Most notably, they used an altered version of Ligolo—Sockbot—a reverse tunneling tool that is available on GitHub. Along with it, they used another custom tool to dump credentials from LSASS.
The campaign spotted by ASEC targets the gaming community of Valorant, a free first-person shooter for Windows, offering a link to download an auto-aiming bot on the video description.
"We had to briefly close the website. The attack has been repelled, and now the website is functioning again and all information about the corporation is available in full," Rostec told Interfax.
In November 2021, the Emotet trojan reportedly made a strong comeback with the help of TrickBot. Since that time, the trojan has matured with new functions and modules to target more organizations. According to Black Lotus Labs’ telemetry, the trojan has infected approximately 130,000 systems across 179 countries in the last 4 months.
Dubbed Spectre-BHI (Branch History Injection), the new speculative injection attack was first demonstrated by VuSec researchers in collaboration with Intel. It's a variant of Spectre-BTI (Branch Target Injection) discovered in 2017.
Tracked as CVE-2022-25636 (CVSS score: 7.8), the vulnerability impacts Linux kernel versions 5.4 through 5.6.10 and is a result of a heap out-of-bounds write in the netfilter subcomponent in the kernel.
New findings from Cylera showcase the overlapping source code and techniques between the operators of Shamoon and Kwampirs, indicating that they are the same group or really close collaborators.
In January this year, he pleaded guilty before a Canadian judge to: mischief in relation to computer data; extortion; and participating in a criminal organization. He was sentenced to seven years in jail.
The genesis of this resource was the recognition that medical device cybersecurity responsibility and accountability between Medical Device Manufacturers (MDM’s) and Health Delivery Organizations (HDO’s) is complicated by many conflicting factors.
LockBit ransomware gang claimed to have compromised the network of Bridgestone Americas, one of the largest manufacturers of tires, and stolen internal data from the company.
The malware TTP and their capabilities remain the same observed in 2019, but the trojan loader – the VBS files – propagated along with the new campaign has significant differences.
AMD last week informed customers that it has updated mitigations for a variant of the Spectre side-channel attack. The update comes in response to research conducted by Intel.
The gaming giant, headquartered in Montreuil, France, said on March 10 that the incident took place earlier this month, causing "temporary disruption to some of our games, systems, and services."
On March 14, Denso said that four days prior, a third party had "illegally accessed" the firm's network. When the intrusion was detected, the automotive giant cut off the connection.
Crowdstrike reported a threat group named Prophet Spider that is abusing an RCE vulnerability in Citrix ShareFile to compromise Microsoft's Internet Information Services webserver. The relative path-traversal vulnerability (CVE-2021-22941) was disclosed in ShareFile Zones Storage Controller. Organizations are advised to always follow a proper patch management program.
The German subsidiary of Russian energy giant Rosneft has been hit by a cyberattack, the Federal Office for Information Security (BSI) said on Monday, with hacker group Anonymous claiming responsibility.
The malware takes advantage of a template from the Portuguese Tax services (Autoridade Tributária e Aduaneira) to disseminate the threat in the wild. Maxtrilha uses the same templates to target users.
Researchers from a number of organizations confirmed that attackers have been exploiting Mitel enterprise collaboration products to amplify DDoS attacks by 4 billion times from a single packet. The exploitation of the flaw began on February 18 and mainly reflected onto ports 80 and 443. Those on the receiving end of the attack are recommended to use DDoS defenses as well.
SDCA admitted that an unnamed attacker broke into its systems and had access to confidential databases for three days between January 2, 2022, and January 5, 2022, before the breach was detected and thwarted.
The flaws were identified in the Veeam Distribution Service, which by default listens to TCP port 9380 and allows even unauthenticated users to access internal API functions.
The main goal of the trojan is to steal enough information to allow the threat actors to take over victims' bank accounts, siphon available balances, and perform unauthorized transactions.
A Chinese-backed threat group has been observed targeting European diplomatic entities indulging in refugee and migrant services. The group takes advantage of web bugs to profile its targets. An analysis revealed that the threat group is using an updated version of PlugX malware. To stay protected, organizations should stay alert and check their security solutions against such crimes.
Ubuntu Security Notice 5325-1 - Sam Foxman discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this issue to regain dropped privileges. It was discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.
Red Hat Security Advisory 2022-0841-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only show more ... the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include denial of service, privilege escalation, and use-after-free vulnerabilities.
Ubuntu Security Notice 5324-1 - It was discovered that libxml2 incorrectly handled certain XML files. An attacker could use this issue to cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code.
The web panel in Hades RAT malware suffers from a cross site scripting vulnerability.
Ubuntu Security Notice 5323-1 - It was discovered that NBD incorrectly handled name length fields. A remote attacker could use this issue to cause NBD to crash, resulting in a denial of service, or possibly execute arbitrary code.
The web panel in Hades RAT malware suffers from an information disclosure vulnerability.
Red Hat Security Advisory 2022-0843-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.7.0. Issues addressed include bypass, code execution, integer overflow, out of bounds write, and use-after-free vulnerabilities.
WordPress Core versions 5.9.0 through 5.9.1 suffer from a persistent cross site scripting vulnerability.
Red Hat Security Advisory 2022-0845-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.7.0. Issues addressed include bypass, code execution, integer overflow, out of bounds write, and use-after-free vulnerabilities.
The web panel in the Hades RAT malware suffers from an insecure credential storage vulnerability.
Red Hat Security Advisory 2022-0847-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.7.0. Issues addressed include bypass, code execution, integer overflow, out of bounds write, and use-after-free vulnerabilities.
Red Hat Security Advisory 2022-0849-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include denial of service, privilege escalation, and use-after-free vulnerabilities.
RedLine.MainPanel malware suffers from an insecure permissions vulnerability.
Red Hat Security Advisory 2022-0850-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.7.0. Issues addressed include bypass, code execution, integer overflow, out of bounds write, and use-after-free vulnerabilities.
Red Hat Security Advisory 2022-0851-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.
Red Hat Security Advisory 2022-0853-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.7.0. Issues addressed include bypass, code execution, integer overflow, out of bounds write, and use-after-free vulnerabilities.
Automatic Question Paper Generator System version 1.0 suffers from a persistent cross site scripting vulnerability.
VIVE Runtime Service version 1.0.0.4 suffers from an unquoted service path vulnerability.
Automatic Question Paper Generator System version 1.0 suffers from an insecure direct object reference that allows an attacker to reset the password of other users.
Student Grading System version 1.0 suffers from a remote SQL injection vulnerability.
Insurance Management System version 1.0 suffers from a remote SQL injection vulnerability.
Baixar GLPI Project 9.4.6 suffers from a remote SQL injection vulnerability.
New findings released last week showcase the overlapping source code and techniques between the operators of Shamoon and Kwampirs, indicating that they "are the same group or really close collaborators." "Research evidence shows identification of co-evolution between both Shamoon and Kwampirs malware show more ... families during the known timeline," Pablo Rincón Crespo of Cylera Labs said. "If Kwampirs is
French video game company Ubisoft on Friday confirmed it was a victim of a "cyber security incident," causing temporary disruptions to its games, systems, and services. The Montreuil-headquartered firm said that an investigation into the breach was underway and that it has initiated a company-wide password reset as a precautionary measure. "Also, we can confirm that all our games and services
As much as threat mitigation is to a degree a specialist task involving cybersecurity experts, the day to day of threat mitigation often still comes down to systems administrators. For these sysadmins it's not an easy task, however. In enterprise IT, sysadmins teams have a wide remit but limited resources. For systems administrators finding the time and resources to mitigate against a growing
A Russian-speaking ransomware outfit likely targeted an unnamed entity in the gambling and gaming sector in Europe and Central America by repurposing custom tools developed by other APT groups like Iran's MuddyWater, new research has found. The unusual attack chain involved the abuse of stolen credentials to gain unauthorized access to the victim network, ultimately leading to the deployment of
A newly disclosed security flaw in the Linux kernel could be leveraged by a local adversary to gain elevated privileges on vulnerable systems to execute arbitrary code, escape containers, or induce a kernel panic. Tracked as CVE-2022-25636 (CVSS score: 7.8), the vulnerability impacts Linux kernel versions 5.4 through 5.6.10 and is a result of a heap out-of-bounds write in the netfilter
Many of us might need a helping hand to defeat our video game rivals, but you could end up shooting yourself in the foot.
