September 16, 2024 at 05:27AM Exploitation of the Ivanti Cloud Service Appliance (CSA) vulnerability CVE-2024-8190 began shortly after the vendor released patches. The high-severity flaw enables unauthorized access and remote code execution, affecting certain versions of the CSA. Ivanti has addressed the issue in Patch 519 and CSA 5.0, but noted limited customer exploitation. CISA … Read more
September 12, 2024 at 09:36AM Bad actors target Internet-exposed Selenium Grid instances for illicit cryptocurrency mining and proxyjacking. The lack of authentication makes these instances vulnerable. Threat actors exploit this to carry out malicious actions, including deploying crypto miners and proxyware solutions EarnFM and IPRoyal Pawn. Organizations are urged to configure authentication to prevent abuse. … Read more
September 12, 2024 at 06:09AM Threat actors are targeting Internet-exposed Selenium Grid servers for cryptomining, proxyjacking, and potentially more malicious activities. With thousands of exposed servers, hackers have been deploying automated malware to hijack them. Furthermore, the lack of authentication and outdated versions of Selenium Grid servers pose a significant security risk. Improperly secured servers … Read more
September 11, 2024 at 06:27AM Cybersecurity researchers have discovered new malicious Python packages targeting software developers, using fake job interviews as lures. Linked to North Korea-backed Lazarus Group, the ongoing campaign dubbed VMConnect employs modified legit PyPI libraries to embed malicious code. Attackers impersonate legitimate companies and use LinkedIn to contact and infect unsuspecting developers. … Read more
September 10, 2024 at 12:34PM CosmicBeetle debuts new ransomware, ScRansom, targeting SMBs globally, possibly as an affiliate for RansomHub. The attack spans various sectors and uses brute-force attacks and known security flaws for infiltration. Cicada3301 ransomware is observed with modifications, while a kernel-mode signed Windows driver, POORTRY, used by multiple ransomware gangs as an EDR … Read more
September 9, 2024 at 05:00PM Akira ransomware affiliates are exploiting a critical remote code execution vulnerability (CVE-2024-40766) in SonicWall’s Gen 5, Gen 6, and some Gen 7 firewall products. The US CISA has added it to their list of known exploited vulnerabilities. SonicWall advises customers to update affected appliances and take measures to limit firewall … Read more
September 6, 2024 at 09:18AM SonicWall warns customers of a potential exploit in a recently patched SonicOS vulnerability (CVE-2024-40766). The vulnerability impacts Gen 5, Gen 6, and Gen 7 firewalls, allowing unauthorized access and possible crashes. They advise immediate patching and password updates to mitigate risks. There are no reports of exploitation yet. Based on … Read more
September 5, 2024 at 11:28AM Hackers are using a fake OnlyFans tool to target other hackers, claiming to help steal accounts but actually infecting them with the Lumma stealer malware, which steals information. It seems like the meeting notes are discussing how hackers are targeting other hackers with a fake OnlyFans tool that claims to … Read more
September 5, 2024 at 06:24AM Hackers deceive other hackers by distributing a fake tool for OnlyFans, infecting them with Lumma stealer malware. This exemplifies the blurred lines in cybercrime. Lumma is an info-stealing malware, with the capability to spread additional payloads and regain expired Google tokens. Veriti’s findings also uncover a broader operation targeting Disney+ … Read more
September 4, 2024 at 06:06PM The MacroPack framework, originally for Red Team exercises, is exploited by threat actors to distribute malicious payloads such as Havoc, Brute Ratel, and PhantomCore. Security researchers at Cisco Talos found various documents in different countries, indicating widespread abuse. These attacks use advanced evasion techniques and represent a concerning trend. Ransomware … Read more