83 matches found
Pulse Secure Critical Zero-Day Security Bug Under Active Exploit
A critical zero-day security vulnerability in Pulse Secure VPN devices has been exploited by nation-state actors to launch cyberattacks against U.S. defense, finance and government targets, as well as victims in Europe, researchers said. Download “The Evolution of Ransomware” to gain valuable...
Attackers Target ProxyLogon Exploit to Install Cryptojacker
Cryptojacking can be added to the list of threats that face any unpatched Exchange servers that remain vulnerable to the now-infamous ProxyLogon exploit, new research has found. Researchers discovered the threat actors using Exchange servers compromised using the highly publicized exploit...
ProxyLogon PoCs trigger a game of whack-a-mole
As we reported recently, the use of the Microsoft Exchange Server ProxyLogon vulnerabilities has gone from “limited and targeted attacks” to a full-size panic in no time. Criminal activities, ranging in severity from planting crypto-miners to deploying ransomware, and conducted by numerous groups...
Microsoft Exchange Exploits Pave a Ransomware Path
Cybercriminals are now using compromised Microsoft Exchange servers as a foothold to deploy a new ransomware family called DearCry, Microsoft has warned. The ransomware is the latest threat to beleaguer vulnerable Exchange servers, emerging shortly after Microsoft issued emergency patches in earl...
Microsoft Implements Windows Zerologon Flaw 'Enforcement Mode'
Microsoft is taking matters into its own hands when it comes to companies that haven’t yet updated their systems to address the critical Zerologon flaw. The tech giant will soon by default block vulnerable connections on devices that could be used to exploit the flaw. Starting Feb. 9, Microsoft...
A week in security (January 4 – January 10)
Last week on Malwarebytes Labs, we released survey results about VPN usage and found that 36 percent of our respondents use it. We also talked about Adobe Flash Player reaching its end of life—meaning, Adobe wont be supporting the updating and patching of its Flash Player software; covered the...
Malicious Software Infrastructure Easier to Get and Deploy Than Ever
Simple to use and deploy offensive security tools, making it easier than ever for criminals with little technical know-how to get in on cybercrime are seeing a significant rise, researchers say. Recorded Future just released findings from its regular year-end observations of malicious...
Simplifying Proactive Defense With Threat Playbooks
Security defense strategy can be extremely complex, with security teams grappling with tens of thousands of information points and evolving attacker techniques, said Derek Manky, Chief of Security Insights & Global Threat Alliances at Fortinet’s FortiGuard Labs. Derek Manky FortiGuard Labs has...
NCSC Releases 2020 Annual Review
The United Kingdom UK National Cyber Security Centre NCSC has released its Annual Review 2020, which focuses on its response to evolving and challenging cyber threats. Recognizing cybersecurity as a “team sport,” the publication includes highlights of NCSC’s collaboration with many partners,...
Critical MobileIron RCE Flaw Under Active Attack
Advanced persistent threat APT groups are actively exploiting a vulnerability in mobile device management security solutions from MobileIron, a new advisory warns. The issue in question CVE-2020-15505 is a remote code-execution flaw. It ranks 9.8 out of 10 on the CVSS severity scale, making it...
This Week in Security News: Watering Hole Campaign Operation Earth Kitsune Spying on Users’ Systems and Fancy Bear Imposters Are on a Hacking Extortion Spree
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about a watering hole campaign Trend Micro dubbed ‘Operation Earth Kitsune’ that is spying on users’ systems through compromised...
Lazarus on the hunt for big game
We may only be six months in, but theres little doubt that 2020 will go down in history as a rather unpleasant year. In the field of cybersecurity, the collective hurt mostly crystallized around the increasing prevalence of targeted ransomware attacks. By investigating a number of these incidents...
A week in security (July 20 – 26)
Last week on Malwarebytes Labs, our Lock and Code podcast delved into Bluetooth and beacon technology. We also dug into APT groups targeting India and Hong Kong, covered a law enforcement bust, and tried to figure out when, exactly, a Deepfake is a Deepfake. Other cybersecurity news Insecure emai...
How bad bots are targeting the healthcare sector
Credential cracking, or password spraying, is one of the most effective ways for cybercriminals to get access to user accounts. It refers to the brute-force automated cracking, or pairing of usernames and passwords by using sophisticated high-speed bots. According to a National Cyber Awareness...
APT trends report Q1 2020
For more than two years, the Global Research and Analysis Team GReAT at Kaspersky has been publishing quarterly summaries of advanced persistent threat APT activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and...
SAS, sweet SAS
As you may already know from our social network posts, we have rescheduled the SAS 2020 conference for November 18-21 due to the COVID-19 pandemic and to ensure your safety. Though we still think that Barcelona is a great place to meet and it will not be a "real" SAS if we cannot hug, shake hands...
COVID-19 Exploited by Malicious Cyber Actors
Summary This is a joint alert from the United States Department of Homeland Security DHS Cybersecurity and Infrastructure Security Agency CISA and the United Kingdom’s National Cyber Security Centre NCSC. This alert provides information on exploitation by cybercriminal and advanced persistent...
Trickbot: A primer
By Chris Neal Executive Summary Trickbot remains one of the most sophisticated banking trojans in the landscape while constantly evolving.Highly modular, Trickbot can adapt to different environments with the help of its various modules.The group behind Trickbot has expanded their activities beyon...
Microsoft Exchange Server Flaw Exploited in APT Attacks
Multiple threat groups are actively exploiting a vulnerability in Microsoft Exchange servers, researchers warn. If left unpatched, the flaw allows authenticated attackers to execute code remotely with system privileges. The vulnerability in question CVE-2020-0688 exists in the control panel of...
Patrick Wardle: Apple Devices Hit With Recycled macOS Malware
SAN FRANCISCO – Advanced persistent threat APT groups are hitting Apple devices with malware that has been reverse engineered and redeployed for malicious acts. This technique is complicating attribution efforts, Patrick Wardle, security researcher with Jamf, said this week during RSA Conference...