May 14, 2024 at 08:30AM Cacti network monitoring framework has addressed a dozen security flaws, including critical vulnerabilities like arbitrary code execution via file write and command injection. These flaws impact all versions prior to 1.2.26 and have been fixed in version 1.2.27. Users are advised to update to the latest version promptly to mitigate … Read more
May 7, 2024 at 09:57AM The recent cyber attack on MITRE Corporation, disclosed last month, exploited two zero-day vulnerabilities to target its NERVE research network. The attackers utilized various web shells and backdoors to gain access and maintain control, including deploying a Golang backdoor and conducting data exfiltration. The attack, attributed to a China-nexus cyber … Read more
April 18, 2024 at 11:03AM Summary: Ukrainian government networks have been infected with OfflRouter malware since 2015, spreading through infected documents and USB media. The malware targets .DOC files and can modify Windows Registry. Its unusual propagation mechanism and coding mistakes indicate an inventive but inexperienced creator. The malware has been relatively contained within Ukraine. … Read more
April 7, 2024 at 05:37PM Windows 11 24H2 introduces Copilot improvements allowing control of settings directly through the AI window, and integration of Power Automate for file management. Voice Clarity feature extends to all PCs, and Sudo for Windows enables elevated command execution. Additionally, Microsoft Teams app undergoes a major revamp to support cross-platform usage, … Read more
April 2, 2024 at 11:43AM Russia’s Prosecutor General’s Office has indicted six men for card skimming crimes, involving using malware to steal payment card information from foreign online stores. The suspects are accused of bypassing website security, accessing databases, and selling the stolen card details on the dark web. Authorities advise using digital payment methods … Read more
February 29, 2024 at 07:09AM Threat hunters discovered a new Linux malware, GTPDOOR, designed for telecom networks near GPRS roaming exchanges. It uses GPRS Tunnelling Protocol for command-and-control communication. The backdoor is linked to known threat actor LightBasin targeting telecom sector for subscriber information theft. GTPDOOR allows contact with a compromised host and executing commands. … Read more
February 14, 2024 at 07:15AM Infamous malware loader Bumblebee resurfaces in a new phishing campaign targeting organizations in the U.S. Proofpoint warned about voicemail-themed lures leading to Word files with VBA macros launching PowerShell commands to execute Bumblebee. The attack chain relies on macro-enabled documents, coinciding with reappearance of new variants of QakBot, ZLoader, and … Read more
February 13, 2024 at 02:15AM Threat actors are exploiting a security flaw in Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy a backdoor called DSLog. The flaw (CVE-2024-21893) allows access to restricted resources without authentication. Orange Cyberdefense observed attacks targeting an unnamed customer and recommends factory resetting Ivanti devices to prevent continued exploitation. … Read more
December 21, 2023 at 05:15AM German law enforcement has shut down the dark web platform Kingdom Market, which sold narcotics and malware to tens of thousands of users. The operation involved authorities from the U.S., Switzerland, Moldova, and Ukraine. The site operated since March 2021, selling over 42,000 products. A person connected to the site … Read more
November 17, 2023 at 01:35PM ALPHV/BlackCat ransomware gang has changed their tactics by filing a complaint with the SEC against their victim, MeridianLink, for not disclosing a breach within the required timeframe. This is an attempt to pressure MeridianLink to pay the ransom sooner. Businesses should consider having an incident response plan, deciding on paying … Read more