New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency

September 13, 2024 at 02:30AM Cybersecurity researchers have discovered a new malware campaign targeting Linux environments to illicitly mine cryptocurrency, focusing on the Oracle Weblogic server. The malware, named Hadooken, deploys a crypto miner and a DDoS botnet, exploiting vulnerabilities and misconfigurations to spread across connected environments. The campaign is linked to hosting companies in … Read more

Hackers targeting WhatsUp Gold with public exploit since August

September 12, 2024 at 12:43PM Hackers are utilizing publicly available exploit code to target two critical vulnerabilities in the WhatsUp Gold network monitoring solution from Progress Software. Based on the meeting notes, it appears that hackers have been exploiting two critical vulnerabilities in the WhatsUp Gold network availability and performance monitoring solution from Progress Software … Read more

GitLab warns of critical pipeline execution vulnerability

September 12, 2024 at 10:50AM GitLab has released critical updates to address multiple vulnerabilities, including the most severe CVE-2024-6678, allowing an attacker to trigger pipelines as arbitrary users. The release encompasses versions 17.3.2, 17.2.5, and 17.1.7 for both CE and EE, and addresses a total of 18 security issues. GitLab urges immediate upgrading to the … Read more

Palo Alto Networks Patches Dozens of Vulnerabilities 

September 12, 2024 at 09:36AM Palo Alto Networks has released patches for numerous high-severity vulnerabilities affecting its products, including PAN-OS, Cortex XDR, and Prisma Access Browser. These vulnerabilities allow attackers to execute arbitrary commands, expose sensitive information, and more. The company has also addressed issues with the integration of Cortex XSOAR and XSIAM, and an … Read more

Cisco Patches High-Severity Vulnerabilities in Network Operating System

September 12, 2024 at 07:47AM Cisco announced patches for eight vulnerabilities in the IOS XR network operating system, including fixes for six high-severity bugs. The most severe flaws allow privilege escalation and remote DoS attacks. Two high-severity flaws affecting the Routed Passive Optical Network (PON) controller software could be exploited for command injection. Cisco plans … Read more

Amateurish ‘CosmicBeetle’ Ransomware Stings SMBs in Turkey

September 12, 2024 at 02:04AM The cybercriminal group “CosmicBeetle” targets small businesses in Turkey, Spain, India, and South Africa with ransomware, often experiencing glitches due to its low sophistication. The group exploits older vulnerabilities, particularly in software used by small businesses, and has links to the LockBit group. Small and midsize businesses are its main … Read more

Akira Ransomware Actors Exploit SonicWall Bug for RCE

September 9, 2024 at 05:00PM Akira ransomware affiliates are exploiting a critical remote code execution vulnerability (CVE-2024-40766) in SonicWall’s Gen 5, Gen 6, and some Gen 7 firewall products. The US CISA has added it to their list of known exploited vulnerabilities. SonicWall advises customers to update affected appliances and take measures to limit firewall … Read more

Critical SonicWall Vulnerability Possibly Exploited in Ransomware Attacks

September 9, 2024 at 07:33AM SecurityWeek Network provides cybersecurity news, webcasts, and virtual events. The ICS section covers the ICS Cybersecurity Conference and various topics including malware, cyberwarfare, data breaches, ransomware, and risk management. Additionally, the network covers CISO strategy, industrial cybersecurity, cybersecurity funding, and M&A tracker. It appears that the meeting notes are related … Read more

GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware

September 6, 2024 at 11:45AM A critical security flaw (CVE-2024-36401, CVSS 9.8) in OSGeo GeoServer GeoTools has been exploited in campaigns distributing cryptocurrency miners, botnet malware, and the SideWalk backdoor. The attacks target IT providers in India, U.S. tech firms, Belgian government entities, and telecom companies in Thailand and Brazil. CISA and Fortinet have detected … Read more

Apache Makes Another Attempt at Patching Exploited RCE in OFBiz

September 6, 2024 at 08:00AM Apache announced a security update for open source ERP system OFBiz to address two vulnerabilities including a bypass of patches for two exploited flaws. The bypass, CVE-2024-45195, allows unauthenticated, remote attackers to execute code on affected systems. Rapid7 warns both Linux and Windows systems are affected. Users are urged to … Read more