Mustang Panda Hackers Targets Philippines Government Amid South China Sea Tensions

The China-linked Mustang Panda actor has been linked to a cyber attack targeting a Philippines government entity amid rising tensions between the two countries over the disputed South China Sea. Palo Alto Networks Unit 42 attributed the adversarial collective to three campaigns in August 2023,...

New Ransomware Group Emerges with Hive's Source Code and Infrastructure

The threat actors behind a new ransomware group called Hunters International have acquired the source code and infrastructure from the now-dismantled Hive operation to kick-start its own efforts in the threat landscape. "It appears that the leadership of the Hive group made the strategic decision...

Operation Rusty Flag: Azerbaijan Targeted in New Rust-Based Malware Campaign

Targets located in Azerbaijan have been singled out as part of a new campaign that's designed to deploy Rust-based malware on compromised systems. Cybersecurity firm Deep Instinct is tracking the operation under the name Operation Rusty Flag. It has not been associated with any known threat actor...

New Attack Alert: Freeze[.]rs Injector Weaponized for XWorm Malware Attacks

Malicious actors are using a legitimate Rust-based injector called Freeze.rs to deploy a commodity malware called XWorm in victim environments. The novel attack chain, detected by Fortinet FortiGuard Labs on July 13, 2023, is initiated via a phishing email containing a booby-trapped PDF file. It...

Rust-Based Injector Deploys XWorm and Remcos RAT in Multi-Stage Attack

By Waqas FortiGuard Labs Reveals Insights into Recent Surge of Cyberattacks Utilizing Rust Programming Language. This is a post from HackRead.com Read the original post: Rust-Based Injector Deploys XWorm and Remcos RAT in Multi-Stage Attack...

New P2PInfect Worm Targets Redis Servers with Undocumented Breach Methods

The P2PInfect peer-to-peer P2 worm has been observed employing previously undocumented initial access methods to breach susceptible Redis servers and rope them into a botnet. "The malware compromises exposed instances of the Redis data store by exploiting the replication feature," Cado Security...

Improved BlackCat Ransomware Strikes with Lightning Speed and Stealthy Tactics

The threat actors behind BlackCat ransomware have come up with an improved variant that prioritizes speed and stealth in an attempt to bypass security guardrails and achieve their goals. The new version, dubbed Sphynx and announced in February 2023, packs a "number of updated capabilities that...

Exploit for Code Injection in Vmware Spring_Cloud_Function

CVE-2022-22963 Exploit This repository contains a Rust-based e...

GHSA-J859-PMRQ-9Q6C bottlerocket dependency openssl has a double free vulnerability

A timing based side channel exists in the OpenSSL RSA decryption implementation which could enable a recovery of plaintext from across the network. This affects all RSA padding modes. A server agent compiled with OpenSSL could be made to give up plaintext payloads over the network, but this would...

bottlerocket dependency openssl has a double free vulnerability

A timing based side channel exists in the OpenSSL RSA decryption implementation which could enable a recovery of plaintext from across the network. This affects all RSA padding modes. A server agent compiled with OpenSSL could be made to give up plaintext payloads over the network, but this would...

bottlerocket dependency openssl is vulnerable to read buffer overflow via X.509 verification

A read buffer overflow can be triggered in OpenSSL X.509 verification during name constraint checking. Note that this occurs after the certificate chain has been verified and would require a compromised CA. This can cause a client or agent compiled with OpenSSL to crash unexpectedly. OpenSSL has...

GHSA-J79X-VVGM-W73W bottlerocket dependency openssl provides streaming of ASN.1 data via a BIO

An OpenSSL public API provides streaming of ASN.1 data via a BIO. It is possible for a malicious third party to use the BIO to access unfreed memory pointers that are not cleaned up after execution of the API. Freeing these memory pointers will result in a crash. Agents and clients compiled with...

New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers

VMware ESXi hypervisors are the target of a new wave of attacks designed to deploy ransomware on compromised systems. "These attack campaigns appear to exploit CVE-2021-21974, for which a patch has been available since February 23, 2021," the Computer Emergency Response Team CERT of France said i...

Nokoyawa 2.0 A Reworked Rust-Based Ransomware

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Nokoyawa is a 64-bit Windows-based ransomware family that first appeared in early February 2022. The threat group behind Nokoyawa conducts double-extortion ransomware attacks, first stealing data from...

BlackCat: A New Rust-based Ransomware Malware Spotted in the Wild

Details have emerged about what's the first Rust-language-based ransomware strain spotted in the wild that has already amassed "some victims from different countries" since its launch last month. The ransomware, dubbed BlackCat, was disclosed by MalwareHunterTeam. "Victims can pay with Bitcoin or...

Vicent Martí Redcarpet Injection Vulnerability

Vicent Martí Redcarpet is a Rust-based codebase for parsing Markdown syntax by the individual developer Vicent Martí. An injection vulnerability exists in Redcarpet before version 3.5.1, which results from not performing HTML escaping when handling quotes...

[SECURITY] [DSA 4549-1] firefox-esr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4549-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 24, 2019 https://www.debian.org/security/faq -...