First Malware Targeting AWS Lambda Serverless Platform Discovered

A first-of-its-kind malware targeting Amazon Web Services' AWS Lambda serverless computing platform has been discovered in the wild. Dubbed "Denonia" after the name of the domain it communicates with, "the malware uses newer address resolution techniques for command and control traffic to evade...

This Week in Security News - April 1, 2022

Probing the activities of cloud-based cryptocurrency-mining groups, and Lapsus$ ‘back from vacation’...

Spring Cloud Function SpEL Injection (CVE-2022-22963) Exploited in the Wild

Although Spring Cloud Functions are not as widespread as the Log4j library, and should provide a good separation from the hosting server, some draw the line between the two, due to the ease of exploitation over HTTP/s. This new vulnerability will definitely result in many threat actors launching...

QingScan 跨站脚本漏洞

QingScan is a batch vulnerability mining tool by a Chinese daxia individual developer. It is used to glue various good scanners. There is a security vulnerability in QingScan 1.3.0, there is no information about the vulnerability at the moment, please feel free to pay attention to CNNVD or vendor...

Why Organizations Should Take Cloud-Based Cryptocurrency-Mining Attacks Seriously

One of the recent trends we’ve observed is the rise of cloud-based cryptocurrency-mining groups that exploit cloud resources, specifically the CPU power of deployed cloud instances, to mine cryptocurrency...

Muhstik Botnet Targeting Redis Servers Using Recently Disclosed Vulnerability

Muhstik, a botnet infamous for propagating via web application exploits, has been observed targeting Redis servers using a recently disclosed vulnerability in the database system. The vulnerability relates to CVE-2022-0543, a Lua sandbox escape flaw in the open-source, in-memory, key-value data...

Botnet of Thousands of MikroTik Routers Abused in Glupteba, TrickBot Campaigns

Vulnerable routers from MikroTik have been misused to form what cybersecurity researchers have called one of the largest botnet-as-a-service cybercrime operations seen in recent years. According to a new piece of research published by Avast, a cryptocurrency mining campaign leveraging the...

Prophet Spider exploits Log4j and Citrix vulnerabilities to deploy webshells

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Prophet Spider is a well-known Initial Access Broker IAB group. Prophet Spiders tradecraft continues to grow while exploiting known web-server vulnerabilities such as Citrix and Log4j. A remote code execution RCE...

Hackers Who Broke Into NVIDIA's Network Leak DLSS Source Code Online

American chipmaking company NVIDIA on Tuesday confirmed that its network was breached as a result of a cyber attack, enabling the perpetrators to gain access to sensitive data, including source code purportedly associated with its Deep Learning Super Sampling DLSS technology. "We have no evidence...

Security update for bitcoin (moderate)

openSUSE Security Update: Security update for bitcoin Announcement ID: openSUSE-SU-2022:0072-1 Rating: moderate References: Cross-References: CVE-2021-3195 CVSS scores: CVE-2021-3195 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: openSUSE Backports SLE-15-SP3 An update...

'Roaming Mantis' Android Malware Targeting Europeans via Smishing Campaigns

A financially motivated campaign that targets Android devices and spreads mobile malware via SMS phishing techniques since at least 2018 has spread its tentacles to strike victims located in France and Germany for the first time. Dubbed Roaming Mantis, the latest spate of activities observed in...

Dark Souls 3 Servers Shut Down Due to Critical RCE Bug

There’s a dangerous remote-code execution RCE bug in the Dark Souls video game that could let attackers brick the PCs of online players. The flaw could allow attackers to do pretty much anything: As Kaspersky researchers explained on Monday, the bug “allows an attacker to execute almost any progr...

Active Exploitation of VMware Horizon Servers

This post is co-authored by Charlie Stafford, Lead Security Researcher. We will update this blog with further information as it becomes available. CVE | Vendor Advisory | AttackerKB | IVM Content | Patching Urgency | Blog's Last Update ---|---|---|---|---|--- CVE-2021-44228 | VMware Advisory |...

Norton antivirus installs cryptominer on devices but there is a way out

By Waqas The anti-virus giant Norton is being criticized for installing cryptominer that mine Ethereum. This is a post from HackRead.com Read the original post: Norton antivirus installs cryptominer on devices but there is a way out...

Norton 360 Now Comes With a Cryptominer

Norton 360, one of the most popular antivirus products on the market today, has installed a cryptocurrency mining program on its customers computers. Nortons parent firm says the cloud-based service that activates the program and allows customers to profit from the scheme -- in which the company...

Cryptomining Attack Exploits Docker API Misconfiguration Since 2019

Hackers behind a cryptomining campaign have managed to avoid detection since 2019. The attacks exploited misconfigured Docker APIs that allowed them to gain network entry and ultimately sets up a backdoor on compromised hosts to mine cryptocurrency, researchers said. The attack technique is...

2021 Wants Another Chance (A Lighter-Side Year in Review)

Dear everybody who’s developed stress-related hives over the ever-evolving Log4Shell cluster-muck: 2021 has asked us to convey its apologies. And it hastens to add, “Awww, geez, c’mon, it wasn’t all bad.” Indeed, amid all of the serious cybersecurity developments, the year also brought us...

'Spider-Man: No Way Home' Pirated Downloads Contain Crypto-Mining Malware

Peter Parker might not be a mastermind cryptocurrency criminal, but the name Spiderman is quickly becoming more associated with the mining landscape. ReasonLabs, a leading provider of cybersecurity prevention and detection software, recently discovered a new form of malware hacking into customer...

CVE-2021-41272 SHL, SHR, and SAR operations trigger native exception at key values in besu

Besu is an Ethereum client written in Java. Starting in version 21.10.0, changes in the implementation of the SHL, SHR, and SAR operations resulted in the introduction of a signed type coercion error in values that represent negative values for 32 bit signed integers. Smart contracts that ask for...

Log4Shell Is Spawning Even Nastier Mutations

The internet has a fast-spreading, malignant cancer – otherwise known as the Apache Log4j logging library exploit – that’s been rapidly mutating and attracting swarms of attackers since it was publicly disclosed last week. Most of the attacks focus on cryptocurrency mining done on victims’ dimes,...