July 1, 2024 at 03:48PM A remote code execution vulnerability in OpenSSH, named “RegreSSHion,” allows attackers to take over Linux systems. The bug, with a CVSS score of 8.1, enables root access and poses significant security risks. Despite its challenging exploitability, the need for rigorous security measures and prompt patching is emphasized, with updates available … Read more
June 11, 2024 at 12:37PM A new Windows backdoor named WarmCookie, distributed through phishing emails, has become the latest tool for cyber attackers. Despite lacking sophistication, this backdoor is actively impacting organizations globally. It targets individuals with job recruitment lures and can ultimately lead to ransomware deployment. Organizations are urged to watch out for it … Read more
May 24, 2024 at 09:24AM Thousands of computers are at risk of complete takeover due to a backdoor injected into the Justice AV Solutions (JAVS) Viewer v8.3.7 installer distributed from official servers. The backdoor, discovered by Rapid7, provides attackers with full control over affected systems. Rapid7 recommends updating to version 8.3.8 and re-imaging affected endpoints … Read more
March 18, 2024 at 08:10PM The Kimsuky-attributed campaign involves an eight-step process for compromising systems, starting with initial execution and culminating in establishing stealth and persistence by downloading additional code from Dropbox and executing it. Based on the meeting notes, it appears that the Kimsuky-attributed campaign involves eight steps to compromise systems. These steps include … Read more
February 7, 2024 at 10:57AM A critical vulnerability in the Shim Linux bootloader allows attackers to execute code and take control of a system before the kernel loads, bypassing existing security measures. The flaw, known as CVE-2023-40547, was identified by Microsoft’s Bill Demirkapi. It can be exploited through various attack points and affects Linux distributions … Read more
November 21, 2023 at 11:39AM Attackers are exploiting a critical remote code execution vulnerability in Apache ActiveMQ to target Linux systems with a cryptocurrency miner. The malware, known as Kinsing, infects vulnerable systems and deploys a cryptocurrency-mining script that drains resources. The flaw, tracked as CVE-2023-46604, allows remote attackers to execute arbitrary commands on affected … Read more
November 21, 2023 at 05:12AM Kinsing threat actors are using a critical security flaw in Apache ActiveMQ servers to infect Linux systems with cryptocurrency miners and rootkits. The malware deploys a cryptocurrency mining script that utilizes the host’s resources, causing damage to infrastructure and system performance. The group adapts to new vulnerabilities and targets misconfigured … Read more
November 3, 2023 at 11:22AM Microsoft Exchange is affected by four zero-day vulnerabilities, as reported by Trend Micro’s Zero Day Initiative (ZDI). Despite Microsoft acknowledging the flaws, they have postponed fixing them, leading ZDI to publish details to warn Exchange administrators. The vulnerabilities allow remote code execution, unauthorized information disclosure, and risk sensitive data exposure. … Read more
October 27, 2023 at 01:39PM F5 has released a fix for a critical remote code execution (RCE) vulnerability in its BIG-IP suite, marked with a severity score of 9.8 out of 10. The vulnerability, tracked as CVE-2023-46747, could allow attackers to compromise the system. F5 has advised users to upgrade affected versions to the latest … Read more