After PoC exploits were published online, several botnets are now abusing the RCE vulnerability in Atlassian Confluence Server and Data Center installs to infect Linux servers. The botnets Kinsing, Hezb, and Dark[.]IoT have been identified to be targeting exposed Linux servers and delivering backdoors and cryptominers. Admins are suggested to update their servers as soon as possible to avoid infection.
Symbiote, a new kind of Linux malware, was found to be almost undetectable by operating as a userland-level rootkit, making detection challenging for several security solutions. Its main targets include the financial sector in Latin America and the Federal police of Brazil. Experts suggest admins use network telemetry to identify anomalous DNS requests.
Aoqin Dragon, a previously unknown Chinese-speaking threat actor, was found conducting cyberespionage against the government, telecom, and education sectors in Australia and Southeast Asia, since at least 2013. It obtains initial access via document exploits and fake removable devices. SentinelLabs observed two different backdoors used by the threat group, Mongall and a modified version of Heyoka.
Researchers laid bare a massive phishing scam that abused Facebook and Messenger to trick millions of users into blurting out their account credentials while forcing them to see advertisements. The phishing messages used genuine URL generation services, through legitimate apps, which are hard to block using security products. To stay safe, users are suggested to stay vigilant and enable two-factor authentication.
Soon after active exploitation was reported in the wild and Atlassian patched the bug, proof-of-concept exploits were also leaked online, lowering the skill level required for exploitation even further.
Cybersecurity researchers have disclosed details of two medium-security flaws in Mitel 6800/6900 desk phones that, if successfully exploited, could allow an attacker to gain root privileges on the devices.
The US has acknowledged it assisted Ukraine to shore up its cyber defences, conducted information operations, and took offensive actions during Russia's illegal invasion.
A group of academics at the University of Hamburg (Germany) demonstrated that it is possible to use WiFi connection probe requests to identify and track devices and thereby their users.
Water may be the greatest vulnerability in our national infrastructure, said Samantha Ravich, chair of CCTI. Much of the problem lies in just how decentralized water systems are, she explained.
Researchers from Wiz, who previously found a series of four serious flaws in Azure's Open Management Infrastructure (OMI) agent dubbed "OMIGOD."Wiz has published a list of 12 agents installed secretly, just like OMI, on Azure, AWS, and Google Cloud.
The Coalition to Reduce Cyber Risk (CR2) announced this week that it has been joined by 37 organizations across eight countries in signing a pledge to improve cyber resilience and combat threats such as ransomware.
Several PyPI packages, including 'keep,' 'pyanxdns,' and 'api-res-py,' were found to be containing a backdoor due to the presence of malicious 'request' dependency within some versions.
Capital markets regulator Sebi on Thursday tweaked the cyber security and cyber resilience framework for asset management companies (AMCs) and mandated them to conduct a comprehensive cyber audit at least twice in a financial year.
A threat actor known as SeaFlower has been targeting Android and iOS users as part of an extensive campaign that mimics official cryptocurrency wallet websites intending to distribute backdoored apps that drain victims' funds.
A series of two batches of data the Aqua Security researchers accessed using the Travis CI programming interface yielded 4.28 million and 770 million logs from 2013 through May 2022.
The Shoprite Group said on Friday evening it had become aware of a suspected data compromise, including names and ID numbers, which may affect some customers who engaged in money transfers to and within Eswatini and within Namibia and Zambia.
The FBI and DOJ officials were able to obtain a trove of information on the group after seizing NetWalker’s backend servers in Bulgaria during an investigation throughout 2020.
Deepwatch released the State of the Modern SOC report, which found that most IT security professionals believe they could have stopped business impacting cyber events if equipped with better response capabilities.
Syslogk can force-load its modules into the Linux kernel (versions 3.x are supported), hide directories and network traffic, and eventually load a backdoor called ‘Rekoobe.’
A Chinese APT known as Gallium has been observed using a previously undocumented remote access trojan in its espionage attacks targeting companies operating in Southeast Asia, Europe, and Africa.
In a panel session at the RSA Conference 2022, a panel of experts discussed the implications and the opportunities for the US Department of Defense's Cybersecurity Maturity Model Certification (CMMC) Program.
The bad practices highlighted by CISA include the use of unsupported or end-of-life software, the use of known/fixed/default credentials, and the use of single-factor authentication for remote or administrative access.
CERT-UA says that Russian hackers launched a new malicious email campaign leveraging Follina and targeted more than 500 recipients at various media organizations in Ukraine, including radio stations and newspapers.
Three PyPI packages were found to contain a backdoor due to a malicious dependency within certain versions, thereby exposing users to supply chain attacks. The threat included with the ‘Keep’ package is pretty high as it particularly receives over 8,000 downloads per week on average. Even if PyPI did remove show more ...
the request package, there are chances that many mirror sites did not entirely remove it, thus there is a threat that it could still be installed.
The Iranian state-sponsored threat actor tracked under the moniker Lyceum has turned to using a new custom .NET-based backdoor in recent campaigns directed against the Middle East. "The new malware is a .NET based DNS Backdoor which is a customized version of the open source tool 'DIG.net,'" Zscaler show more ...
ThreatLabz researchers Niraj Shivtarkar and Avinash Kumar said in a report published last week. "
Windows and Linux systems are being targeted by a ransomware variant called HelloXD, with the infections also involving the deployment of a backdoor to facilitate persistent remote access to infected hosts. "Unlike other ransomware groups, this ransomware family doesn't have an active leak site; instead it prefers to direct the impacted victim to negotiations through Tox chat and onion-based
A technically sophisticated threat actor known as SeaFlower has been targeting Android and iOS users as part of an extensive campaign that mimics official cryptocurrency wallet websites intending to distribute backdoored apps that drain victims' funds. Said to be first discovered in March 2022, the cluster of activity "hint[s] to a strong relationship with a Chinese-speaking entity yet to be
A Chinese advanced persistent threat (APT) known as Gallium has been observed using a previously undocumented remote access trojan in its espionage attacks targeting companies operating in Southeast Asia, Europe, and Africa. Called PingPull, the "difficult-to-detect" backdoor is notable for its use of the Internet Control Message Protocol (ICMP) for command-and-control (C2) communications,
Cybersecurity researchers have disclosed details of two medium-security flaws in Mitel 6800/6900 desk phones that, if successfully exploited, could allow an attacker to gain root privileges on the devices. Tracked as CVE-2022-29854 and CVE-2022-29855 (CVSS score: 6.8), the access control issues were discovered by German penetration testing firm SySS, following which patches were shipped in May
BPFDoor isn't new to the cyberattack game — in fact, it's gone undetected for years — but PwC researchers discovered the piece of malware in 2021. Subsequently, the cybersecurity community is learning more about the stealthy nature of malware, how it works, and how it can be prevented. What's BPFDoor? BPFDoor is a piece of malware associated with China-based threat actor Red Menshen that has hit
The transition to a digital-first world enables us to connect, work and live in a realm where information is available at our fingertips. The children of today will be working in an environment of tomorrow that is shaped by hyperconnectivity. Operating in this environment means our present and future generations need show more ...
to understand the importance of being aware of the benefits and risks of an interconnected world. Establishing a cyber resilient mindset is the first step towards navigating and thriving in this digital-first world. Cyber resilience is the continuous access to personal and business information, even in an era of unprecedented cyber threats. This mindset is especially relevant for children, given their ongoing interaction with the online world through existing and emerging social media platforms, gaming sites and learning avenues. As the usage and reliance on technology to educate and entertain increases, so too does the risk of being exposed to threats. That’s why it’s so important for families to develop good cyber resilience habits while engaging online. Cyber Resilience patch program To help instill cyber awareness, the Girl Scouts of Greater Chicago and Northwest Indiana (GSGCNWI) and OpenText have collaborated to create a Cyber Resilience patch program to empower the Girl Scouts of today for leadership in a digital world tomorrow. This partnership will help raise awareness of the dangers that exist online and the importance of becoming cyber resilient. The Cyber Resilience patch program provides Girl Scouts with the opportunity to engage in fun and educational hands-on activities that ignite awareness and create better online behaviors. The aim of the program is to educate Girl Scouts through lessons that focus on simulations of existing and emerging threats, how to safely preserve important files and memories and what to look out for when browsing online. General tips for children and parents Staying resilient against ongoing threats means adopting important ways of protecting our personal information. Password integrity: Develop a password that is difficult to predict. Use a password generator, enable two-factor authentication (2FA) as much as possible and don’t reuse passwords from multiple logins. Back up personal data: Your photos and videos are precious. If you don’t secure them, you may lose them. Backing up your files means having a second copy available if something happens to your laptop, tablet or phone. Enable a Virtual Private Network (VPN): Protect your connection and location from malicious hackers, targeted ads and others who try to spy and track your every move online. Invest in security awareness training: Engaging in real-world simulations will help increase your cyber know-how. Building a better future through cyber resilience Creating leaders of tomorrow who are empowered and cyber aware begins with establishing cyber resilience today. Families and children should be working towards a better, more agile understanding of the risks to our personal information. Protecting the photos, videos and files that matter to us is important. Keeping our personal identities safe is vital. OpenText remains committed to not only helping organizations find value in their data but also bolstering female leadership and diversity. The partnership between OpenText and GSGCNWI will help instill the importance of developing cyber safe behaviors now and for the future. The post Girl Scouts and OpenText empower future leaders of tomorrow with cyber resilience appeared first on Webroot Blog.
