Experts Detail Malicious Code Dropped Using ManageEngine ADSelfService Exploit

At least nine entities across the technology, defense, healthcare, energy, and education industries were compromised by leveraging a recently patched critical vulnerability in Zoho's ManageEngine ADSelfService Plus self-service password management and single sign-on SSO solution. The spying...

BlackBerry Uncovers Initial Access Broker Linked to 3 Distinct Hacker Groups

A previously undocumented initial access broker has been unmasked as providing entry points to three different threat actors for mounting intrusions that range from financially motivated ransomware attacks to phishing campaigns. BlackBerry's research and intelligence team dubbed the entity...

Types of Penetration Testing

If you are thinking about performing a penetration test on your organization, you might be interested in learning about the different types of tests available. With that knowledge, you'll be better equipped to define the scope for your project, hire the right expert and, ultimately, achieve your...

Critical Flaws in Philips TASY EMR Could Expose Patient Data

The U.S. Cybersecurity and Infrastructure Security Agency CISA is warning of critical vulnerabilities affecting Philips Tasy electronic medical records EMR system that could be exploited by remote threat actors to extract sensitive personal data from patient databases. "Successful exploitation of...

Two NPM Packages With 22 Million Weekly Downloads Found Backdoored

In what's yet another instance of supply chain attack targeting open-source software repositories, two popular NPM packages with cumulative weekly downloads of nearly 22 million were found to be compromised with malicious code by gaining unauthorized access to the respective developer's accounts...

Ukraine Identifies Russian FSB Officers Hacking As Gamaredon Group

Ukraine's premier law enforcement and counterintelligence agency on Thursday disclosed the real identities of five individuals allegedly involved in digital intrusions attributed to a cyber-espionage group named Gamaredon, linking the members to Russia's Federal Security Service FSB. Calling the...

U.S. Federal Agencies Ordered to Patch Hundreds of Actively Exploited Flaws

The U.S. Cybersecurity and Infrastructure Security Agency CISA has published a catalog of vulnerabilities, including from Apple, Cisco, Microsoft, and Google, that have known exploits and are being actively exploited by malicious cyber actors, in addition to requiring federal agencies to prioriti...

U.S. Offers $10 Million Reward for Information on DarkSide Ransomware Group

The U.S. government on Thursday announced a $10 million reward for information that may lead to the identification or location of key individuals who hold leadership positions in the DarkSide ransomware group or any of its rebrands. On top of that, the State Department is offering bounties of up ...

Hardcoded SSH Key in Cisco Policy Suite Lets Remote Hackers Gain Root Access

Cisco Systems has released security updates to address vulnerabilities in multiple Cisco products that could be exploited by an attacker to log in as a root user and take control of vulnerable systems. Tracked as CVE-2021-40119, the vulnerability has been rated 9.8 in severity out of a maximum of...

Critical RCE Vulnerability Reported in Linux Kernel's TIPC Module

Cybersecurity researchers have disclosed a security flaw in the Linux Kernel's Transparent Inter Process Communication TIPC module that could potentially be leveraged both locally as well as remotely to execute arbitrary code within the kernel and take control of vulnerable machines. Tracked as...

Our journey to API security at Raiffeisen Bank International

This article was written by Peter Gerdenitsch, Group CISO at Raiffeisen Bank International, and is based on a presentation given during Imvision's Executive Education Program, a series of events focused on how enterprises are taking charge of the API security lifecycle. Launching the "Security in...

US Sanctions Pegasus-maker NSO Group and 3 Others For Selling Spyware

The U.S. Commerce Department on Wednesday added four companies, including Israel-based spyware companies NSO Group and Candiru, to a list of entities engaging in "malicious cyber activities." The agency said the two companies were added to the list based on evidence that "these entities developed...

BlackMatter Ransomware Reportedly Shutting Down; Latest Analysis Released

An analysis of new samples of BlackMatter ransomware for Windows and Linux has revealed the extent to which the operators have continually added new features and encryption capabilities in successive iterations over a three-month period. No fewer than 10 Windows and two Linux versions of the...

Product Overview - Cynet Centralized Log Management

For most organizations today, the logs produced by their security tools and environments provide a mixed bag. On the one hand, they can be a trove of valuable data on security breaches, vulnerabilities, attack patterns, and general security insights. On the other, organizations don't have the rig...

Mekotio Banking Trojan Resurfaces with New Attacking and Stealth Techniques

The operators behind the Mekotio banking trojan have resurfaced with a shift in its infection flow so as to stay under the radar and evade security software, while staging nearly 100 attacks over the last three months. "One of the main characteristics … is the modular attack which gives the...

Facebook to Shut Down Facial Recognition System and Delete Billions of Records

Facebook's newly-rebranded parent company Meta on Tuesday announced plans to discontinue its decade-old "Face Recognition" system and delete a massive trove of more than a billion users' facial recognition templates as part of a wider initiative to limit the use of the technology across its...

Google Warns of New Android 0-Day Vulnerability Under Active Targeted Attacks

Google has rolled out its monthly security patches for Android with fixes for 39 flaws, including a zero-day vulnerability that it said is being actively exploited in the wild in limited, targeted attacks. Tracked as CVE-2021-1048, the zero-day bug is described as a use-after-free vulnerability i...

Alert! Hackers Exploiting GitLab Unauthenticated RCE Flaw in the Wild

A now-patched critical remote code execution RCE vulnerability in GitLab's web interface has been detected as actively exploited in the wild, cybersecurity researchers warn, rendering a large number of internet-facing GitLab instances susceptible to attacks. Tracked as CVE-2021-22205, the issue...

Google to Pay Hackers $31,337 for Exploiting Patched Linux Kernel Flaws

Google on Monday announced that it will pay security researchers to find exploits using vulnerabilities, previously remediated or otherwise, over the next three months as part of a new bug bounty program to improve the security of the Linux kernel. To that end, the company is expected to issue...

Critical Flaws Uncovered in Pentaho Business Analytics Software

Multiple vulnerabilities have been disclosed in Hitachi Vantara's Pentaho Business Analytics software that could be abused by malicious actors to upload arbitrary data files and even execute arbitrary code on the underlying host system of the application. The security weaknesses were reported by...

Securing SaaS Apps — CASB vs. SSPM

There is often confusion between Cloud Access Security Brokers CASB and SaaS Security Posture Management SSPM solutions, as both are designed to address security issues within SaaS applications. CASBs protect sensitive data by implementing multiple security policy enforcements to safeguard critic...

New 'Trojan Source' Technique Lets Hackers Hide Vulnerabilities in Source Code

A novel class of vulnerabilities could be leveraged by threat actors to inject visually deceptive malware in a way that's semantically permissible but alters the logic defined by the source code, effectively opening the door to more first-party and supply chain risks. Dubbed "Trojan Source...

Researchers Uncover 'Pink' Botnet Malware That Infected Over 1.6 Million Devices

Cybersecurity researchers disclosed details of what they say is the "largest botnet" observed in the wild in the last six years, infecting over 1.6 million devices primarily located in China, with the goal of launching distributed denial-of-service DDoS attacks and inserting advertisements into...

Police Arrest Suspected Ransomware Hackers Behind 1,800 Attacks Worldwide

12 people have been detained as part of an international law enforcement operation for orchestrating ransomware attacks on critical infrastructure and large organizations that hit over 1,800 victims across 71 countries since 2019, marking the latest action against cybercrime groups. The arrests...

This New Android Malware Can Gain Root Access to Your Smartphones

An unidentified threat actor has been linked to a new Android malware strain that features the ability to root smartphones and take complete control over infected smartphones while simultaneously taking steps to evade detection. The malware has been named "AbstractEmu" owing to its use of code...

New 'Shrootless' Bug Could Let Attackers Install Rootkit on macOS Systems

Microsoft on Thursday disclosed details of a new vulnerability that could allow an attacker to bypass security restrictions in macOS and take complete control of the device to perform arbitrary operations on the device without getting flagged by traditional security solutions. Dubbed "Shrootless"...

Winter is Coming for CentOS 8

Winter is Coming for CentOS 8—but here is how you can enjoy your holidays after all. The server environment is complex and if you're managing thousands of Linux servers, the last thing you want is for an operating system vendor to do something completely unexpected. That is exactly what Red Hat,...

Russian TrickBot Gang Hacker Extradited to U.S. Charged with Cybercrime

A Russian national, who was arrested in South Korea last month and extradited to the U.S. on October 20, appeared in a federal court in the state of Ohio on Thursday to face charges for his alleged role as a member of the infamous TrickBot group. Court documents showed that Vladimir Dunaev, 38,...

Google Releases Urgent Chrome Update to Patch 2 Actively Exploited 0-Day Bugs

Google on Thursday rolled out an emergency update for its Chrome web browser, including fixes for two zero-day vulnerabilities that it says are being actively exploited in the wild. Tracked as CVE-2021-38000 and CVE-2021-38003, the weaknesses relate to insufficient validation of untrusted input i...

A Guide to Shift Away from Legacy Authentication Protocols in Microsoft 365

Microsoft 365 M365, formerly called Office 365 O365, is Microsoft's cloud strategy flagship product with major changes ahead, such as the deprecation of their legacy authentication protocols. Often stored on or saved to the device, Basic Authentication protocols rely on sending usernames and...

Israeli Researcher Cracked Over 3,500 Wi-Fi Networks in Tel Aviv City

Over 70% of Wi-Fi networks from a sample size of 5,000 were hacked with "relative ease" in the Israeli city of Tel Aviv, highlighting how unsecure Wi-Fi passwords can become a gateway for serious threats to individuals, small businesses, and enterprises alike. CyberArk security researcher Ido...

New Wslink Malware Loader Runs as a Server and Executes Modules in Memory

Cybersecurity researchers on Wednesday took the wraps off a "simple yet remarkable" malware loader for malicious Windows binaries targeting Central Europe, North America and the Middle East. Codenamed "Wslink" by ESET, this previously undocumented malware stands apart from the rest in that it run...

Malicious NPM Libraries Caught Installing Password Stealer and Ransomware

Malicious actors have yet again published two more typosquatted libraries to the official NPM repository that mimic a legitimate package from Roblox, the game company, with the goal of distributing stealing credentials, installing remote access trojans, and infecting the compromised systems with...

Hackers Using Squirrelwaffle Loader to Deploy Qakbot and Cobalt Strike

A new spam email campaign has emerged as a conduit for a previously undocumented malware loader that enables the attackers to gain an initial foothold into enterprise networks and drop malicious payloads on compromised systems. "These infections are also used to facilitate the delivery of...

[eBook] The Guide to Centralized Log Management for Lean IT Security Teams

One of the side effects of today’s cyber security landscape is the overwhelming volume of data security teams must aggregate and parse. Lean security teams don’t have it any easier, and the problem is compounded if they must do it manually. Data and log management are essential for organizations ...

Cyber Attack in Iran Reportedly Cripples Gas Stations Across the Country

A cyber attack in Iran left petrol stations across the country crippled, disrupting fuel sales and defacing electronic billboards to display messages challenging the regime's ability to distribute gasoline. Posts and videos circulated on social media showed messages that said, "Khamenei! Where is...

Latest Report Uncovers Supply Chain Attacks by North Korean Hackers

Lazarus Group, the advanced persistent threat APT group attributed to the North Korean government, has been observed waging two separate supply chain attack campaigns as a means to gain a foothold into corporate networks and target a wide range of downstream entities. The latest...

Over 10 Million Android Users Targeted With Premium SMS Scam Apps

A global fraud campaign has been found leveraging 151 malicious Android apps with 10.5 million downloads to rope users into premium subscription services without their consent and knowledge. The premium SMS scam campaign — dubbed "UltimaSMS" — is believed to commenced in May 2021 and involved app...

Malicious Firefox Add-ons Block Browser From Downloading Security Updates

Mozilla on Monday disclosed it blocked two malicious Firefox add-ons installed by 455,000 users that were found misusing the Proxy API to impede downloading updates to the browser. The two extensions in question, named Bypass and Bypass XM, "interfered with Firefox in a way that prevented users w...

New Attack Lets Hackers Collect and Spoof Browser's Digital Fingerprints

A "potentially devastating and hard-to-detect threat" could be abused by attackers to collect users' browser fingerprinting information with the goal of spoofing the victims without their knowledge, thus effectively compromising their privacy. Academics from Texas A&M University dubbed the attack...

Hardware-grade enterprise authentication without hardware: new SIM security solution for IAM

The average cost of a data breach, according to the latest research by IBM, now stands at USD 4.24 million, the highest reported. The leading cause? Compromised credentials, often caused by human error. Although these findings continue to show an upward trend in the wrong direction, the challenge...

Microsoft Warns of Continued Supply-Chain Attacks by the Nobelium Hacker Group

Nobelium, the threat actor behind the SolarWinds compromise in December 2020, has been behind an ongoing wave of attacks that compromised 14 downstream customers of multiple cloud service providers CSP, managed service providers MSP, and other IT services organizations, illustrating the adversary...

Hackers Exploited Popular BillQuick Billing Software to Deploy Ransomware

Cybersecurity researchers on Friday disclosed a now-patched critical vulnerability in multiple versions of a time and billing system called BillQuick that's being actively exploited by threat actors to deploy ransomware on vulnerable systems. CVE-2021-42258, as the flaw is being tracked as,...

NYT Journalist Repeatedly Hacked with Pegasus after Reporting on Saudi Arabia

The iPhone of New York Times journalist Ben Hubbard was repeatedly hacked with NSO Group's Pegasus spyware tool over a three-year period stretching between June 2018 to June 2021, resulting in infections twice in July 2020 and June 2021. The University of Toronto's Citizen Lab, which publicized t...

Microsoft Warns of TodayZoo Phishing Kit Used in Extensive Credential Stealing Attacks

Microsoft on Thursday disclosed an "extensive series of credential phishing campaigns" that takes advantage of a custom phishing kit that stitched together components from at least five different widely circulated ones with the goal of siphoning user login information. The tech giant's Microsoft...

Feds Reportedly Hacked REvil Ransomware Group and Forced it Offline

The Russian-led REvil ransomware gang was felled by an active multi-country law enforcement operation that resulted in its infrastructure being hacked and taken offline for a second time earlier this week, in what's the latest action taken by governments to disrupt the lucrative ecosystem. The...

Popular NPM Package Hijacked to Publish Crypto-mining Malware

The U.S. Cybersecurity and Infrastructure Security Agency on Friday warned of crypto-mining and password-stealing malware embedded in "UAParser.js," a popular JavaScript NPM library with over 6 million weekly downloads, days after the NPM repository moved to get rid of three rogue packages that...

'Lone Wolf' Hacker Group Targeting Afghanistan and India with Commodity RATs

A new malware campaign targeting Afghanistan and India is exploiting a now-patched, 20-year-old flaw affecting Microsoft Office to deploy an array of commodity remote access trojans RATs that allow the adversary to gain complete control over the compromised endpoints. Cisco Talos attributed the...

Hackers Set Up Fake Company to Get IT Experts to Launch Ransomware Attacks

The financially motivated FIN7 cybercrime gang has masqueraded as yet another fictitious cybersecurity company called "Bastion Secure" to recruit unwitting software engineers under the guise of penetration testing in a likely lead-up to a ransomware scheme. "With FIN7's latest fake company, the...

Researchers Discover Microsoft-Signed FiveSys Rootkit in the Wild

A newly identified rootkit has been found with a valid digital signature issued by Microsoft that's used to proxy traffic to internet addresses of interest to the attackers for over a year targeting online gamers in China. Bucharest-headquartered cybersecurity technology company Bitdefender named...