Fruity Trojan Uses Deceptive Software Installers to Spread Remcos RAT
Threat actors are creating fake websites hosting trojanized software installers to trick unsuspecting users into downloading a downloader malware called Fruity with the goal of installing remote trojans tools like Remcos RAT. "Among the software in question are various instruments for fine-tuning.....
6.5AI Score
8.8CVSS
8.8AI Score
0.001EPSS
8.8CVSS
8.8AI Score
0.001EPSS
8.8CVSS
8.8AI Score
0.001EPSS
Critical Zero-Days in Atera Windows Installers Expose Users to Privilege Escalation Attacks
Zero-day vulnerabilities in Windows Installers for the Atera remote monitoring and management software could act as a springboard to launch privilege escalation attacks. The flaws, discovered by Mandiant on February 28, 2023, have been assigned the identifiers CVE-2023-26077 and CVE-2023-26078,...
9.8CVSS
8AI Score
0.902EPSS
An out-of-bounds write vulnerability on windows operating systems causes the Ivanti AntiVirus Product to crash. Update to Ivanti AV Product version 7.9.1.285 or...
7.5CVSS
8AI Score
0.001EPSS
An out-of-bounds write vulnerability on windows operating systems causes the Ivanti AntiVirus Product to crash. Update to Ivanti AV Product version 7.9.1.285 or...
7.5CVSS
8.2AI Score
0.001EPSS
An out-of-bounds write vulnerability on windows operating systems causes the Ivanti AntiVirus Product to crash. Update to Ivanti AV Product version 7.9.1.285 or...
8.1CVSS
7.7AI Score
0.001EPSS
An out-of-bounds write vulnerability on windows operating systems causes the Ivanti AntiVirus Product to crash. Update to Ivanti AV Product version 7.9.1.285 or...
8.1CVSS
8AI Score
0.001EPSS
HotRat: New Variant of AsyncRAT Malware Spreading Through Pirated Software
A new variant of AsyncRAT malware dubbed HotRat is being distributed via free, pirated versions of popular software and utilities such as video games, image and sound editing software, and Microsoft Office. "HotRat malware equips attackers with a wide array of capabilities, such as stealing login.....
6.7AI Score
Part 2: An In-Depth Look at the Latest Vulnerability Threat Landscape (Attackers’ Edition)
The previous blog from this three-part series showcased an overview of the vulnerability threat landscape. To summarize quickly, it illustrated the popular methods of exploiting vulnerabilities and the tactical techniques employed by threat actors, malware, and ransomware groups. Perhaps more...
10CVSS
9.3AI Score
0.976EPSS
VirusTotal Data Leak Exposes Some Registered Customers' Details
Data associated with a subset of registered customers of VirusTotal, including their names and email addresses, were exposed after an employee inadvertently uploaded the information to the malware scanning platform. The security incident, which comprises a database of 5,600 names in a 313KB file,.....
6.3AI Score
Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft
Microsoft explains that “a remote code execution vulnerability...
7.8CVSS
8.3AI Score
0.961EPSS
Malicious campaigns target government, military and civilian entities in Ukraine, Poland
Cisco Talos has discovered a threat actor conducting several campaigns against government entities, military organizations and civilian users in Ukraine and Poland. We judge that these operations are very likely aimed at stealing information and gaining persistent remote access. The activity we...
7.3AI Score
Security Updates for Windows Defender (July 2023)
The Malware Protection Engine version of Microsoft Windows Defender installed on the remote Windows host is prior to 1.1.23050.3. It is, therefore, affected by an elevation of privilege vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's...
7CVSS
7AI Score
0.0005EPSS
Chinese Hackers Deploy Microsoft-Signed Rootkit to Target Gaming Sector
Cybersecurity researchers have unearthed a novel rootkit signed by Microsoft that's engineered to communicate with an actor-controlled attack infrastructure. Trend Micro has attributed the activity cluster to the same actor that was previously identified as behind the FiveSys rootkit, which came...
6.8AI Score
Apple & Microsoft Patch Tuesday, July 2023 Edition
Microsoft Corp. today released software updates to quash 130 security bugs in its Windows operating systems and related software, including at least five flaws that are already seeing active exploitation. Meanwhile, Apple customers have their own zero-day woes again this month: On Monday, Apple...
8.8CVSS
7.9AI Score
0.115EPSS
Storm-0978 attacks reveal financial and espionage motives
Microsoft has identified a phishing campaign conducted by the threat actor tracked as Storm-0978 targeting defense and government entities in Europe and North America. The campaign involved the abuse of CVE-2023-36884, which included a remote code execution vulnerability exploited before...
8AI Score
0.115EPSS
Storm-0978 attacks reveal financial and espionage motives
Microsoft has identified a phishing campaign conducted by the threat actor tracked as Storm-0978 targeting defense and government entities in Europe and North America. The campaign involved the abuse of CVE-2023-36884, which included a remote code execution vulnerability exploited before...
8.8CVSS
8AI Score
0.115EPSS
Buffer Overflow vulnerability in Avast AntiVirus before v.19.7 allows a local attacker to cause a denial of service via a crafted request to the aswSnx.sys...
5.5CVSS
5.3AI Score
0.0004EPSS
Buffer Overflow vulnerability in Avast AntiVirus before v.19.7 allows a local attacker to cause a denial of service via a crafted request to the aswSnx.sys...
5.5CVSS
5.3AI Score
0.0004EPSS
Buffer Overflow vulnerability in Avast AntiVirus before v.19.7 allows a local attacker to cause a denial of service via a crafted request to the aswSnx.sys...
5.5CVSS
5.3AI Score
0.0004EPSS
Buffer Overflow vulnerability in Avast AntiVirus before v.19.7 allows a local attacker to cause a denial of service via a crafted request to the aswSnx.sys...
5.3AI Score
0.0004EPSS
Exploit for Cleartext Storage of Sensitive Information in Mremoteng
mRemoteNG <= v1.77.3.1784-NB Password Dumper...
7.5CVSS
8AI Score
0.003EPSS
BlackByte 2.0 Ransomware: Infiltrate, Encrypt, and Extort in Just 5 Days
Ransomware attacks are a major problem for organizations everywhere, and the severity of this problem continues to intensify. Recently, Microsoft's Incident Response team investigated the BlackByte 2.0 ransomware attacks and exposed these cyber strikes' terrifying velocity and damaging nature. The....
7.1AI Score
The five-day job: A BlackByte ransomware intrusion case study
As ransomware attacks continue to grow in number and sophistication, threat actors can quickly impact business operations if organizations are not well prepared. In a recent investigation by Microsoft Incident Response (previously known as Microsoft Detection and Response Team – DART) of an...
9.8CVSS
8.1AI Score
EPSS
Microsoft security researchers tracked a 130.4 percent increase in organizations that have encountered ransomware over the last year. Endpoints are an important attack vector and ensuring that organizations have modern endpoint security as part of a broader extended detection and response...
6.7AI Score
Increased Truebot Activity Infects U.S. and Canada Based Networks
SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS) are releasing this joint Cybersecurity Advisory (CSA) in response to.....
9.8CVSS
10AI Score
0.969EPSS
Mitsubishi Electric FA Engineering Software (Update B)
EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: GX Works3, MX OPC UA Module Configurator-R Vulnerabilities: Cleartext Storage of Sensitive Information, Use of Hard-coded Password, Insufficiently Protected Credentials,...
9.1CVSS
8.4AI Score
0.01EPSS
BlackCat Operators Distributing Ransomware Disguised as WinSCP via Malvertising
Threat actors associated with the BlackCat ransomware have been observed employing malvertising tricks to distribute rogue installers of the WinSCP file transfer application. "Malicious actors used malvertising to distribute a piece of malware via cloned webpages of legitimate organizations,"...
7.3AI Score
"Free" Evil Dead Rise movie scam lurks in Amazon listings
Scammers are using a novel technique with Amazon listings to trick fans of Evil Dead into downloads they may not want, and expensive rolling payments they have no interest in. Evil Dead Rise, the breakout horror film of 2023, started with big cinema numbers and has moved on to a victory lap in...
6.9AI Score
Spyware app LetMeSpy hacked, tracked user data posted online
Stalkerware-type app LetMeSpy says it has been hacked, with the attacker taking user data with it. From the message posted to the login screen on the LetMeSpy website: On June 21, 2023, a security incident occurred involving obtaining unauthorized access to the data of website users. As a result...
7.2AI Score
Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series Use of Hard-Coded Credentials (CVE-2023-2061)
Use of Hard-coded Password vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to obtain a hard-coded password and access to the module via...
7.5CVSS
7.8AI Score
0.003EPSS
Unrestricted Upload of File with Dangerous Type vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to cause information disclosure,...
7.3CVSS
7.2AI Score
0.001EPSS
Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series Missing Password Field Masking (CVE-2023-2062)
Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series...
6.2CVSS
6.9AI Score
0.001EPSS
Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series Weak Password Requirements (CVE-2023-2060)
Weak Password Requirements vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to access to the module via FTP by dictionary attack or...
7.5CVSS
7.7AI Score
0.003EPSS
How Talos IR’s Purple Team can help you prepare for the worst-case scenario
Purple Team exercises are included within the Cisco Talos Incident Response Retainer service and our experts can help your organization find security holes before the bad guys can. As your trusted advisor, our purple team, which is a combination of both red and blue teams, emulates one joint...
7.1AI Score
Rockwell Automation CompactLogix 5370 (Update A)
EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: CompactLogix 5370 Vulnerabilities: Uncontrolled Resource Consumption, Stack-based Buffer Overflow 2. UPDATE OR REPOSTED INFORMATION This updated advisory is a...
9.8CVSS
9.4AI Score
0.012EPSS
Top contenders in Endpoint Security revealed: G2 Summer 2023 results
Navigating the world of endpoint security is challenging, with numerous vendors stoking "Fear, Uncertainty, and Doubt" (FUD) and making bold claims that are difficult to verify. In times like these, the honest opinions of real users are invaluable for busy IT teams. Enter G2, an industry-leading...
7AI Score
How automation is evolving SecOps—and the real cost of cybercrime
This post is coauthored by Rob May, Founder and Managing Director, ramsac The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats. In the latest post of our Community Voices blog series, Microsoft Security__ Senior...
6.9AI Score
How automation is evolving SecOps—and the real cost of cybercrime
This post is coauthored by Rob May, Founder and Managing Director, ramsac The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats. In the latest post of our Community Voices blog series, Microsoft Security__ Senior...
6.9AI Score
What is Black Basta ransomware? Black Basta is a threat group that provides ransomware-as-a-service (RaaS). The service is maintained by dedicated developers and is a highly efficient and professionally run operation; there's a TOR website that provides a victim login portal, a chat room, and a...
8.8CVSS
10.2AI Score
0.967EPSS
How cybercrime is impacting SMBs in 2023
According to the United Nations, small and medium-sized businesses (SMBs) constitute 90 percent of all companies and contribute 60 to 70 percent of all jobs in the world. They generate 50 percent of global gross domestic product and form the backbone of most countries' economies. Hit hardest by...
7.5AI Score
Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is...
7.8CVSS
7.6AI Score
0.001EPSS
Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is...
7.8CVSS
7.6AI Score
0.001EPSS
Japanese Cryptocurrency Exchange Falls Victim to JokerSpy macOS Backdoor Attack
An unknown cryptocurrency exchange located in Japan was the target of a new attack earlier this month to deploy an Apple macOS backdoor called JokerSpy. Elastic Security Labs, which is monitoring the intrusion set under the name REF9134, said the attack led to the installation of Swiftbelt, a...
7.9AI Score
Threat Roundup for June 16 to June 23
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 16 and June 23. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,....
6.8AI Score
MULTI#STORM Campaign Targets India and U.S. with Remote Access Trojans
A new phishing campaign codenamed MULTI#STORM has set its sights on India and the U.S. by leveraging JavaScript files to deliver remote access trojans on compromised systems. "The attack chain ends with the victim machine infected with multiple unique RAT (remote access trojan) malware instances,.....
7.6AI Score
IoT devices and Linux-based systems targeted by OpenSSH trojan campaign
Cryptojacking, the illicit use of computing resources to mine cryptocurrency, has become increasingly prevalent in recent years, with attackers building a cybercriminal economy around attack tools, infrastructure, and services to generate revenue from targeting a wide range of vulnerable systems,.....
7.2AI Score
IoT devices and Linux-based systems targeted by OpenSSH trojan campaign
Cryptojacking, the illicit use of computing resources to mine cryptocurrency, has become increasingly prevalent in recent years, with attackers building a cybercriminal economy around attack tools, infrastructure, and services to generate revenue from targeting a wide range of vulnerable systems,.....
7.2AI Score