New P2PInfect Worm Targets Redis Servers with Undocumented Breach Methods
The P2PInfect peer-to-peer (P2) worm has been observed employing previously undocumented initial access methods to breach susceptible Redis servers and...
News
Patchwork Hackers Target Chinese Research Organizations Using EyeShell Backdoor
Threat actors associated with the hacking crew known as Patchwork have been spotted targeting universities and research organizations in China...
AVRecon Botnet Leveraging Compromised Routers to Fuel Illegal Proxy Service
More details have emerged about a botnet called AVRecon, which has been observed making use of compromised small office/home office...
Webinar: Riding the vCISO Wave: How to Provide vCISO Services
Demand for Virtual CISO services is soaring. According to Gartner, the use of vCISO services among small and mid-size businesses...
RFP Template for Browser Security
Increasing cyber threats and attacks have made protecting organizational data a paramount concern for businesses of all sizes. A group...
STARK#MULE Targets Koreans with U.S. Military-themed Document Lures
An ongoing cyber attack campaign has set its sights on Korean-speaking individuals by employing U.S. Military-themed document lures to trick...
Hackers Deploy “SUBMARINE” Backdoor in Barracuda Email Security Gateway Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday disclosed details of a "novel persistent backdoor" called SUBMARINE deployed...
IcedID Malware Adapts and Expands Threat with Updated BackConnect Module
The threat actors linked to the malware loader known as IcedID have made updates to the BackConnect (BC) module that's...
Multiple Flaws Found in Ninja Forms Plugin Leave 800,000 Sites Vulnerable
Multiple security vulnerabilities have been disclosed in the Ninja Forms plugin for WordPress that could be exploited by threat actors...
Fruity Trojan Uses Deceptive Software Installers to Spread Remcos RAT
Threat actors are creating fake websites hosting trojanized software installers to trick unsuspecting users into downloading a downloader malware called...
New Android Malware CherryBlos Utilizing OCR to Steal Sensitive Data
A new Android malware strain called CherryBlos has been observed making use of optical character recognition (OCR) techniques to gather...
Ivanti Warns of Another Endpoint Manager Mobile Vulnerability Under Active Attack
Ivanti has disclosed yet another security flaw impacting Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core, that it said...
Apple Sets New Rules for Developers to Prevent Fingerprinting and Data Misuse
Apple has announced plans to require developers to submit reasons to use certain APIs in their apps starting later this...
New Android malware uses OCR to steal credentials from images
Two new Android malware families named 'CherryBlos' and 'FakeTrade' were discovered on Google Play, aiming to steal cryptocurrency credentials and...
CISA warns of breach risks from IDOR web app vulnerabilities
CISA warned today of the significant breach risks linked to insecure direct object reference (IDOR) vulnerabilities impacting web applications in...
Hawai’i Community College pays ransomware gang to prevent data leak
The Hawaiʻi Community College has admitted that it paid a ransom to ransomware actors to prevent the leaking of stolen...
Twitter’s rebranding to ‘X’ triggers Microsoft Edge security alert
Microsoft Edge web browser has been displaying security warnings after Twitter changed its name to 'X'. Amid its rapid rebranding...
Linux version of Abyss Locker ransomware targets VMware ESXi servers
The Abyss Locker operation is the latest to develop a Linux encryptor to target VMware's ESXi virtual machines platform in...
Ivanti patches new zero-day exploited in Norwegian govt attacks
Ivanti has fixed another vulnerability in the Endpoint Manager Mobile software (formerly MobileIron Core), exploited as a zero-day to breach the IT systems...
The Week in Ransomware – July 28th 2023 – New extortion tactics
With ransom payments declining, ransomware gangs are evolving their extortion tactics to utilize new methods to pressure victims. This was...
CISA: New Submarine malware found on hacked Barracuda ESG appliances
CISA says new malware known as Submarine was used to backdoor Barracuda ESG (Email Security Gateway) appliances on federal agencies'...
MOVEit Campaign Claims Millions More Victims
Another 8–11 million individuals are believed to have had their personal information compromised by the Clop ransomware gang after a...
Microsoft Accused of Negligence in Recent Email Compromise
A US Senator has demanded that the Whitehouse holds Microsoft to account for a Chinese cyber campaign that compromised US...
North Korean Hackers Bag Another $100m in Crypto Heists
North Korea’s infamous Lazarus hacking group has been linked to two new attacks on cryptocurrency firms which led to the...
