#VulnerabilityExploitation

Exploitation Attempts Target Citrix Session Recording Vulnerabilities

November 21, 2024 by Xynik

November 21, 2024 at 04:34AM Exploitation attempts have been reported for two Citrix Session Recording vulnerabilities (CVE-2024-8068, CVE-2024-8069), which allow remote code execution. Although patches were issued, some reports suggest systems are exposed to the internet. Citrix advises users to update software to mitigate risks, as exploitation attempts continue. **Meeting Takeaways:** 1. **Vulnerability Overview:** – … Read more

Over 70 zero-day flaws get hackers $1 million at Pwn2Own Ireland

October 26, 2024 by Xynik

October 26, 2024 at 05:49AM Pwn2Own Ireland 2024 concluded with over $1 million awarded for 70+ zero-day vulnerabilities. Security researchers targeted devices across eight categories, earning $1,066,625. Viettel Cyber Security won the “Master of Pwn” title. The next event will be in Tokyo on January 22, 2025, focusing on the automotive industry. **Takeaways from Meeting … Read more

‘Prometei’ Botnet Spreads Its Cryptojacker Worldwide

October 24, 2024 by Xynik

October 24, 2024 at 02:09AM The “Prometei” botnet, active since 2016, targets outdated software vulnerabilities globally, infecting over 10,000 computers. Its primary goal is cryptojacking, particularly of Monero cryptocurrency, while also enabling further malicious activities. Notably, it avoids Russian targets, reflecting a deliberate safeguarding of Russian-language accounts and systems. ### Meeting Takeaways on Prometei Botnet … Read more

Hackers exploit 52 zero-days on the first day of Pwn2Own Ireland

October 23, 2024 by Xynik

October 23, 2024 at 10:03AM On the first day of Pwn2Own Ireland, participants showcased 52 zero-day vulnerabilities, earning $486,250 in prizes. Viettel Cyber Security led with 13 points, while notable exploits included a $100,000 success by Summoning Team. The event featured various challenges, with three days remaining for competitors to exploit patched SOHO devices. ### … Read more

Critical Apache HugeGraph Vulnerability Under Attack – Patch ASAP

July 17, 2024 by Xynik

July 17, 2024 at 01:42AM Threat actors are exploiting a critical security flaw in Apache HugeGraph-Server, enabling remote code execution attacks (CVE-2024-27348, CVSS score: 9.8). Users are urged to upgrade to version 1.3.0 with Java11 and enable the Auth system to fix the issue. Exploitation attempts are in the wild, emphasizing the urgency of applying … Read more

Microsoft MSHTML Flaw Exploited to Deliver MerkSpy Spyware Tool

July 3, 2024 by Xynik

July 3, 2024 at 06:05AM Unknown threat actors exploited a patched Microsoft MSHTML security flaw to distribute the surveillance tool MerkSpy, targeting users in Canada, India, Poland, and the U.S. The attack used a Microsoft Word document to trigger the exploitation, enabling the download and execution of malicious payloads to collect sensitive information and establish … Read more

New Malware Targets Exposed Docker APIs for Cryptocurrency Mining

June 18, 2024 by Xynik

June 18, 2024 at 06:19AM Cybersecurity researchers have discovered a new malware campaign targeting exposed Docket API endpoints, deploying cryptocurrency miners and accessing more malicious programs via a remote access tool. The attack involves reconnaissance, privilege escalation, and exploitation of Docker servers. The campaign is linked to a previous activity dubbed Spinning YARN and features … Read more

Muhstik Botnet Exploiting Apache RocketMQ Flaw to Expand DDoS Attacks

June 6, 2024 by Xynik

June 6, 2024 at 10:24AM The Muhstik botnet, known for targeting IoT devices and Linux servers, has exploited a security flaw in Apache RocketMQ to expand its scale. It leverages vulnerabilities to execute remote code, persist on hosts, and evade detection, aiming to launch DDoS attacks and engage in cryptomining activities. Organizations are urged to … Read more

Decoding Water Sigbin’s Latest Obfuscation Tricks

May 30, 2024 by Xynik

May 30, 2024 at 01:10AM Summary: Water Sigbin, also known as the 8220 Gang, exploited Oracle WebLogic vulnerabilities to deploy a cryptocurrency miner via a PowerShell script. The group used obfuscation techniques to conceal its activities, including hexadecimal URL encoding and fileless execution. Organizations are advised to prioritize patch management, network segmentation, security audits, employee … Read more

Cloud-y Linux Malware Rains on Apache, Docker, Redis & Confluence

March 6, 2024 by Xynik

March 6, 2024 at 05:39PM Researchers have detected a cyber campaign targeting vulnerable cloud servers running Apache Hadoop, Atlassian Confluence, Docker, and Redis. The attackers deploy a cryptomining tool and a Linux-based reverse shell for potential future targeting. The campaign, known as Spinning YARN, exploits known vulnerabilities and misconfigurations, with tactics overlapping with threat groups … Read more