ATMZOW JS Sniffer Campaign Linked to Hancitor Malware
Group-IB specialists collected information about ATMZOW’s recent activity and found ties with a phishing campaign targeting clients of a US bank based on the same JS obfuscation technique.
Group-IB specialists collected information about ATMZOW’s recent activity and found ties with a phishing campaign targeting clients of a US bank based on the same JS obfuscation technique.
Kaspersky, with medium confidence, linked the Maui ransomware to the Andariel APT gang, a division of Lazarus APT. The threat actor also used the DTrack malware variant 10 hours prior to deploying Maui. Recently, the FBI issued warnings regarding Maui ransomware and shared IoCs pointing fingers at North Korean threat actors.
Not only is this the third such record-breaking DDoS flood in the past few months but it comes as Google and other security researchers warn that network-flooding events are getting worse, growing in size and frequency.
Russian hacker group Killnet claimed responsibility for the attack, stating on its Telegram account on Wednesday it had blocked access to more than 200 state and private Estonian institutions.
Cisco has resolved CVE-2022-20871 with the release of AsyncOS for Secure Web Appliance version 14.5.0-537 and plans to release updates for versions 12.5 and 14.0 of the appliance as well.
Security researcher Dominic Alvieri said that LockBit had created a dedicated data leak page for Entrust on their website, stating that they would publish all of the stolen data tomorrow evening.
To find vulnerabilities in targeted networks or spread laterally within them, hackers used a mixture of commodity and specialized software, such as Acunetix, Nmap, SQLmap, OneForAll, subdomain3, subDomainsBrute, Sublist3r, and Cobalt Strike.
It's common for malware-laden apps to look clean enough to bypass app store protections because they only connect to the servers where they receive the malicious download after they have been installed on the user's device.
Cybercriminals have been building phishing pages on AWS. By sending a link to such a page through a phishing email, the scammers are able to bypass security tools and convince the recipient to share credentials for sensitive accounts.
The researchers specifically announced new detection algorithms based on their findings for the open source memory forensics framework Volatility. Memory forensics was very different five or six years ago.
Both sides discussed recent cyber threats, countermeasures and ways to develop cyber cooperation between Seoul and Washington. The cyber commands also signed a memorandum of understanding on “cooperation and development in cyberspace operations.
Ransomware attacks on the [health care and public health] sector have skyrocketed in the past two years as opportunistic criminals recognized that hospitals may pay quickly to resolve issues and protect patient safety, the letter states.
The SAP vulnerability added to CISA’s list, tracked as CVE-2022-22536, was patched by the vendor in February in NetWeaver Application Server ABAP, NetWeaver Application Server Java, ABAP Platform, Content Server 7.53 and Web Dispatcher.
Spear-phishing campaigns containing malicious Microsoft Office documents are the preferred delivery pathway for malware, followed by taking advantage of macros and other known vulnerabilities in the productivity software to launch the backdoor.
Transposh WordPress Translation versions 1.0.8.1 and below suffer from an incorrect authorization vulnerability.
Apple Security Advisory 2022-08-18-1 - Safari 15.6.1 addresses code execution and out of bounds write vulnerabilities.
Apple Security Advisory 2022-08-17-1 - iOS 15.6.1 and iPadOS 15.6.1 addresses code execution and out of bounds write vulnerabilities.
Apple Security Advisory 2022-08-17-2 - macOS Monterey 12.5.1 addresses code execution and out of bounds write vulnerabilities.
FLIR AX8 versions 1.46.16 and below suffer from command injection, directory traversal, improper access control, and cross site scripting vulnerabilities.
Chrome suffers from a heap use-after-free vulnerability in content::ServiceWorkerVersion::MaybeTimeoutRequest. Google Chrome version 103.0.5060.53 and Chromium version 105.0.5134.0 are affected.
FLIR AX8 versions 1.46.16 and below unauthenticated remote OS command injection exploit.
Ubuntu Security Notice 5573-1 - Evgeny Legerov discovered that zlib incorrectly handled memory when performing certain inflate operations. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code.
Red Hat Security Advisory 2022-6051-01 - An update is now available for RHOL-5.5-RHEL-8. Issues addressed include denial of service, man-in-the-middle, and out of bounds read vulnerabilities.
Red Hat Security Advisory 2022-6113-01 - Red Hat Application Interconnect 1.0 introduces a service network, linking TCP and HTTP services across the hybrid cloud. A service network enables communication between services running in different network locations or sites. It allows geographically distributed services to show more ...
Ubuntu Security Notice 5572-1 - Roger Pau Monné discovered that the Xen virtual block driver in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information. Roger Pau Monné discovered that the Xen show more ...
Ubuntu Security Notice 5571-1 - Sven Klemm discovered that PostgreSQL incorrectly handled extensions. An attacker could possibly use this issue to execute arbitrary code when extensions are created or updated.
A financially motivated cybercrime group has been linked to an ongoing wave of attacks aimed at hospitality, hotel, and travel organizations in Latin America with the goal of installing malware on compromised systems. Enterprise security firm Proofpoint, which is tracking the group under the name TA558 dating all the way back to April 2018, called it a "small crime threat actor." "Since 2018,
Google's cloud division on Thursday disclosed it mitigated a series of HTTPS distributed denial-of-service (DDoS) attacks which peaked at 46 million requests per second (RPS), making it the largest such recorded to date. The attack, which occurred on June 1, targeting an unnamed Google Cloud Armor customer, is 76% larger than the 26 million RPS DDoS attack repealed by Cloudflare earlier this
Retail giant Amazon patched a high-severity security issue in its Ring app for Android in May that could have enabled a rogue application installed on a user's device to access sensitive information and camera recordings. The Ring app for Android has over 10 million downloads and enables users to monitor video feeds from smart home devices such as video doorbells, security cameras, and alarm
The Donot Team threat actor has updated its Jaca Windows malware toolkit with improved capabilities, including a revamped stealer module designed to plunder information from Google Chrome and Mozilla Firefox browsers. The improvements also include a new infection chain that incorporates previously undocumented components to the modular framework, Morphisec researchers Hido Cohen and Arnold