read more
June 12, 2024 at 11:08AM Microsoft has deprecated its DirectAccess remote access solution and recommends companies to transition to ‘Always On VPN’ for increased security and ongoing support. Always On VPN, introduced as a successor to DirectAccess, supports modern VPN protocols and is more flexible, requiring users to plan and execute a migration to avoid … Read more
June 12, 2024 at 09:47AM A 28-year-old Russian man in Kyiv was arrested for collaborating with Conti and LockBit ransomware operations, making their malware undetectable and conducting an attack himself. The arrest was part of ‘Operation Endgame’, which dismantled botnets and main operators. The man was specialized in developing custom crypters to evade antivirus detection … Read more
June 11, 2024 at 04:39AM Summary: This blog post analyzes the Noodle RAT backdoor, used by Chinese-speaking groups in cybercrime and espionage. It covers the backdoor’s history, capabilities for Windows and Linux, command-and-control communication, backdoor commands, similarities with Gh0st RAT and Rekoobe, and the discovery of a control panel and builder for Noodle RAT. Authors: … Read more
June 7, 2024 at 02:23PM SolarWinds released version 2024.2 with new features, upgrades, and security patches. This includes fixing high-severity SWQL injection bug (CVE-2024-28996), reported by a NATO-affiliated penetration tester. Other flaws fixed are a high-severity cross-site scripting flaw (CVE-2024-29004) and a medium-severity race condition vulnerability. The update also enhances map functionality and overall stability. … Read more