Blind Eagle Hackers Return with Refined Tools and Sophisticated Infection Chain
A financially motivated threat actor tracked as Blind Eagle has resurfaced with a refined toolset and an elaborate infection chain as part of its attacks targeting organizations in Colombia and Ecuador. Check Point's latest research offers new insights into the Spanish-speaking group's tactics and....
0.2AI Score
Bluebottle Cybercrime Group Preys on Financial Sector in French-Speaking African Nations
A cybercrime group dubbed Bluebottle has been linked to a set of targeted attacks against the financial sector in Francophone countries located in Africa from at least July 2022 to September 2022. "The group makes extensive use of living-off-the-land, dual use tools, and commodity malware, with no....
1.1AI Score
Researchers Warn of Kavach 2FA Phishing Attacks Targeting Indian Govt. Officials
A new targeted phishing campaign has zoomed in on a two-factor authentication solution called Kavach that's used by Indian government officials. Cybersecurity firm Securonix dubbed the activity STEPPY#KAVACH, attributing it to a threat actor known as SideCopy based on tactical overlaps with prior.....
0.5AI Score
Squirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications. Installers generated by Squirrel.Windows 2.0.1 and earlier contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries......
7.8CVSS
0.001EPSS
Squirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications. Installers generated by Squirrel.Windows 2.0.1 and earlier contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries......
7.8CVSS
7.8AI Score
0.001EPSS
Squirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications. Installers generated by Squirrel.Windows 2.0.1 and earlier contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries......
7.8CVSS
7.4AI Score
0.001EPSS
Squirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications. Installers generated by Squirrel.Windows 2.0.1 and earlier contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries......
7.8CVSS
7.8AI Score
0.001EPSS
JVN#29902403: Installers generated by Squirrel.Windows may insecurely load Dynamic Link Libraries
Squirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications. Installers generated by Squirrel.Windows contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). ##...
7.8CVSS
4.3AI Score
0.001EPSS
Squirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications. Installers generated by Squirrel.Windows 2.0.1 and earlier contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries......
8.1AI Score
0.001EPSS
Hack-for-Hire Group Targets Travel and Financial Entities with New Janicab Malware Variant
Travel agencies have emerged as the target of a hack-for-hire group dubbed Evilnum as part of a broader campaign aimed at legal and financial investment institutions in the Middle East and Europe. The attacks, which took place during 2020 and 2021 and likely went as far back as 2015, involved a...
1.2AI Score
DeathStalker targets legal entities with new Janicab variant
Just to clarify, the above subheading isn't a normal quote, but a message that Janicab malware attempted to decode in its newest use of YouTube dead-drop resolvers (DDRs). While hunting for less common Deathstalker intrusions that use the Janicab malware family, we identified a new Janicab variant....
0.1AI Score
Do more with Azure Spring Apps – scale to zero and enhance productivity
In 2020, Spotify coined the term "Golden Path” to refer to a supported approach and set of components to build and deploy software. Having these paths simplifies the development process, lets developers focus on their applications instead of infrastructure and speeds time to production. Microsoft.....
0.2AI Score
Chinese Hackers Using Russo-Ukrainian War Decoys to Target APAC and European Entities
The China-linked nation-state hacking group referred to as Mustang Panda is using lures related to the ongoing Russo-Ukrainian War to attack entities in Europe and the Asia Pacific. That's according to the BlackBerry Research and Intelligence Team, which analyzed a RAR archive file titled...
0.5AI Score
Cuba Ransomware Extorted Over $60 Million in Ransom Fees from More than 100 Entities
The threat actors behind Cuba (aka COLDDRAW) ransomware have received more than $60 million in ransom payments and compromised over 100 entities across the world as of August 2022. In a new advisory shared by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau...
10CVSS
1.1AI Score
0.467EPSS
Google Accuses Spanish Spyware Vendor of Exploiting Chrome, Firefox, & Windows Zero-Days
A Barcelona-based surveillanceware vendor named Variston IT is said to have surreptitiously planted spyware on targeted devices by exploiting several zero-day flaws in Google Chrome, Mozilla Firefox, and Windows, some of which date back to December 2018. "Their Heliconia framework exploits n-day...
7.8CVSS
0.6AI Score
0.01EPSS
The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its...
5.3CVSS
5.2AI Score
0.001EPSS
34 Russian Cybercrime Groups Stole Over 50 Million Passwords with Stealer Malware
As many as 34 Russian-speaking gangs distributing information-stealing malware under the stealer-as-a-service model stole no fewer than 50 million passwords in the first seven months of 2022. "The underground market value of stolen logs and compromised card details is estimated around $5.8...
1.1AI Score
Nighthawk Likely to Become Hackers' New Post-Exploitation Tool After Cobalt Strike
A nascent and legitimate penetration testing framework known as Nighthawk is likely to gain threat actors' attention for its Cobalt Strike-like capabilities. Enterprise security firm Proofpoint said it detected the use of the software in mid-September 2022 by a red team with a number of test...
0.2AI Score
7.5CVSS
1.4AI Score
0.002EPSS
Oracle Linux 8 : ol8addon (ELSA-2022-24267)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-24267 advisory. Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack...
7.5CVSS
7.6AI Score
0.002EPSS
Researchers Warn of Cyber Criminals Using Go-based Aurora Stealer Malware
A nascent Go-based malware known as Aurora Stealer is being increasingly deployed as part of campaigns designed to steal sensitive information from compromised hosts. "These infection chains leveraged phishing pages impersonating download pages of legitimate software, including cryptocurrency...
1.1AI Score
IT threat evolution in Q3 2022. Non-mobile statistics
IT threat evolution in Q3 2022 IT threat evolution in Q3 2022. Non-mobile statistics IT threat evolution in Q3 2022. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly...
10CVSS
0.8AI Score
0.976EPSS
IT threat evolution in Q3 2022 IT threat evolution in Q3 2022. Non-mobile statistics IT threat evolution in Q3 2022. Mobile statistics Targeted attacks CosmicStrand: discovery of a sophisticated UEFI rootkit In July, we reported a rootkit that we found in modified Unified Extensible Firmware...
7.8CVSS
0.1AI Score
0.974EPSS
AlmaLinux 9 : go-toolset and golang (ALSA-2022:5799)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:5799 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version...
7.5CVSS
7.8AI Score
0.002EPSS
DTrack activity targeting Europe and Latin America
Introduction DTrack is a backdoor used by the Lazarus group. Initially discovered in 2019, the backdoor remains in use three years later. It is used by the Lazarus group against a wide variety of targets. For example, we've seen it being used in financial environments where ATMs were breached, in.....
-0.1AI Score
go-toolset bug fix and enhancement update
An update is available for delve. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9.1...
2.1AI Score
gcc-toolset-12-annobin bug fix and enhancement update
An update is available for gcc-toolset-12-annobin. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the.....
2AI Score
gcc-toolset-12-binutils bug fix and enhancement update
An update is available for gcc-toolset-12-binutils. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the....
2AI Score
gcc-toolset-12-gdb bug fix and enhancement update
An update is available for gcc-toolset-12-gdb. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the...
2AI Score
gcc-toolset-12-dwz bug fix and enhancement update
An update is available for gcc-toolset-12-dwz. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the...
2AI Score
gcc-toolset-12 bug fix and enhancement update
An update is available for gcc-toolset-12. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...
2AI Score
rust bug fix and enhancement update
An update is available for rust. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9.1...
1.9AI Score
llvm-toolset bug fix and enhancement update
An update is available for compiler-rt, lldb, lld, llvm, llvm-toolset, libomp, python-lit. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed...
2AI Score
New "Earth Longzhi" APT Targets Ukraine and Asian Countries with Custom Cobalt Strike Loaders
Entities located in East and Southeast Asia as well as Ukraine have been targeted at least since 2020 by a previously undocumented subgroup of APT41, a prolific Chinese advanced persistent threat (APT). Cybersecurity firm Trend Micro, which christened the espionage crew Earth Longzhi, said the...
7.8CVSS
0.1AI Score
0.001EPSS
Advanced threat predictions for 2023
It is fair to say that since last year's predictions, the world has dramatically changed. While the geopolitical landscape has durably shifted, cyberattacks remain a constant threat and show no signs of receding – quite the contrary. No matter where they are, people around the world should be...
9.8CVSS
-0.2AI Score
0.955EPSS
Worok Hackers Abuse Dropbox API to Exfiltrate Data via Backdoor Hidden in Images
A recently discovered cyber espionage group dubbed Worok has been found hiding malware in seemingly innocuous image files, corroborating a crucial link in the threat actor's infection chain. Czech cybersecurity firm Avast said the purpose of the PNG files is to conceal a payload that's used to...
1.5AI Score
Experts Uncover Two Long-Running Android Spyware Campaigns Targeting Uyghurs
Two long-running surveillance campaigns have been found targeting the Uyghur community in China and elsewhere with Android spyware tools designed to harvest sensitive information and track their whereabouts. This encompasses a previously undocumented malware strain called BadBazaar and updated...
0.1AI Score
Fedora: Security Advisory for golang-github-distribution-3 (FEDORA-2022-741325e9a0)
The remote host is missing an update for...
9.1CVSS
8.9AI Score
0.005EPSS
[SECURITY] Fedora 37 Update: golang-github-distribution-3-3.0.0-0.1.pre1.20221009git0122d7d.fc37
The Docker toolset to pack, ship, store, and deliver content. This repository's main product is the Docker Registry 2.0 implementation for storing and distributing Docker images. It supersedes the docker/docker-regis try project with a new API design, focused around security and...
9.1CVSS
8.9AI Score
0.005EPSS
gcc-toolset-12-binutils bug fix and enhancement update
An update is available for gcc-toolset-12-binutils. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the....
2AI Score
gcc-toolset-12-annobin bug fix and enhancement update
An update is available for gcc-toolset-12-annobin. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the.....
2AI Score
gcc-toolset-12-gcc bug fix and enhancement update
An update is available for gcc-toolset-12-gcc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the...
2AI Score
gcc-toolset-12-dwz bug fix and enhancement update
An update is available for gcc-toolset-12-dwz. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the...
2AI Score
gcc-toolset-12-gdb bug fix and enhancement update
An update is available for gcc-toolset-12-gdb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the...
2AI Score
gcc-toolset-12 bug fix and enhancement update
An update is available for gcc-toolset-12. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...
2AI Score
rust-toolset:rhel8 bug fix and enhancement update
An update is available for rust. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 8.7...
2AI Score
llvm-toolset:rhel8 bug fix and enhancement update
An update is available for compiler-rt, lldb, lld, llvm, llvm-toolset, clang, libomp, python-lit. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed...
2.1AI Score
go-toolset:rhel8 bug fix and enhancement update
An update is available for delve, golang, go-toolset. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see...
2.1AI Score
Oracle Linux 8 : ol8addon (ELSA-2022-23681)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-23681 advisory. Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request...
7.5CVSS
7.6AI Score
0.002EPSS
golang [1.17.13-1.0.1] - Update tarball to 1.17.12 - Add patches between Go 1.17.12 and Go 1.17.13 - Reviewed-by: David Faust [1.17.12-1] - Update Go to version 1.17.12 - Resolves: rhbz#2109182 go-toolset [1.17.13-1] - Set version to correspond to the matching build golang...
7.5CVSS
2.5AI Score
0.002EPSS