Alert: Active Exploitation of TP-Link, Apache, and Oracle Vulnerabilities Detected

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added three flaws to the Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The security vulnerabilities are as follows - CVE-2023-1389 CVSS score: 8.8 - TP-Link Archer AX-21 Command Injection...

RTM Locker: Emerging Cybercrime Group Targeting Businesses with Ransomware

Cybersecurity researchers have detailed the tactics of a "rising" cybercriminal gang called "Read The Manual" RTM Locker that functions as a private ransomware-as-a-service RaaS provider and carries out opportunistic attacks to generate illicit profit. "The 'Read The Manual' Locker gang uses...

Botnets Actively Exploited Realtek and Cacti Flaws

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Attacks surged exploiting Cacti and Realtek vulnerabilities, resulting in the spread of ShellBot and Moobot malware. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn...

Hackers Using Self-Extracting Archives Exploit for Stealthy Backdoor Attacks

An unknown threat actor used a malicious self-extracting archive SFX file in an attempt to establish persistent backdoor access to a victim's environment, new findings from CrowdStrike show. SFX files are capable of extracting the data contained within them without the need for dedicated software...

Threat Roundup for March 24 to March 31

Today, Talos is publishing a glimpse into the most prevalent threats weve observed between March 24 and March 31. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...

Ecommerse v1.0 - Cross-Site Scripting (XSS) Vulnerability

Title: Ecommerse v1.0 - Cross-Site Scripting XSS Author: nu11secur1ty Vendor: https://github.com/winston-dsouza Software: https://github.com/winston-dsouza/ecommerce-website Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/winston-dsouza/ecommerce-website Description:...

Ecommerse v1.0 - Cross-Site Scripting (XSS)

Title: Ecommerse v1.0 - Cross-Site Scripting XSS Author: nu11secur1ty Date: 11.23.2022 Vendor: https://github.com/winston-dsouza Software: https://github.com/winston-dsouza/ecommerce-website Reference:...

Financial cyberthreats in 2022

Financial gain remains the key driver of cybercriminal activity. In the past year, weve seen multiple developments in this area – from new attack schemes targeting contactless payments to multiple ransomware groups continuing to emerge and haunt businesses. However, traditional financial threats ...

Cinoshi A Novel Malware-as-a-Service Platform

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Cinoshi is a new MaaS platform with a toolkit including a stealer, botnet, clipper, and crypto-miner. Offering free stealer and web panel is rare. To receive real-time threat advisories, please follow...

New Android Botnet Nexus Being Rented Out on Russian Hacker Forum

By Habiba Rashid Nexus contains a module equipped with encryption capabilities which point towards ransomware. This is a post from HackRead.com Read the original post: New Android Botnet Nexus Being Rented Out on Russian Hacker Forum...

New HinataBot Go-Based Botnet with DDoS Capabilities and Mirai Connection

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary HinataBot is a newly discovered Go-based botnet that spreads through old vulnerabilities and weak credentials. It carries out DDoS flooding attacks and has a connection with the Mirai malware family. To...

Threat Roundup for March 10 to March 17

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 10 and March 17. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...

New GoLang-Based HinataBot Exploiting Router and Server Flaws for DDoS Attacks

A new Golang-based botnet dubbed HinataBot has been observed to leverage known flaws to compromise routers and servers and use them to stage distributed denial-of-service DDoS attacks. "The malware binaries appear to have been named by the malware author after a character from the popular anime...

Revamped Prometei Botnet Version Infects Over 10,000 Systems

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Prometei v3 botnet, an upgraded version of the Prometei botnet malware, has compromised over 10,000 systems mining the Monero cryptocurrency. To receive real-time threat advisories, please follow...

GoBruteforcer: New Golang-Based Malware Breaches Web Servers Via Brute-Force Attacks

A new Golang-based malware dubbed GoBruteforcer has been found targeting web servers running phpMyAdmin, MySQL, FTP, and Postgres to corral the devices into a botnet. "GoBruteforcer chose a Classless Inter-Domain Routing CIDR block for scanning the network during the attack, and it targeted all I...

Emotet Returns, Now Adopts Binary Padding for Evasion

Following a three-month hiatus, Emotet spam activities resumed in March 2023, when a botnet known as Epoch 4 began delivering malicious documents embedded in Zip files that were attached to the emails...

New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide

An updated version of a botnet malware called Prometei has infected more than 10,000 systems worldwide since November 2022. The infections are both geographically indiscriminate and opportunistic, with a majority of the victims reported in Brazil, Indonesia, and Turkey. Prometei, first observed i...

New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide

An updated version of a botnet malware called Prometei has infected more than 10,000 systems worldwide since November 2022. The infections are both geographically indiscriminate and opportunistic, with a majority of the victims reported in Brazil, Indonesia, and Turkey. Prometei, first observed i...

Prometei botnet improves modules and exhibits new capabilities in recent updates

Prometei botnet continued its activity since Cisco Talos first reported about it in 2020. Since November 2022, we have observed Prometei improving the infrastructure components and capabilities. More specifically, the botnet operators updated certain submodules of the execution chain to automate...

New Cryptojacking Campaign Leverages Misconfigured Redis Database Servers

Misconfigured Redis database servers are the target of a novel cryptojacking campaign that leverages a legitimate and open source command-line file transfer service to implement its attack. "Underpinning this campaign was the use of transfer.sh," Cado Security said in a report shared with The...