New Analysis Reveals Raspberry Robin Can be Repurposed by Other Threat Actors
A new analysis of Raspberry Robin's attack infrastructure has revealed that it's possible for other threat actors to repurpose the infections for their own malicious activities, making it an even more potent threat. Raspberry Robin (aka QNAP worm), attributed to a threat actor dubbed DEV-0856, is.....
-0.2AI Score
Increasing trust, commitment, and predictability during a remote incident response
Authors: Gergana Karadzhova, Joe Schumacher, Pawel Bosek In this blog post, Cisco Talos Incident Response (Talos IR) presents some of the key benefits of remote IR support and offers a list of recommendations for working on a remote incident. Some organizations see added value in having incident...
-0.2AI Score
Android 13 introduces many enhancements in order to harden...
7.7AI Score
Deploy Windows Malicious Software Removal Tool in an enterprise environment (KB891716)
Deploy Windows Malicious Software Removal Tool in an enterprise environment (KB891716) The Windows Malicious Software Removal Tool (MSRT) is intended for use with the operating systems that are listed in the "Applies to" section. Operating systems that are not included in the list were not tested.....
7.8CVSS
6.9AI Score
0.0004EPSS
According to a prominent Soviet science fiction writer, beauty is a fine line, a razor's edge between two opposites locked in a never-ending battle. Today, we would put it less poetically as an ideal compromise between contradictions. An elegant, or beautiful, design is one that allows reaching...
-0.1AI Score
Unraveling the techniques of Mac ransomware
Ransomware continues to be one of the most prevalent and impactful threats affecting organizations, with attackers constantly evolving their techniques and expanding their tradecraft to cast a wider net of potential targets. This is evident in the range of industries, systems, and platforms...
AI Score
Unraveling the techniques of Mac ransomware
Ransomware continues to be one of the most prevalent and impactful threats affecting organizations, with attackers constantly evolving their techniques and expanding their tradecraft to cast a wider net of potential targets. This is evident in the range of industries, systems, and platforms...
AI Score
Decarbonizing Cryptocurrencies through Taxation
Maintaining bitcoin and other cryptocurrencies causes about 0.3 percent of global CO2 emissions. That may not sound like a lot, but it's more than the emissions of Switzerland, Croatia, and Norway combined. As many cryptocurrencies crash and the FTX bankruptcy moves into the litigation stage,...
-0.5AI Score
BitRAT Now Sharing Sensitive Bank Data as a Lure
Introduction In June of 2022 Qualys Threat Research Unit (TRU) wrote an in-depth report on Redline, a commercial off the shelf infostealer that spreads via fake cracked software hosted on Discord’s content delivery network. Since then, we have continued to track similar threats to identify their...
0.6AI Score
Summary The following security issues has been identified in the WebSphere Application Server included as part of IBM Tivoli Monitoring (ITM) portal server. Vulnerability Details ** CVEID: CVE-2021-45105 DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to...
10CVSS
0.8AI Score
0.976EPSS
GuLoader Malware Utilizing New Techniques to Evade Security Software
Cybersecurity researchers have exposed a wide variety of techniques adopted by an advanced malware downloader called GuLoader to evade security software. "New shellcode anti-analysis technique attempts to thwart researchers and hostile environments by scanning entire process memory for any virtual....
1.8AI Score
Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or length of a media file. This vulnerability affects Firefox ESR < 102.5,...
6.5CVSS
7AI Score
0.001EPSS
Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or length of a media file. This vulnerability affects Firefox ESR < 102.5,...
6.5CVSS
0.001EPSS
Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or length of a media file. This vulnerability affects Firefox ESR < 102.5,...
6.5CVSS
6.7AI Score
0.001EPSS
FIN7 Cybercrime Syndicate Emerges as a Major Player in Ransomware Landscape
An exhaustive analysis of FIN7 has unmasked the cybercrime syndicate's organizational hierarchy, alongside unraveling its role as an affiliate for mounting ransomware attacks. It has also exposed deeper associations between the group and the larger threat ecosystem comprising the now-defunct...
8.8CVSS
1AI Score
0.973EPSS
Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or length of a media file. This vulnerability affects Firefox ESR < 102.5,...
7.2AI Score
0.001EPSS
KmsdBot Botnet Suspected of Being Used as DDoS-for-Hire Service
An ongoing analysis of the KmsdBot botnet has raised the possibility that it's a DDoS-for-hire service offered to other threat actors. This is based on the different industries and geographies that were attacked, web infrastructure company Akamai said. Among the notable targets included FiveM and.....
1AI Score
Summary Synthetic Playback Agent 8.1.4.0-8.1.4 IF17 has addressed the following vulnerabilities: CVE-2022-45408, CVE-2022-45412, CVE-2022-45418, CVE-2022-45410, CVE-2022-45404, CVE-2022-45406, CVE-2022-45405, CVE-2022-45421, CVE-2022-45403, CVE-2022-45411, CVE-2022-45409, CVE-2022-45416...
9.8CVSS
1.1AI Score
0.002EPSS
Facebook Cracks Down on Spyware Vendors from U.S., China, Russia, Israel, and India
Meta Platforms disclosed that it took down no less than 200 covert influence operations since 2017 spanning roughly 70 countries across 42 languages. The social media conglomerate also took steps to disable accounts and block infrastructure operated by spyware vendors, including in China, Russia,.....
AI Score
Virtual kidnapping scam strikes again. Spot the signs
Warnings abound of a major new piece of fraud doing the rounds which uses your relative's voice as part of a blackmail scam. What happens is the victim receives a call from said relative's number, and they're cut off by blackmailers who have them held hostage. The only way to get them back safely.....
0.3AI Score
The version of VMware vCenter Server installed on the remote host is affected by multiple vulnerabilities, as follows: An information disclosure vulnerability due to plaintext logging of credentials. (CVE-2022-31697) A denial of service (DoS) vulnerability in the content library service....
5.5CVSS
6AI Score
0.001EPSS
CISA Consolidates Twitter Accounts
CISA has consolidated its social media presence on Twitter. Three accounts — @ICSCERT, @Cyber, and @CISAInfraSec — are no longer active. Additionally, the @USCERT_gov Twitter account is now renamed @CISACyber. The following current active Twitter accounts will include posts on content previously...
1.5AI Score
Iranian hacking group uses compromised email accounts to distribute MSP remote access tool
Researchers have uncovered a new campaign by hacking group MuddyWater, aka Static Kitten, in which a legitimate remote access tool is sent to targets from a compromised email account. The targets in this campaign are reportedly in Armenia, Azerbaijan, Egypt, Iraq, Israel, Jordan, Oman, Qatar,...
0.4AI Score
Overview Modern databases, such as PostgreSQL, natively support JSON as data values that can be queried. This capability uses JSON-specific operators, including an operator to test for key presence. Imperva Threat Research has investigated these database native JSON operators and discovered...
0.2AI Score
New TrueBot Malware Variant Leveraging Netwrix Auditor Bug and Raspberry Robin Worm
Cybersecurity researchers have reported an increase in TrueBot infections, primarily targeting Mexico, Brazil, Pakistan, and the U.S. Cisco Talos said the attackers behind the operation have moved from using malicious emails to alternative delivery methods such as the exploitation of a now-patched....
9.8CVSS
1AI Score
0.474EPSS
What Stricter Data Privacy Laws Mean for Your Cybersecurity Policies
For today's businesses data privacy is already a big headache, and with modern privacy laws expanding to more of the world's population, regulatory compliance is on track to become a more complicated, high-stakes process touching on every aspect of an organization. In fact, Gartner predicts that...
1.4AI Score
Researchers Uncover Darknet Service Allowing Hackers to Trojanize Legit Android Apps
Researchers have shed light on a new hybrid malware campaign targeting both Android and Windows operating systems in a bid to expand its pool of victims. The attacks entail the use of different malware such as ERMAC, Erbium, Aurora, and Laplas, according to a ThreatFabric report shared with The...
0.8AI Score
Exploiting CVE-2022-42703 - Bringing back the stack attack
Seth Jenkins, Project Zero This blog post details an exploit for CVE-2022-42703 (P0 issue 2351 - Fixed 5 September 2022), a bug Jann Horn found in the Linux kernel's memory management (MM) subsystem that leads to a use-after-free on struct anon_vma. As the bug is very complex (I certainly struggle....
5.5CVSS
7.9AI Score
0.0004EPSS
DEV-0139 launches targeted attacks against the cryptocurrency industry
Over the past several years, the cryptocurrency market has considerably expanded, gaining the interest of investors and threat actors. Cryptocurrency itself has been used by cybercriminals for their operations, notably for ransom payment in ransomware attacks, but we have also observed threat...
-0.5AI Score
DEV-0139 launches targeted attacks against the cryptocurrency industry
Over the past several years, the cryptocurrency market has considerably expanded, gaining the interest of investors and threat actors. Cryptocurrency itself has been used by cybercriminals for their operations, notably for ransom payment in ransomware attacks, but we have also observed threat...
-0.5AI Score
Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems
The maintainers of the FreeBSD operating system have released updates to remediate a security vulnerability impacting the ping module that could be potentially exploited to crash the program or trigger remote code execution. The issue, assigned the identifier CVE-2022-23093, impacts all supported.....
7.8CVSS
1.1AI Score
0.0005EPSS
Indicators of compromise (IOCs): how we collect and use them
It would hardly be an exaggeration to say that the phrase "indicators of compromise" (or IOCs) can be found in every report published on the Securelist. Usually after the phrase there are MD5 hashes[1], IP addresses and other technical data that should help information security specialists to...
-0.6AI Score
SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2022:4247-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4247-1 advisory. Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for...
9.8CVSS
9.3AI Score
0.002EPSS
FreeBSD -- Stack overflow in ping(8)
Problem Description: ping reads raw IP packets from the network to process responses in the pr_pack() function. As part of processing a response ping has to reconstruct the IP header, the ICMP header and if present a "quoted packet," which represents the packet that generated an ICMP...
7.6AI Score
0.0004EPSS
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-22:15.ping Security Advisory The FreeBSD Project Topic: Stack overflow in ping(8) Category: core Module: ping Announced: 2022-11-29 Credits: NetApp, Inc....
AI Score
0.0004EPSS
The /device/signin end-point for the Ourphoto App version 1.4.1 discloses clear-text password information for functionality within the picture frame devices. The deviceVideoCallPassword and mqttPassword are returned in clear-text. The lack of sessions management and presence of insecure direct...
7.5CVSS
7.5AI Score
0.002EPSS
The /device/signin end-point for the Ourphoto App version 1.4.1 discloses clear-text password information for functionality within the picture frame devices. The deviceVideoCallPassword and mqttPassword are returned in clear-text. The lack of sessions management and presence of insecure direct...
7.5CVSS
7.6AI Score
0.002EPSS
U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer
A recent scoop by Reuters revealed that mobile apps for the U.S. Army and the Centers for Disease Control and Prevention (CDC) were integrating software that sends visitor data to a Russian company called Pushwoosh, which claims to be based in the United States. But that story omitted an important....
-0.3AI Score
The /device/signin end-point for the Ourphoto App version 1.4.1 discloses clear-text password information for functionality within the picture frame devices. The deviceVideoCallPassword and mqttPassword are returned in clear-text. The lack of sessions management and presence of insecure direct...
7.8AI Score
0.002EPSS