The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an Industrial Control Systems (ICS) medical advisory warning of a critical flaw that affects Illumina medical devices. The Universal Copy Service (UCS) software in several DNA sequencing instruments, including the iSeq 100, MiSeq, NextSeq 550, and NovaSeq 6000, is impacted by t...
Alloy Taurus, a Chinese nation-state group notorious for attacking telecom companies since 2012, has been spotted using a Linux variation of the backdoor PingPull and a new unnamed tool called Sword2033. Palo Alto Networks Unit 42 discovered these malicious activities recently, targeting South Africa and Nepal. These attacks also include financial ...
A group backed by the Iranian government, dubbed Mint Sandstorm, has been connected to cyber-attacks targeting critical US infrastructure from late 2021 to mid-2022. Microsoft’s Threat Intelligence team stated that this subgroup is skilled and operationally mature, capable of swiftly developing custom tools and exploiting N-day vulnerabilitie...
Google has released an urgent update to fix a zero-day vulnerability in Chrome that is being actively exploited, making it the first such bug to be addressed this year. The vulnerability, tracked as CVE-2023-2033, is a high-severity type confusion issue in the V8 JavaScript engine. Google acknowledged that an exploit for the vulnerability exists in...
Experts in cybersecurity have uncovered the mechanics behind a cryptocurrency stealer malware distributed through 13 malignant NuGet packages. This supply chain attack targeted .NET developers and employed a sophisticated typosquatting campaign. Impersonating legitimate packages, the attackers executed PowerShell code to obtain a secondary binary f...
MSI, the Taiwanese PC company, has officially confirmed that it was the victim of a cyber attack on its systems. The company promptly initiated incident response and recovery measures after detecting network anomalies and alerted law enforcement agencies. However, MSI did not disclose any specifics about the attack or whether any proprietary inform...
cybersecurity experts have unveiled a previously unknown and highly sophisticated ransomware variant, Rorschach, which is both advanced and swift. Rorschach ransomware distinguishes itself from other strains with its exceptional customization and unique technical features not previously seen in ransomware, according to a report by Check Point Resea...
Actively exploited by unidentified cybercriminals, a recently patched security vulnerability is found within the WordPress Elementor Pro website builder plugin. Affecting versions 3.11.6 and earlier, this broken access control flaw was resolved by the plugin developers in the 3.11.7 version, released on March 22. In the release notes, the Tel Aviv-...
A newly identified North Korean cyber group, APT43, has been linked to multiple campaigns aimed at gathering strategic intelligence in line with Pyongyang’s geopolitical interests since 2018. Tracked by Google-owned Mandiant, APT43’s objectives include both espionage and financial motives, employing methods such as credential harvesting...
On Friday, Microsoft provided insights to assist users in identifying indicators of compromise (IoCs) linked to a recently patched Outlook vulnerability. Known as CVE-2023-23397 (CVSS score: 9.8), this critical vulnerability involves a privilege escalation issue that could be exploited to steal NT Lan Manager (NTLM) hashes and execute a relay attac...
A new campaign targeting poorly managed Linux SSH servers has been identified, deploying various strains of malware called ShellBot. The AhnLab Security Emergency Response Center (ASEC) reported that ShellBot, also known as PerlBot, is a DDoS bot malware developed in Perl, which typically uses the IRC protocol for communication with its C&C ser...
Mandiant, the threat intelligence firm, has linked the zero-day exploitation of a medium-severity security flaw in the Fortinet FortiOS operating system to a suspected Chinese hacking group. The attack is part of a broader campaign to deploy backdoors onto Fortinet and VMware solutions and maintain persistent access to victim environments. Mandiant...
Recently, a critical security flaw in Progress Telerik was exploited by multiple threat actors, including a nation-state group, to gain unauthorized access to an unnamed federal entity in the U.S. The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Cent...
A malicious Chrome browser extension branded as ChatGPT has been discovered to hijack Facebook accounts and create rogue admin accounts. This highlights one of the different methods cyber criminals are using to distribute malware. Guardio Labs researcher Nati Tal warns that by hijacking high-profile Facebook business accounts, the threat actor crea...
The Lazarus Group, believed to be linked to North Korea, has been observed exploiting undisclosed software vulnerabilities to breach a South Korean financial business entity twice within a year. The first attack in May 2022 involved the use of a vulnerable version of a widely-used certificate software, while the second attack in October 2022 exploi...
Cybersecurity experts have uncovered a new information stealer called SYS01stealer, which targets critical government infrastructure employees, manufacturing companies, and other sectors. Israeli cybersecurity firm Morphisec reports that the attack campaign aims to steal sensitive information, such as login data, cookies, and Facebook ad and busine...
Chinese threat actor Sharp Panda has been targeting high-profile government entities in Southeast Asia since late last year in a cyber espionage campaign. Israeli cybersecurity company Check Point has identified the use of a new version of the Soul modular framework as characterizing the intrusions, marking a departure from the group’s attack...
A new ATM malware strain called FiXS has been detected attacking Mexican banks since the beginning of February 2023. Latin American cybersecurity firm Metabase Q reported that the ATM malware is concealed within another program that appears to be non-malicious. FiXS is not dependent on any specific vendor, is vendor-agnostic, and can infect any tel...
The Mustang Panda actor, which is aligned with China, has been observed using a new custom backdoor named MQsTTang as part of an ongoing social engineering campaign that started in January 2023. ESET researcher Alexandre Côté Cyr reported that MQsTTang seems to be a standalone backdoor not based on existing malware families or publicly available...
The threat group known as Lucky Mouse has released a Linux version of its SysUpdate malware toolkit, enabling it to target Linux devices. The updated artifact, which dates back to July 2022, has new features aimed at avoiding security software and resisting reverse engineering. Lucky Mouse, also known as APT27, Bronze Union, Emissary Panda, and...
On March 1, 2023, Cisco released security updates for its IP Phone series 6800, 7800, 7900, and 8800 to address a critical command injection vulnerability (CVE-2023-20078) rated 9.8 on the CVSS scoring system. The flaw is caused by a web-based management interface, which lacks proper user-supplied input validation, allowing an unauthenticated, remo...
Jamf Threat Labs has discovered that Trojanized versions of legitimate applications are being used to deploy evasive cryptocurrency mining malware on macOS systems. The malware, called XMRig coin miner, is executed by an unauthorized modification in Final Cut Pro, an Apple video editing software. The malware makes use of the Invisible Internet Proj...
Apple has released revised security advisories to address three new vulnerabilities that could impact iOS, iPadOS, and macOS. One of the vulnerabilities is a race condition in the Crash Reporter component that could allow a malicious actor to read arbitrary files as root, while the other two vulnerabilities in the Foundation framework could be weap...
The Norwegian police agency Økokrim has announced the seizure of $5.84 million worth of cryptocurrency, which was stolen by the Lazarus Group in March 2022 after the Axie Infinity Ronin Bridge hack. The Oslo-based crime-fighting unit stated that this case highlights its capacity to trace the money trail on the blockchain, even when criminals use...
Cisco has recently released security updates to address a severe vulnerability in the ClamAV open-source antivirus engine, which could result in remote code execution on susceptible devices. The vulnerability is tracked as CVE-2023-20032, with a CVSS score of 9.8, and it pertains to remote code execution in the HFS+ file parser component. Versions ...
The notorious APT37, a North Korea-linked threat actor, has recently been spotted utilizing a new piece of malware called M2RAT in its ongoing attacks against its southern neighbor. These developments signify a further evolution of the group’s tools and tactics. APT37, also known as Reaper, RedEyes, Ricochet Chollima, and ScarCruft, is associ...
The malicious black hat redirect malware campaign has now grown larger and more insidious, infecting over 10,800 websites with over 70 bogus domains, mimicking URL shorteners. The main objective of this malware is to artificially increase traffic to pages that contain Google Ads, generating revenue from AdSense ID, which is used for ad fraud. The...
Cloudflare, the web infrastructure company, stopped an unprecedented DDoS attack on Monday with a record-breaking peak of over 71 million requests per second. This historic “hyper-volumetric” attack was the largest HTTP DDoS attack on record, surpassing the previous 46 million RPS attack that was mitigated by Google Cloud in June 2022. ...
Apple has taken swift action to safeguard its users by releasing security updates for its various operating systems, including iOS, iPadOS, macOS, and Safari, to fix a critical zero-day vulnerability. The flaw, tracked as CVE-2023-23529, is a type of confusion bug in the WebKit browser engine that could allow malicious actors to execute arbitrary c...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to the public, adding three newly discovered security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. This move is a result of evidence suggesting that these flaws are being actively abused in the wild. Among the three is CVE-2022-24990, a se...
Reddit, the well-known social news aggregation platform, has fallen victim to a vicious and calculated phishing attack. On February 5th, 2023, the attackers targeted Reddit’s employees with plausible-sounding prompts that redirected them to a fake website that appeared to be Reddit’s intranet portal. The sole purpose of this deceitful a...
The OpenSSL Project has taken immediate action to safeguard its users by releasing critical fixes to address several severe security vulnerabilities in its open-source encryption toolkit. One such vulnerability, tracked as CVE-2023-0286, is a high-severity bug that could potentially put users at risk of malicious attacks. According to the advisory ...
Eight unpatched security vulnerabilities have been found in open-source and freemium document management systems (DMS) offered by four vendors, LogicalDOC, Mayan, ONLYOFFICE, and OpenKM.These flaws were revealed by cybersecurity firm Rapid7 and allow for a malicious actor to trick a user into saving a harmful document on the platform, and once inde...
A Russia-affiliated adversary has been caught utilizing new information-stealing malware in cyberattacks aimed at Ukraine. Named Graphiron by Symantec, a subsidiary of Broadcom, the malware is the work of an espionage group known as Nodaria, which is monitored by the Computer Emergency Response Team of Ukraine (CERT-UA) under the label UAC-0056. Ac...
On February 7, 2023, a Russian national, Denis Mihaqlovic Dubnikov, admitted to money laundering and concealing the source of funds obtained through Ryuk ransomware attacks in a U.S. court. Dubnikov, who was arrested in Amsterdam in November 2021 and later extradited from the Netherlands in August 2022, will be sentenced on April 11, 2023. Accordin...
The Ukrainian Computer Emergency Response Team (CERT-UA) has issued a warning about ongoing cyber attacks targeting state authorities in the country that use a legitimate remote access software named Remcos. The widespread phishing campaign has been traced back to a threat actor known as UAC-0050, and the agency has described the nature of the atta...
A collaborative law enforcement effort by Germany, the Netherlands, and Poland resulted in the dismantling of the encrypted messaging platform Exclu.Eurojust reported the arrests of 45 individuals in Belgium and the Netherlands, including users, administrators, and owners of the service. During raids in 79 locations, authorities seized €5.5 million...
Cybercriminals are exploiting known weaknesses in the Sunlogin software to deploy the Sliver Command-and-Control (C2) framework for post-exploitation activities. This was uncovered by the AhnLab Security Emergency Response Center (ASEC), which discovered that security flaws in the Chinese-developed remote desktop program, Sunlogin, are being taken ...
GitHub, a subsidiary of Microsoft, announced that unknown attackers managed to extract encrypted code signing certificates related to some versions of GitHub Desktop for Mac and Atom applications. To ensure security, the company is revoking the affected certificates. As a result, certain versions of GitHub Desktop for Mac, including 3.0.2 to 3.1.2 ...
The National Cyber Security Centre (NCSC) of the United Kingdom has issued a warning about spear-phishing attacks orchestrated by state-sponsored actors from Russia and Iran. The attacks are aimed at specific sectors, including academia, defense, government organizations, NGOs, and think tanks, as well as politicians, journalists, and activists, an...
The actors responsible for the Gootkit malware have made significant modifications to their toolset, incorporating new components and obfuscations into their infection methods. The Google-owned cybersecurity firm, Mandiant, is keeping a close eye on the cluster of activity known as UNC2565 and has determined that the usage of the Gootkit malware is...
Ukraine has been the target of a recent cyber attack from Russia, utilizing a previously unseen data wiper called SwiftSlicer. The attack was attributed to Sandworm, a state-sponsored group linked to Military Unit 74455 of the GRU, the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation. ESET disclosed...
On Tuesday, GoTo (formerly LogMeIn), the parent company of LastPass, announced that an unknown party had successfully accessed encrypted backups of certain customers’ data, along with the encryption key for some of these backups, in a November 2022 incident. The company has identified that a third-party cloud storage service was targeted, whi...
Two security vulnerabilities have been identified in the Samsung Galaxy Store application for Android devices that could potentially be exploited by a local attacker to install arbitrary applications or redirect potential victims to fraudulent web pages. The vulnerabilities, designated as CVE-2023-21433 and CVE-2023-21434, were discovered by NCC Gr...
Researchers have successfully dismantled an extensive ad fraud scheme, known as VASTFLUX, that affected over 1,700 applications from 120 publishers and impacted around 11 million devices. According to fraud prevention firm HUMAN, VASTFLUX was a malvertising attack that injected malicious JavaScript code into digital ad creatives, allowing the fraud...
According to a report by the BlackBerry Research and Intelligence Team, the Russian state-sponsored cyber espionage group known as Gamaredon has continued its digital attacks against Ukraine, utilizing the popular messaging app Telegram to target the country’s military and law enforcement sectors. The group, also known by various other names ...
An individual going by the name of Lolip0p has uploaded three malicious packages to the Python Package Index (PyPI) repository, which are designed to install malware on developer systems that download them. The packages, named color slab (versions 4.6.11 and 4.6.12), httpslib (versions 4.6.9 and 4.6.11), and libhttps (version 4.6.12), were uploaded...
On Friday, DevOps platform CircleCI announced that it had experienced a data breach as a result of a “sophisticated attack” on December 16, 2022. The incident involved an employee’s laptop being compromised by unknown actors, who then used malware to steal the employee’s two-factor authentication-backed credentials to gain a...
A significant portion of internet-exposed Cacti servers remain unpatched against a recently discovered critical security vulnerability that has been actively exploited in the wild, according to attack surface management platform Censys. Out of a total of 6,427 servers, only 26 were found to be running a patched version of Cacti (1.2.23 and 1.3.0). ...
A recent surge in attacks utilizing the Gootkit malware loader has targeted the Australian healthcare sector, according to cybersecurity firm Trend Micro. The malware, also known as Gootloader, is known for using search engine optimization (SEO) poisoning tactics to gain initial access. It typically works by compromising legitimate infrastructure a...
A previously unknown actor of an “advanced persistent threat” (APT) is targeting government and military organizations in the Asia-Pacific region, according to a report from Singapore-based cybersecurity firm Group-IB.The group, which is tracking the campaign under the name “Dark Pink,” has attributed seven successful attack...
As of 2023, it is important for SaaS companies to be aware of the potential cybersecurity threats that may arise. In order to ensure the safety of your systems and data, it is crucial to focus on the following four key areas: web application weaknesses, misconfiguration mistakes, vulnerable software and patching, and weak internal security...
