July 25, 2024 at 05:01PM Threat actors are exploiting ServiceNow flaws to breach government agencies, data centers, energy providers, and software firms in data theft attacks. Over 300,000 internet-exposed instances make it a popular target. Resecurity reports tens of thousands of systems remain vulnerable despite security updates released on July 10, 2024, urging users to … Read more
July 11, 2024 at 11:10AM The new threat actor, CRYSTALRAY, has expanded its operations, targeting over 1,500 victims with stolen credentials and cryptominers. Utilizing SSH-Snake and various open-source tools, CRYSTALRAY aims to collect and sell credentials, deploy cryptominers, and maintain persistence in victim environments. It exploits vulnerabilities in various software and targets Atlassian Confluence products. … Read more
July 9, 2024 at 10:03AM The cyberattack on Ivanti’s asset management software has prompted action from CISA and raises questions about exploit techniques, breach response, and downtime costs. Attackers bypassed authentication and gained unauthorized access, prompting CISA to intervene and take Ivanti’s systems offline. The incident emphasizes the importance of robust cybersecurity measures and proactive … Read more
May 21, 2024 at 07:09AM The number of new ransomware strains has significantly decreased in the past year, indicating that existing tools are successful and there is little need for innovation. Rapid7’s research found only 43 new ransomware families in 2023, a significant drop from 95 the previous year. Ransomware attacks typically start by exploiting … Read more
March 6, 2024 at 07:15AM Hackers are using new Golang-based malware to target misconfigured servers running Apache Hadoop YARN, Docker, Confluence, or Redis. The campaign exploits configuration weaknesses and an old vulnerability in Atlassian Confluence. Researchers at Cado Security identified the attack, which involves novel Golang payloads and common Linux attack techniques to install a … Read more
February 8, 2024 at 12:20PM Researchers suspect that the criminals behind the Raspberry Robin malware are now purchasing exploits to facilitate faster cyberattacks, prioritizing the speed of development to maximize their chances of successful attacks. The malware is known for its regular updates and has been recognized as a significant player in the world of … Read more
January 2, 2024 at 10:36AM Security Joes discovered a new DLL search order hijacking technique allowing adversaries to execute malicious code in Windows’ WinSxS folder. The technique abuses applications’ search order, leading to the loading of a malicious DLL before the legitimate library. Attackers can inject unauthorized code into trusted processes, effectively bypassing security tools. … Read more