U.S. Govt. Funding for MITRE's CVE Ends April 16, Cybersecurity Community on Alert

The U.S. government funding for non-profit research giant MITRE to operate and maintain its Common Vulnerabilities and Exposures CVE program will expire Wednesday, an unprecedented development that could shake up one of the foundational pillars of the global cybersecurity ecosystem. The 25-year-o...

CISA and FBI Release Advisory on How Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications

CISA, in partnership with the Federal Bureau of Investigation FBI, released Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications. This advisory was crafted in response to exploitation of vulnerabilities—CVE-2024-8963, an administrative bypass vulnerability; CVE-2024-9379, a...

Authorities Ramp Up Efforts to Capture the Mastermind Behind Emotet

Law enforcement authorities behind Operation Endgame are seeking information related to an individual who goes by the name Odd and is allegedly the mastermind behind the Emotet malware. Odd is also said to go by the nicknames Aron, C700, Cbd748, Ivanov Odd, Mors, Morse, and Veron over the past fe...

8Base Group Deploying New Phobos Ransomware Variant via SmokeLoader

The threat actors behind the 8Base ransomware are leveraging a variant of the Phobos ransomware to conduct their financially motivated attacks. The findings come from Cisco Talos, which has recorded an increase in activity carried out by the cybercriminals. "Most of the group's Phobos variants ar...

Improper Authorization in Confluence Data Center and Server (CVE-2023-22518)

In early November, the cybersecurity community witnessed the exploitation of a zero-day vulnerability in Confluence Data Center and Server. This critical vulnerability was related to Improper Authorization and assigned CVE-2023-22518 identifier. In this blog, we delve into the details of these...

Breast cancer photos published by ransomware gang

The Russia-linked ALPHV ransomware group, also known as BlackCat, has posted sensitive clinical photos of breast cancer patients--calling them "nude photos"--to extort money from the Lehigh Valley Health Network LVHN. This has triggered a chorus of accusations from the cybersecurity community, wi...

Threat Spotlight: XLLing in Excel - threat actors using malicious add-ins

Microsoft is phasing out support for executing VBA macros in downloaded Office documents. Cisco Talos investigates another vector for introduction of malicious code to Microsoft Excel--malicious add-ins, specifically XLL files. Although XLL files were supported since early versions of Excel,...

[VIDEO] An Inside Look at the RSA 2022 Experience From the Rapid7 Team​

!\VIDEO\ An Inside Look at the RSA 2022 Experience From the Rapid7 Team​https://blog.rapid7.com/content/images/2022/06/RSAC-2022-experience.jpg The two years since the last RSA Conference have been pretty uneventful. Sure, COVID-19 sent us all to work from home for a little while, but it's not as...

Suspected DarkHotel APT Activity Update

Suspected DarkHotel APT activity update One Hotel to rule them all, One Hotel to find them, One Hotel to bring them all and in the darkness bind them. By John Fokker · March 17, 2022 This story was also written by Thibault Seret Introduction: Our advanced threat research team has discovered a...

5 Security Projects That Are Giving Back

Editor’s note: We had planned to publish our Hacky Holidays blog series throughout December 2021 – but then Log4Shell happened, and we dropped everything to focus on this major vulnerability that impacted the entire cybersecurity community worldwide. Now that it’s 2022, we’re feeling in need of...

Rapid7 Joins Statement On DMCA Lawsuits Against Security Tools

Rapid7 has joined a statement from members of the cybersecurity community cautioning against using Section 1201 of the Digital Millennium Copyright Act DMCA to suppress beneficial security tools. In the past, Rapid7 has written extensively about DMCA Sec. 1201’s impact on performing independent...

CISA Releases Best Practices for Mapping to MITRE ATT&CK®

As part of an effort to encourage a common language in threat actor analysis, CISA has released Best Practices for MITRE ATT&CK® Mapping. The guide shows analysts—through instructions and examples—how to map adversary behavior to the MITRE ATT&CK framework. CISA created this guide in partnership...

One year later: The VPNFilter catastrophe that wasn't

Cisco Talos first disclosed the existence of VPNFilter on May 23, 2018. The malware made headlines across the globe, as it was a sophisticated piece of malware developed by a nation state, infecting half a million devices, and poised to cause havoc. Yet the attack was averted. The attacker’s...

Guardicore Threat Intelligence Helps Cybersecurity Community Research Attacks and Mitigate Risks

This post discusses how Guardicore Labs helps Guardicore customers and the security community enhance their security posture...

The BEC List: Helping Thwart Business Email Compromise through Collaboration

Today, the Messaging, Malware and Mobile Anti-Abuse Working Group M3AAWG gave the JD Falk Award to the Business Email Compromise BEC List. The BEC List comprises cybersecurity firms, researchers and internet infrastructure companies that help deal with cybercriminal activities and schemes. The JD...

Be like a Moomin: How to establish trust between competitors so we can fight cybercrime

Do you know the Moomins? They're a tight-knit, happy, collaborative cartoon family. I'd never heard of them until I was lucky enough to spend a few days at the Microsoft offices in Helsinki, Finland. The Moomin keychain in the photo was a gift from the Finnish CISO. As I did a little research int...

WordPress Related Posts Exit Popup SQL Injection

In the name of GOD Exploit Title: Wordpress relatedpostsexitpopup SQL Injection Vulnerability Google Dork: inurl:"/relatedpostsexitpopupwindow.php" OR intitle:"Thanks for visiting our site" Exploit Author: Ashiyane Digital Security Team Category: Web Application Tested on: Windows 7 Location:...

OSTP Announces New Cybersecurity R&D Plan

The Office of Science and Technology Policy OSTP released a new report yesterday that details plans to complement the nation’s existing cybersecurity policy, according to a blog entry on the office’s site co-authored by U.S. Chief Technology Officer Aneesh Chopra and Cybersecurity Coordinator...

osPHPSite - SQL Injection

osPHPSite - SQL Injection Exploit Title: osPHPSite SQL Injection Vulnerability Author : vir0e5 Date : 1-12-2011 Vendor : http://www.osphpsite.com Software Link: http://sourceforge.net/projects/osphpsite Version: ALL VERSION Vulnerable File index.php Exploit http://www.sitename.com/index.php?id=Sq...

All Eyes On Stuxnet At Annual Virus Researcher Summit

The world will know more about the mysterious Stuxnet virus by week’s end, after top virus researchers reveal the findings of their post mortem on Stuxnet at the annual Virus Bulletin Conference. HED: All eyes on Stuxnet at annual virus researcher summit DEK: Researchers will reveal new details...