You had a year to patch this Veeam flaw and now it’s going to hurt

July 11, 2024 at 03:37AM EstateRansomware exploits unpatched Veeam vulnerabilities to drop LockBit variant ransomware and extort payments from victims. The gang gains initial access through brute force attacks against FortiGate firewalls and exploits a Veeam flaw to establish persistence and execute ransomware. Veeam issued a patch in March 2023, emphasizing the importance of timely … Read more

Windows MSHTML zero-day used in malware attacks for over a year

July 10, 2024 at 12:08PM Microsoft fixed a Windows zero-day vulnerability (CVE-2024-38112) used to exploit Internet Explorer and launch malicious scripts. Threat actors distributed Windows Internet Shortcut Files to spoof legitimate-looking files, tricking users into downloading and running HTA files disguised as PDFs. The flaw is fixed in July 2024 Patch Tuesday updates, directing mhtml: … Read more

Mekotio Banking Trojan Threatens Financial Systems in Latin America

July 4, 2024 at 05:14AM The Mekotio banking trojan is a significant threat to financial systems in Latin America, targeting countries such as Brazil, Chile, Mexico, Spain, and Peru. It infiltrates systems through phishing emails, aiming to steal sensitive information, particularly banking credentials. Users can protect themselves by being cautious with emails, avoiding clicking on … Read more

P2Pinfect Worm Now Dropping Ransomware on Redis Servers

June 26, 2024 at 08:08AM The P2Pinfect worm, originally targeting Redis servers, has been modified to include ransomware and cryptocurrency mining payloads. This new update poses a heightened threat to Redis servers. This update was reported by SecurityWeek. Based on the meeting notes, the key takeaways are: – The P2Pinfect worm, previously targeting Redis servers, … Read more

Warning: Markopolo’s Scam Targeting Crypto Users via Fake Meeting Software

June 19, 2024 at 07:00AM A threat actor known as markopolo has been identified as behind a large-scale cross-platform scam targeting digital currency users using social media. The attack involves using a virtual meeting software, Vortax, to deliver malware. The article also highlights cybercriminals’ exploitation of cloud storage services to direct users to phishing landing … Read more

Azure Service Tags tagged as security risk, Microsoft disagrees

June 3, 2024 at 02:59PM Tenable researchers discovered a high-severity vulnerability in Azure Service Tags, potentially allowing access to customers’ private data. Attackers could exploit the vulnerability to impersonate trusted Azure services, bypass firewall rules, and access internal APIs. Microsoft contends Service Tags are not a security boundary and advises additional authentication and authorization layers … Read more

RedTail Crypto-Mining Malware Exploiting Palo Alto Networks Firewall Vulnerability

May 30, 2024 at 11:03AM The RedTail cryptocurrency mining malware has evolved, incorporating a new PAN-OS vulnerability and advanced anti-analysis techniques. It’s known for utilizing patched vulnerabilities in various systems for propagation. The latest version includes encrypted mining configuration and operates without a cryptocurrency wallet, indicating a switch to a private mining pool for financial … Read more

Microsoft Uncovers ‘Moonstone Sleet’ — New North Korean Hacker Group

May 29, 2024 at 07:00AM A new North Korean threat actor, Moonstone Sleet, is attributed to cyber attacks targeting various sectors with ransomware and bespoke malware previously associated with the infamous Lazarus Group. Moonstone Sleet uses a combination of old and unique techniques to achieve its objectives, posing a significant threat. The disclosure warns of … Read more

Here’s yet more ransomware using BitLocker against Microsoft’s own users

May 23, 2024 at 05:34PM Ransomware dubbed ShrinkLocker, utilizing Microsoft BitLocker to encrypt and extort payments, has been spotted by Kaspersky’s security team. The malware targets various sectors and hinders effective response, maximizing damage. It uses VBScript to determine the OS and allows attackers to change partition labels, extort victims, and delete recovery options. Kaspersky … Read more

Critical GitHub Enterprise Server Flaw Allows Authentication Bypass

May 21, 2024 at 01:22PM GitHub has addressed a critical flaw (CVE-2024-4985) in GitHub Enterprise Server, allowing unauthorized access on instances using SAML SSO with encrypted assertions. The issue affects versions prior to 3.13.0 and has been fixed in versions 3.9.15, 3.10.12, 3.11.10, and 3.12.4. Organizations using vulnerable versions are advised to update for security. … Read more