ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

Thursday. Another week, another batch of things that probably should've been caught sooner but weren't. This one's got some range — old vulnerabilities getting new life, a few "why was that even possible" moments, attackers leaning on platforms and tools you'd normally trust without thinking twic...

Gamaredon Uses Infected Removable Drives to Breach Western Military Mission in Ukraine

The Russia-linked threat actor known as Gamaredon aka Shuckworm has been attributed to a cyber attack targeting a foreign military mission based in Ukraine with an aim to deliver an updated version of a known malware called GammaSteel. The group targeted the military mission of a Western country,...

UBUNTU-CVE-2023-4001

An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a fil...

Authentication flaw

An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a fil...

CVE-2023-4001

An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a fil...

CVE-2023-4001

An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a fil...

GoldenJackal: New Threat Group Targeting Middle Eastern and South Asian Governments

Government and diplomatic entities in the Middle East and South Asia are the target of a new advanced persistent threat actor named GoldenJackal. Russian cybersecurity firm Kaspersky, which has been keeping tabs on the group's activities since mid-2020, characterized the adversary as both capable...

Threat Roundup for September 14 to September 21

Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we’ve observed this week — covering the dates between Sept. 14 and 21. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, we will summarize the threats we’ve observed by...

Microsoft Windows Defender AV: Scan removable drives

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winavscanremovabledrives.nasl 11495 2018-09-20 10:06:25Z emoss $ Check value for Scan removable drives Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This program is free...

Microsoft Windows: BitLocker-protected removable drives recovery (AD backup)

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winrmbitlockerrecoveryadbackup.nasl 11363 2018-09-12 13:46:05Z emoss $ Check value for Choose how BitLocker-protected removable drives can be recovered: Save BitLocker recovery information to AD DS for removable data drives...

Microsoft Windows: Write access to devices configured in another organization

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winrmdenycrossorgwrite.nasl 11363 2018-09-12 13:46:05Z emoss $ Check value for Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization Authors:...

Microsoft Windows: BitLocker-protected removable drives recovery (wizard)

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winrmbitlockerrecoverywizard.nasl 11363 2018-09-12 13:46:05Z emoss $ Check value for Choose how BitLocker-protected removable drives can be recovered: Omit recovery options from the BitLocker setup wizard Authors: Emanuel Mos...

Microsoft Windows: Use of hardware-based encryption (restrict algorithms)

This policy setting allows you to manage BitLocker Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Microsoft Windows: BitLocker-protected removable drives recovery (password)

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winrmbitlockerrecoverypassword.nasl 11363 2018-09-12 13:46:05Z emoss $ Check value for Choose how BitLocker-protected removable drives can be recovered: Recovery password Authors: Emanuel Moss Copyright: Copyright c 2018...

Microsoft Windows: Deny write access to removable drives not protected by BitLocker

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winrmdenywriteaccess.nasl 11363 2018-09-12 13:46:05Z emoss $ Check value for Deny write access to removable drives not protected by BitLocker Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...

Microsoft Windows: BitLocker-protected removable drives recovery

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winrmbitlockerrecovery.nasl 11363 2018-09-12 13:46:05Z emoss $ Check value for Choose how BitLocker-protected removable drives can be recovered Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...

Chinese Hackers Target Air-Gapped Networks in Southeast Asia

A State-sponsored Cyber Espionage Group -- most likely linked to the Chinese government becomes the first group to target the so-called "Air-Gapped Networks" that aren't directly connected to the Internet. What are Air-Gapped systems? Air-gapped systems are known to be the most safest and secure...

Shylock banking malware spreads via Skype

The banking Trojan known as Shylock has been updated with new functionality, including the ability to spread over Skype. The program was discovered in 2011 that steals online banking credentials and other financial information from infected computers. Shylock, named after a character from...

Kelihos Update Includes New TLD and USB Infection Capabilities

There’s a little Michael Myers in the Kelihos botnet; maim it, kill it and it keeps on coming back to wreak more havoc. The 2011 takedown of the Kelihos botnet was one of Microsoft’s high-profile success stories against spambots and the like, yet Kelihos was back for more at the start of 2012 usi...

Microsoft Windows Worm.Win32.Flame.A Information Collection

An information collection vulnerability has been reported in all versions of Microsoft Windows. Worm.Win32.Flame.A is a computer worm that targets Windows users. The worm propagates via removable drives and network shares. Once resident, Flame can compromise user privacy using methods such as...