LimeRAT Malware Analysis: Extracting the Config
Remote Access Trojans (RATs) have taken the third leading position in ANY. RUN's Q1 2023 report on the most prevalent...
News
RTM Locker’s First Linux Ransomware Strain Targeting NAS and ESXi Hosts
The threat actors behind RTM Locker have developed a ransomware strain that's capable of targeting Linux machines, marking the group's...
Microsoft Confirms PaperCut Servers Used to Deliver LockBit and Cl0p Ransomware
Microsoft has confirmed that the active exploitation of PaperCut servers is linked to attacks that are designed to deliver Cl0p...
Chinese hackers use new Linux malware variants for espionage
Hackers are deploying new Linux malware variants in cyberespionage attacks, such as a new PingPull variant and a previously undocumented...
Google disrupts the CryptBot info-stealing malware operation
Google is taking down malware infrastructure linked to the Cryptbot info stealer after suing those using it to infect Google Chrome users...
Thousands of Apache Superset servers exposed to RCE attacks
Apache Superset is vulnerable to authentication bypass and remote code execution at default configurations, allowing attackers to potentially access and...
PrestaShop fixes bug that lets any backend user delete databases
The open-source e-commerce platform PrestaShop has released a new version that addresses a critical-severity vulnerability allowing any back-office user to...
Cisco discloses XSS zero-day flaw in server management tool
Cisco disclosed today a zero-day vulnerability in the company's Prime Collaboration Deployment (PCD) software that can be exploited for cross-site...
Tencent QQ users hacked in mysterious malware attack, says ESET
A Chinese APT hacking group known as 'Evasive Panda' is linked to a mysterious attack that distributed the MsgBot malware as...
Clop, LockBit ransomware gangs behind PaperCut server attacks
Microsoft has attributed recent attacks on PaperCut servers to the Clop and LockBit ransomware operations, which used the vulnerabilities to...
Ukrainian arrested for selling data of 300M people to Russians
The Ukrainian cyber police have arrested a 36-year-old man from the city of Netishyn for selling the personal data and...
US-CERT Vulnerability Summary for the Week of April 17, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
Chinese Hackers Using MgBot Malware to Target International NGOs in Mainland China
The advanced persistent threat (APT) group referred to as Evasive Panda has been observed targeting an international non-governmental organization (NGO)...
Chinese Hackers Spotted Using Linux Variant of PingPull in Targeted Cyberattacks
The Chinese nation-state group dubbed Alloy Taurus is using a Linux variant of a backdoor called PingPull as well as...
Charming Kitten’s New BellaCiao Malware Discovered in Multi-Country Attacks
The prolific Iranian nation-state group known as Charming Kitten is actively targeting multiple victims in the U.S., Europe, the Middle...
Browser Security Survey: 87% of SaaS Adopters Exposed to Browser-borne Attacks
The browser serves as the primary interface between the on-premises environment, the cloud, and the web in the modern enterprise....
Apache Superset Vulnerability: Insecure Default Configuration Exposes Servers to RCE Attacks
The maintainers of the Apache Superset open source data visualization software have released fixes to plug an insecure default configuration...
VMware Releases Critical Patches for Workstation and Fusion Software
VMware has released updates to resolve multiple security flaws impacting its Workstation and Fusion software, the most critical of which...
VMware fixes critical zero-day exploit chain used at Pwn2Own
VMware has released security updates to address zero-day vulnerabilities that could be chained to gain code execution systems running unpatched...
New SLP bug can lead to massive 2,200x DDoS amplification attacks
A new reflective Denial-of-Service (DoS) amplification vulnerability in the Service Location Protocol (SLP) allows threat actors to launch massive denial-of-service...
TP-Link Archer WiFi router flaw exploited by Mirai malware
The Mirai malware botnet is actively exploiting a TP-Link Archer A21 (AX1800) WiFi router vulnerability tracked as CVE-2023-1389 to incorporate...
US-CERT Vulnerability Summary for the Week of April 17, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
New SLP Vulnerability Could Let Attackers Launch 2200x Powerful DDoS Attacks
Details have emerged about a high-severity security vulnerability impacting Service Location Protocol (SLP) that could be weaponized to launch volumetric...
Iranian Hackers Launch Sophisticated Attacks Targeting Israel with PowerLess Backdoor
An Iranian nation-state threat actor has been linked to a new wave of phishing attacks targeting Israel that's designed to...
