Lucene search
K

174 matches found

hivepro
hivepro
added 2022/03/17 2:17 p.m.54 views

OpenSSL exposed to Denial-of-service vulnerability causing Infinite Loop

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. A security flaw exists in OpenSSL software library that could lead to a denial-of-service DoS condition when parsing certificates. The vulnerability, identified as CVE-2022-0778, arises from parsing a malformed certificate...

5CVSS0.6AI score0.70561EPSS
Exploits2
hivepro
hivepro
added 2022/03/17 5:55 a.m.24 views

Attackers Escape Kubernetes Containers using “cr8escape” Vulnerability in CRI-O

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. A flaw in CRI-O, an open-source Linux implementation of Kubernetes Container Runtime Interface CRI, was discovered that may allow an attacker to gain remote control of servers and potentially poison the container with attack...

2.9AI score0.18561EPSS
Exploits0
hivepro
hivepro
added 2022/03/12 9:45 a.m.9 views

Mustang Panda targets European diplomats using enhanced PlugX backdoor

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Mustang Panda, a Chinese cyberespionage group, has been targeting European diplomats with a revised version of the PlugX backdoor in an ongoing campaign linked to the ongoing conflict in Ukraine. The group, also known as...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2022/03/01 4:46 p.m.18 views

Second New 'IsaacWiper' Data Wiper Targets Ukraine After Russian Invasion

A new data wiper malware has been observed deployed against an unnamed Ukrainian government network, a day after destructive cyber attacks struck multiple entities in the country preceding the start of Russia's military invasion. Slovak cybersecurity firm ESET dubbed the new malware "IsaacWiper,"...

1.1AI score
Exploits0
hivepro
hivepro
added 2022/02/07 2:23 p.m.21 views

Iranian state-sponsored APT group MuddyWater targeting organizations via malicious executables

THREAT LEVEL: Red. United States Cyber Command USCYBERCOM has warned of an ongoing cyber attack by Iranian state sponsored actor named as MuddyWater. This APT group is currently targeting Middle Eastern countries and has also targeted European and North American nations. The Iranian-backed...

0.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2022/01/12 5:17 a.m.41 views

Who is the Network Access Broker ‘Wazawaka?’

In a great many ransomware attacks, the criminals who pillage the victims network are not the same crooks who gained the initial access to the victim organization. More commonly, the infected PC or stolen VPN credentials the gang used to break in were purchased from a cybercriminal middleman know...

6.9AI score
Exploits0
ThreatPost
ThreatPost
added 2022/01/11 3:0 p.m.57 views

‘Fully Undetected’ SysJoker Backdoor Malware Targets Windows, Linux & macOS

A brand-new multiplatform malware, likely distributed via malicious npm packages, is spreading under the radar with Linux and Mac versions going fully undetected in VirusTotal, researchers warned. The Windows version, according to a Tuesday writeup from Intezer, has only six detections as of this...

7.3AI score
Exploits0References6
ThreatPost
ThreatPost
added 2021/12/22 6:39 p.m.22 views

PYSA Emerges as Top Ransomware Actor in November

PYSA, which is also known by Mespinoza, has overtaken Conti as the top ransomware threat group for the month of November. It joined Lockbit, which has dominated the space since August. According to NCC Group’s November insights on the ransomware sector, PYSA increased its market share with a 50...

6.9AI score
Exploits0References5
Gitee
Gitee
added 2021/12/01 12:30 p.m.7 views

Exploit for Incorrect Default Permissions in Microsoft

Awesome Red Teaming List of Awesome Red Team / Red Teaming Resources This list is for anyone wishing to learn about Red Teaming but do not have a starting point. Anyway, this is a living resources and will update regularly with latest Adversarial Tactics and Techniques based on Mitre ATT&CK You c...

8.8CVSS9.9AI score0.15257EPSS
Exploits4
ThreatPost
ThreatPost
added 2021/11/08 7:42 p.m.32 views

Zebra2104 Initial Access Broker Supports Rival Malware Gangs, APTs

Three separate threat groups are all using a common initial access broker IAB to enable their cyberattacks, according to researchers – a finding that has revealed a tangled web of related attack infrastructure underpinning disparate and in some cases rival malware campaigns. The BlackBerry Resear...

6.9AI score
Exploits0References14
VulnCheck KEV
VulnCheck KEV
added 2021/11/03 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-5847

Unraid contains a vulnerability due to the insecure use of the extract PHP function that can be abused to execute remote code as root. This CVE is chainable with CVE-2020-5849 for initial access...

10CVSS7.5AI score0.95844EPSS
Exploits8References1
Malwarebytes
Malwarebytes
added 2021/10/28 11:6 a.m.51 views

What is fileless malware?

Unlike traditional malware, which relies on a file being written to a disk, fileless malware is intended to be memory resident only, ideally leaving no trace after its execution. The malicious payload exists in the computer’s memory, which means nothing is ever written directly to the hard drive...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2021/10/08 1:41 p.m.65 views

Ransomware Group FIN12 Aggressively Going After Healthcare Targets

An "aggressive" financially motivated threat actor has been identified as linked to a string of RYUK ransomware attacks since October 2018, while maintaining close partnerships with TrickBot-affiliated threat actors and using a publicly available arsenal of tools such as Cobalt Strike Beacon...

6.7AI score
Exploits0
ThreatPost
ThreatPost
added 2021/09/16 6:26 p.m.35 views

Airline Credential-Theft Takes Off in Widening Campaign

A two-year-old espionage campaign against the airline industry is ongoing, with AsyncRAT and other commodity remote-access trojans RATs helping those efforts take flight. The campaign can effectively be a bird strike to the business engine, so to speak, resulting in data theft, financial fraud or...

6.9AI score
Exploits0References13
Gitee
Gitee
added 2021/07/26 4:14 p.m.3 views

Awesome-Red-Teaming

This is an offensive tool for Red Teaming. It is a list of resources for anyone wishing to learn about Red Teaming, including initial access, execution, persistence, privilege escalation, defense evasion, credential access, discovery, lateral movement, collection, exfiltration, command and contro...

7.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2021/07/07 11:41 p.m.335 views

Analyzing the REvil Ransomware Attack

Over the past year, there has been a rise in extortion malware, e.g. Nefilim and Darkside, which steal and threaten to publish sensitive data or encrypt it until a ransom is paid. Nowadays, cybercriminals use various techniques to gain their initial foothold within a network in the organization...

7.5CVSS1AI score0.85619EPSS
Exploits1
ThreatPost
ThreatPost
added 2021/06/29 9:0 a.m.181 views

Cobalt Strike Usage Explodes Among Cybercrooks

The use of Cobalt Strike – the legitimate, commercially available tool used by network penetration testers – by cybercrooks has shot through the roof, according to Proofpoint researchers, who say that the tool has now “gone fully mainstream in the crimeware world.” The researchers have tracked a...

7.3AI score
Exploits0References34
ThreatPost
ThreatPost
added 2021/06/16 12:4 p.m.33 views

Avaddon Ransomware Gang Evaporates Amid Global Crackdowns

Ransomware group Avaddon has decided to shutter its criminal enterprise after landing in the crosshairs of law-enforcement agencies in the U.S. and Australia. Avaddon, a prolific ransomware-as-a-service RaaS provider, released its decryption keys to BleepingComputer — 2,934 in total — with each k...

7.3AI score
Exploits0References12
ThreatPost
ThreatPost
added 2021/06/16 11:51 a.m.31 views

Researchers: Booming Cyber-Underground Market for Initial-Access Brokers

It’s well known that email is often the gateway for cybercriminals looking to infiltrate a corporate network. But rather than do the heavy lifting themselves, ransomware gangs are buying their way onto networks, partnering with other criminal groups that have already paved the way for entry with...

7.2AI score
Exploits0References4
The Hacker News
The Hacker News
added 2021/06/16 8:36 a.m.35 views

Ransomware Attackers Partnering With Cybercrime Groups to Hack High-Profile Targets

As ransomware attacks against critical infrastructure skyrocket, new research shows that threat actors behind such disruptions are increasingly shifting from using email messages as an intrusion route to purchasing access from cybercriminal enterprises that have already infiltrated major targets...

6.8AI score
Exploits0
Rows per page
Query Builder