June 11, 2024 at 08:03AM Forescout annually analyzes and presents risk scores for various devices based on configuration, behavior, and function. The score quantifies the risk of a dangerous liaison between threat actors and vulnerable devices. The report aims to increase awareness and prompt urgent attention to specific devices. It is based on fresh data … Read more
June 11, 2024 at 05:03AM Cybersecurity experts have discovered an updated version of malware called ValleyRAT with new capabilities, believed to originate from a China-based threat actor. The malware utilizes a multi-stage process and DLL side-loading to evade security solutions. Additionally, there’s a new phishing campaign targeting Spanish-speaking individuals with an updated keylogger and information … Read more
June 7, 2024 at 12:14PM A threat actor known as “Sticky Werewolf” is targeting organizations in Russia’s aviation industry, with a focus on espionage related to the Russia-Ukraine conflict. The group has evolved its infection methods to include complex phishing emails and multi-stage malware, aiming to gain access to sensitive information and facilitate data exfiltration. … Read more
June 7, 2024 at 01:48AM Commando Cat, a threat actor, is behind a cryptojacking campaign leveraging poorly secured Docker instances to deploy cryptocurrency miners. The attacks involve targeting misconfigured Docker remote API servers and using Docker images to deploy cryptojacking scripts, evading detection by security software. Additionally, Chinese-speaking threat actors exploit ThinkPHP applications to deliver … Read more
June 5, 2024 at 05:57PM Threat actors are claiming to sell 3TB of data stolen from Advance Auto Parts. The stolen data includes 380 million customer profiles, 140 million customer orders, and other sensitive information. The breach is linked to compromised Snowflake accounts, affecting multiple customers. However, Snowflake claims it was not due to any … Read more
June 4, 2024 at 08:39AM CISA added an old Oracle WebLogic vulnerability, CVE-2017-3506, to its list of known exploited vulnerabilities. Chinese hackers have been using it to deploy cryptocurrency miners. Trend Micro reported that a China-based threat group, Water Sigbin, continues to exploit this vulnerability and another recent one. Their advanced techniques make detection and … Read more
June 3, 2024 at 05:09PM SonicWall Capture Labs found a high-severity remote code execution vulnerability (CVE-2024-21683) in Atlassian Confluence. It enables threat actors to execute arbitrary code with network access and macro language privileges. SonicWall released signatures to protect customers and warned about the available exploit code. Users are urged to upgrade due to Confluence … Read more
June 3, 2024 at 06:30AM Security researcher Sam Curry has identified authorization bypass issues in Cox modems, allowing potential unauthorized access and the execution of malicious commands. Following responsible disclosure, the U.S. broadband provider promptly addressed the vulnerabilities. Curry’s analysis revealed potential access to sensitive customer data and the ability to modify device settings, posing … Read more
June 3, 2024 at 04:36AM Andariel, a North Korea-linked threat actor, has been using a new Golang-based backdoor called Dora RAT in cyber attacks targeting South Korean educational institutes, manufacturing firms, and construction businesses. The attacks involve the use of multiple malware strains, a vulnerable Apache Tomcat server, and known security vulnerabilities in software. Andariel … Read more
May 31, 2024 at 01:36PM A threat actor claimed to have breached Santander and Ticketmaster, stealing data from employee accounts at Snowflake, a cloud storage provider, with the intent to extort $20 million. Snowflake refuted the claims, attributing the breaches to poorly secured customer accounts. The company is investigating unauthorized access and advises customers to … Read more