Cybersecurity News
Dec 6th, 2023 - Threat actors abused a known Adobe ColdFusion bug to carry out two attacks on a U.S. federal agency's systems two months after a mandated deadline to mitigate the vulnerability had passed. The incident was disclosed in a Dec. 5 cybersecurity advisory published by the Cybersecurity and Infrastructure Security Agency (CISA) which did not name the federal civilian executive branch (FCEB) agency involved. The attacks — carried out by either one or two unknown threat groups — exploited ... [Read More]
Source: scmagazine.com
Dec 6th, 2023 - Both incidents targeted outdated and unpatched ColdFusion servers and exploited a known vulnerability. In a new advisory that shows why it's critical to keep Adobe ColdFusion deployments up to date, the US Cybersecurity and Infrastructure Security Agency (CISA) warns that two federal agencies were breached by attackers in June through an unpatched vulnerability in the application server software. The attackers used their access to deploy web shells and collect information that would enable ... [Read More]
Source: csoonline.com
Dec 6th, 2023 - The Seoul Metropolitan Police on Tuesday accused a North Korean hacking group of targeting South Korean companies connected to the defense industry and stealing sensitive information about anti-aircraft weapon systems. In a press release publicizing the investigation into the Andariel hacking group — which has links to the notorious Lazarus Group — police said they seized servers in South Korea used by the group, conducted forensic searches of cellphones and laptops, and had ... [Read More]
Source: therecord.media
Dec 6th, 2023 - Malvertising schemes have been used by the Storm-0216 threat operation, also known as UNC2198 and Twisted Spider, to deploy the Danabot malware to achieve initial systems access before proceeding with the distribution of Cactus ransomware since last month, reports The Record , a news site by cybersecurity firm Recorded Future. "Danabot collects user credentials and other info that it sends to command and control, followed by lateral movement via Remote Desktop Protocol (RDP) sign-in attempts, ... [Read More]
Source: scmagazine.com
Dec 6th, 2023 - Security researchers have identified a new threat involving cracked applications distributed by unauthorized websites, concealing a Trojan-Proxy designed to compromise victims' devices. Cybercriminals have been taking advantage of users seeking free software tools, exploiting their willingness to download from questionable sources, and ultimately exposing them to malware installations. According to a new advisory published by Kaspersky today, the infected applications, presented as ... [Read More]
Source: infosecurity-magazine.com
Dec 5th, 2023 - Overview Recently, we decided to perform some reverse engineering of the SonicWall NSv appliance to identify any potential remote code execution vulnerabilities within the appliance. During our initial analysis of a virtual machine image for the application, we discovered a customized LUKS encryption mechanism meant to hinder reverse engineering of the application. We were able to recover the LUKS decryption key by leveraging Qemu with dynamic analysis/debugging within GDB, however, we still ... [Read More]
Source: securityboulevard.com
Dec 4th, 2023 - New versions of the worm include some novel approaches to infecting routers and internet-of-things devices, according to a report by Cado Security. The gang behind a cloud botnet known for targeting servers running the Redis in-memory storage system dubbed P2Pinfect is now looking to expand into the IoT ecosystem, according to a new report. Researchers have recently come across a variant of the P2Pinfect worm designed to run on Linux devices with MIPS processors. "It's highly likely that by ... [Read More]
Source: csoonline.com
Nov 30th, 2023 - A new version of the ScrubCrypt obfuscation tool is being used to target organizations with the RedLine Stealer malware, fraud sensor network Human Security has warned. Human's Satori Threat Intelligence Team said it has uncovered the new build of ScrubCrypt for sale in dark web marketplaces, and observed it being used to launch account takeover and fraud attacks on its customers via RedLine Stealer. How the New ScrubCrypt Build Works ScrubCrypt is a tool used by threat actors to avoid ... [Read More]
Source: infosecurity-magazine.com
Nov 30th, 2023 - Hackers believed to be based in China are targeting the Uzbekistan Ministry of Foreign Affairs, as well as people in South Korea, with a strain of malware called SugarGh0st, according to a new report. Cisco published a blog on Thursday spotlighting the malware — which they believe is a variant of Gh0st RAT, an infamous tool used for more than a decade by a range of advanced persistent threat (APT) groups in attacks on diplomatic, political, economic, and military targets around the world. ... [Read More]
Source: therecord.media
Nov 29th, 2023 - Threat actors have been observed exploiting a critical vulnerability, CVE-2023-46604, in Apache systems. Over the past few weeks, Fortiguard Labs identified multiple threat actors leveraging this vulnerability to unleash several malware strains. Among the discoveries is the emergence of a newly discovered Golang-based botnet named GoTitan. This sophisticated botnet has raised concerns due to its ability to disseminate diverse malware strains. GoTitan has been observed ... [Read More]
Source: infosecurity-magazine.com
Dec 6th, 2023 - Threat actors abused a known Adobe ColdFusion bug to carry out two attacks on a U.S. federal agency's systems two months after a mandated deadline to mitigate the vulnerability had passed. The incident was disclosed in a Dec. 5 cybersecurity advisory published by the Cybersecurity and Infrastructure Security Agency (CISA) which did not name the federal civilian executive branch (FCEB) agency involved. The attacks — carried out by either one or two unknown threat groups — exploited ... [Read More]
Source: scmagazine.com
Dec 6th, 2023 - Both incidents targeted outdated and unpatched ColdFusion servers and exploited a known vulnerability. In a new advisory that shows why it's critical to keep Adobe ColdFusion deployments up to date, the US Cybersecurity and Infrastructure Security Agency (CISA) warns that two federal agencies were breached by attackers in June through an unpatched vulnerability in the application server software. The attackers used their access to deploy web shells and collect information that would enable ... [Read More]
Source: csoonline.com
Dec 6th, 2023 - The Seoul Metropolitan Police on Tuesday accused a North Korean hacking group of targeting South Korean companies connected to the defense industry and stealing sensitive information about anti-aircraft weapon systems. In a press release publicizing the investigation into the Andariel hacking group — which has links to the notorious Lazarus Group — police said they seized servers in South Korea used by the group, conducted forensic searches of cellphones and laptops, and had ... [Read More]
Source: therecord.media
Dec 6th, 2023 - Malvertising schemes have been used by the Storm-0216 threat operation, also known as UNC2198 and Twisted Spider, to deploy the Danabot malware to achieve initial systems access before proceeding with the distribution of Cactus ransomware since last month, reports The Record , a news site by cybersecurity firm Recorded Future. "Danabot collects user credentials and other info that it sends to command and control, followed by lateral movement via Remote Desktop Protocol (RDP) sign-in attempts, ... [Read More]
Source: scmagazine.com
Dec 6th, 2023 - Security researchers have identified a new threat involving cracked applications distributed by unauthorized websites, concealing a Trojan-Proxy designed to compromise victims' devices. Cybercriminals have been taking advantage of users seeking free software tools, exploiting their willingness to download from questionable sources, and ultimately exposing them to malware installations. According to a new advisory published by Kaspersky today, the infected applications, presented as ... [Read More]
Source: infosecurity-magazine.com
Dec 5th, 2023 - Overview Recently, we decided to perform some reverse engineering of the SonicWall NSv appliance to identify any potential remote code execution vulnerabilities within the appliance. During our initial analysis of a virtual machine image for the application, we discovered a customized LUKS encryption mechanism meant to hinder reverse engineering of the application. We were able to recover the LUKS decryption key by leveraging Qemu with dynamic analysis/debugging within GDB, however, we still ... [Read More]
Source: securityboulevard.com
Dec 4th, 2023 - New versions of the worm include some novel approaches to infecting routers and internet-of-things devices, according to a report by Cado Security. The gang behind a cloud botnet known for targeting servers running the Redis in-memory storage system dubbed P2Pinfect is now looking to expand into the IoT ecosystem, according to a new report. Researchers have recently come across a variant of the P2Pinfect worm designed to run on Linux devices with MIPS processors. "It's highly likely that by ... [Read More]
Source: csoonline.com
Nov 30th, 2023 - A new version of the ScrubCrypt obfuscation tool is being used to target organizations with the RedLine Stealer malware, fraud sensor network Human Security has warned. Human's Satori Threat Intelligence Team said it has uncovered the new build of ScrubCrypt for sale in dark web marketplaces, and observed it being used to launch account takeover and fraud attacks on its customers via RedLine Stealer. How the New ScrubCrypt Build Works ScrubCrypt is a tool used by threat actors to avoid ... [Read More]
Source: infosecurity-magazine.com
Nov 30th, 2023 - Hackers believed to be based in China are targeting the Uzbekistan Ministry of Foreign Affairs, as well as people in South Korea, with a strain of malware called SugarGh0st, according to a new report. Cisco published a blog on Thursday spotlighting the malware — which they believe is a variant of Gh0st RAT, an infamous tool used for more than a decade by a range of advanced persistent threat (APT) groups in attacks on diplomatic, political, economic, and military targets around the world. ... [Read More]
Source: therecord.media
Nov 29th, 2023 - Threat actors have been observed exploiting a critical vulnerability, CVE-2023-46604, in Apache systems. Over the past few weeks, Fortiguard Labs identified multiple threat actors leveraging this vulnerability to unleash several malware strains. Among the discoveries is the emergence of a newly discovered Golang-based botnet named GoTitan. This sophisticated botnet has raised concerns due to its ability to disseminate diverse malware strains. GoTitan has been observed ... [Read More]
Source: infosecurity-magazine.com
You May Also Like…
Understanding the New SEC Cybersecurity Requirements
The Securities and Exchange Commission (SEC) has recently adopted new rules that require public companies and foreign issuers to disclose material information about their cybersecurity risk...
ProcessBolt Secures New Strategic Funding from Orlando Health Ventures, Joining Tampa General and Waterline Ventures
MINNETONKA, MN (Nov. 2, 2023) – ProcessBolt, the comprehensive AI-driven vendor risk management platform, is excited to announce a strategic investment from Orlando Health Ventures and its...
Vendor Risk Management for ISO 27001 Compliance
ISO 27001 is a globally recognized standard for information security management. Published by the International Organization for Standardization (ISO) and the International Electrotechnical...
