38 matches found
XZ Utils Backdoored, A Supply Chain Nightmare
Summary: Multiple Linux distributions face a potential supply chain threat due to the introduction of malicious code into a widely-used library. A backdoor was discovered within the XZ Utils library, inserted roughly a month ago. This compromise allows attackers to manipulate and intercept data...
Google Patches Critical Zero-Day Exploits Found at Pwn2Own
Summary: Google patched two zero-day vulnerabilities in Chrome CVE-2024-2886, CVE-2024-2887 from Pwn2Own Vancouver 2024, allowing arbitrary code execution. Updating Chrome is essential to ensure youre protected. Threat Level - Red | Vulnerability Report For a detailed threat advisory, download th...
StrelaStealer Resurfaces with Upgraded Attack Chain
Summary: A recent wave of phishing attacks has been detected, targeting over 100 organizations across the United States and the European Union. These attacks aim to distribute StrelaStealer, a dynamic information-stealing malware. The attackers employ spam emails containing attachments that...
Critical Flaw In Ivanti Standalone Sentry Leads To Remote Code Execution
Summary: Ivanti Standalone Sentry has been identified as vulnerable to a critical remote code execution flaw, tracked as CVE-2023-41724. Exploiting this vulnerability, a remote attacker could gain unauthorized access to the target system and execute arbitrary commands. Threat Level - Red |...
Unveiling BunnyLoader 3.0 Enhanced Malware Capabilities
Summary: BunnyLoader 3.0, which has been active since September 2023, is a malicious malware variant known for its enhanced data theft and advanced keylogging capabilities. This modular malware provides attackers with flexibility and presents challenges in terms of detection. Despite its global...
Critical Flaw In WordPress Plugins Poses Risk Of Site Takeover
Summary: A critical security vulnerability, identified as CVE-2024-2172 in WordPress, urges users utilizing miniOranges Malware Scanner and Web Application Firewall plugins to uninstall these plugins from their websites. This vulnerability enables unauthorized attackers to gain administrative...
Evasive Panda China-Linked Cyberespionage Targeting Tibetans
Summary: Evasive Panda, a threat actor associated with China, has masterminded an intricate cyberespionage campaign targeting Tibetan users since at least September 2023. This operation employs both watering hole and supply chain attacks to achieve its objectives. Threat Level - Red | Attack Repo...
Critical VMware Vulnerabilities Leading To Sandbox Escape
Summary: Critical vulnerabilities tracked as CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, and CVE-2024-22255 have been addressed by Vmware. These vulnerabilities allow attackers to bypass virtual machines and execute commands on the host machine. Workstation, Fusion, Cloud Foundation, and VMwa...
Apple Rolls Out Critical Updates to Address Zero-Day Flaws
Summary: Apple has addressed two zero-day vulnerabilities in iOS, namely CVE-2024-23225 and CVE-2024-23296. These vulnerabilities were exploited in attacks targeting Mobile devices, providing attackers with arbitrary kernel read and write privileges, enabling them to bypass kernel memory...
Ivanti Gateways Under Attack by Cybercriminals Patch Now
Summary: Cyber threat actors have been exploiting vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways, including CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893, which allow them to bypass authentication and execute arbitrary commands with elevated privileges. Despite...
BlackCat’s Resurgence Despite Law Enforcement Disruptions
Summary: Blackcat, a sophisticated Ransomware-as-a-Service operation, infiltrates networks using advanced social engineering and remote access tools, offering triple extortion tactics and cyber remediation advice for ransom payment, and resurged after a December 2023 disruption, causing widesprea...
Abyss Locker’s Substantial Threat Explored
Summary: Abyss Locker ransomware surfaced in July 2023, deriving from the HelloKitty ransomware source code, indicating a lineage predating its official release. Similar to other ransomware variants, Abyss Locker infiltrates corporate networks, exfiltrates data for extortion, and encrypts devices...
Microsoft’s February 2024 Patch Tuesday Addresses Two Zero-day Vulnerabilities
Summary: Microsofts February 2024 Patch Tuesday addresses 73 vulnerabilities, including actively exploited zero-days, spanning various products like Office, Exchange Server, and Windows Kernel. Critical flaws in Windows SmartScreenCVE-2024-21351, Internet Shortcut FilesCVE-2024-21412, and Microso...
Critical Remote Code Execution Flaws Uncovered in Jenkins
Summary: Multiple vulnerabilities have been discovered in Jenkins and number of associated plugins, allowing attackers unauthorized data access and execute arbitrary commands. The critical vulnerability CVE-2024-23897, allows attackers to read system files and opens number of attack vectors...
Midnight Blizzard Exploiting Legacy OAuth for Lateral Movement
Summary: Midnight Blizzard exploited a legacy test OAuth application with elevated access due to a common password and lack of multi-factor authentication MFA. The attackers leveraged this access to move laterally within Microsofts network, potentially exfiltrating data and gaining broader contro...
Kasseika Ransomware Employs BYOVD Tactic to Impair Defenses
Summary: The ransomware operation Kasseika has recently been identified using the Bring Your Own Vulnerable Driver BYOVD tactic. This involves exploiting vulnerabilities in a loaded driver to disable antivirus software before initiating the file encryption process. Through this strategy, the...
Critical RCE Flaw in Atlassian Confluence Sparks Active Exploitation
Summary: CVE-2023-22527 is a critical Remote Code Execution vulnerability in outdated Atlassian Confluence versions, actively exploited by malicious actors. Immediate patching to recommended versions is crucial, as nearly 40,000 exploitation attempts have been recorded within three days of...
Androxgh0st Malware Uses Stealthy Tactics in Pilfering Credentials
Summary: The Androxgh0st malware is building a botnet, specifically aimed at illicitly obtaining cloud credentials from popular applications such as Amazon Web Services AWS, Microsoft Office 365, SendGrid, and Twilio. This stolen data is then utilized to disseminate additional harmful payloads...
New Attacks Target Misconfigured Apache Applications with Monero Miner
Summary: A recently identified attack exploits misconfigurations in Apache Hadoop and Flink to deploy cryptocurrency miners within targeted environments. This attack stands out due to the attackers utilization of packers and rootkits to conceal the malware, adding an extra layer of complexity and...
Active Exploitation of Two Critical Flaws in Microsoft SharePoint
Summary: Active attacks targeting a critical Microsoft SharePoint Server vulnerability CVE-2023-29357 pose a severe risk, enabling privilege escalation for potential full administrator access. This flaw, coupled with CVE-2023-24955, allows arbitrary code execution. Immediate patching is crucial, ...