July 1, 2024 at 01:48PM Cisco patched an NX-OS zero-day vulnerability used in April attacks to install new malware on susceptible switches. Sygnia attributed the attacks to a Chinese state-sponsored group called Velvet Ant. The exploit allowed the threat actors to gain access, upload files, and execute malicious code. Cisco advises monitoring and changing administrative … Read more
June 25, 2024 at 12:53PM Multiple plug-ins on WordPress.org were compromised by threat actors, injecting malicious code aimed at granting attackers administrative privileges and enabling further malicious activity. The affected plug-ins, including the popular Social Warfare, have been delisted and are unavailable for download, with a recommendation to remove them immediately and perform a complete … Read more
June 20, 2024 at 01:31PM The need for enhanced email security is evident as cyber threats continue to rise in remote work environments. In 2023, Trend Micro discovered over 45 million high-risk email threats, emphasizing the insufficiency of native security in popular email services. Phishing incidents surged by 40%, with credential phishing and BEC attacks … Read more
June 20, 2024 at 12:45PM The text highlights the increasing risks associated with email threats in 2023, with a rise in phishing, malware attacks, and business email compromise (BEC) incidents. It emphasizes the limitations of built-in security for popular email services and recommends leveraging a SaaS-based platform like Cloud App Security for comprehensive visibility and … Read more
June 13, 2024 at 06:48AM Cybersecurity firm Intezer identified a new malware, SSLoad, distributed through a previously undocumented loader called PhantomLoader. SSLoad infiltrates systems through phishing emails and delivers additional malware. It has been observed deploying the legitimate adversary simulation software Cobalt Strike. The malware demonstrates sophisticated capabilities, including reconnaissance and dynamic string decryption. Phishing … Read more
June 5, 2024 at 05:56AM A new Linux variant of TargetCompany ransomware has been discovered, using a custom shell script to deliver and execute the payload, as well as exfiltrate victim information. This variant also targets VMware ESXi environments, potentially increasing the impact and chances of ransom payment. Trend Micro has observed increased activity of … Read more
June 4, 2024 at 08:09AM Malware creators are increasingly using legitimate packer apps like BoxedApp to evade detection, with a surge in usage over the past year. This has been observed especially in remote access trojans and ransomware. BoxedApp offers features that make it harder for security systems to detect malware, resulting in a high … Read more
May 30, 2024 at 10:21AM Cybersecurity researchers have warned of high-severity security vulnerabilities in various WordPress plugins, being actively exploited to create rogue administrator accounts for further exploitation. The flaws allow for unauthenticated stored cross-site scripting attacks, enabling threat actors to inject malicious scripts. To mitigate these risks, WordPress site owners should review installed plugins, … Read more
May 22, 2024 at 07:42AM SecurityWeek’s TDIR Summit on May 22nd is a virtual event focusing on post-incident forensics and tools for combating malware and ransomware attacks. The agenda includes sessions on topics like fortifying cyber defense, ransomware preparedness, and AI-driven malware detection. The event also features demos, resources, and a virtual expo hall. Based … Read more
May 21, 2024 at 06:34PM The ‘REF4578’ crypto mining campaign deploys GhostEngine, a sophisticated malicious payload, using vulnerable drivers to disable security products and deploy an XMRig miner. Researchers highlight GhostEngine’s unusual sophistication and provide detection rules, but the campaign’s origin and scope remain unknown. To defend against GhostEngine, look out for suspicious PowerShell execution, … Read more