Authorities in the United States, Germany, the Netherlands and the U.K. last week said they dismantled the “RSOCKS” botnet, a collection of millions of hacked devices that were sold as “proxies” to cybercriminals looking for ways to route their malicio…
Tag: Exploit
Security Vendor News
S3 Ep87: Follina, AirTags, ID theft and the Law of Big Numbers [Podcast]
by Paul Ducklin •
Lastest epsiode – listen now!
Security Bloggers, Security Vendor News
Executive Summary: VexTrio DDGA Domains Spread Adware, Spyware, and Scam Web Forms
by Infoblox Cyber Intelligence Group •
Author: Christopher Kim Executive summary Since February 2022, Infoblox’s Threat Intelligence Group (TIG) has been tracking malicious campaigns that use domains generated by a dictionary domain generation algorithm (DDGA) to run scams and spread riskware, spyware, adware, potentially unwanted programs, and pornographic content. This attack is widespread and impacts targets across many industries. From […]
The post Executive Summary: VexTrio DDGA Domains Spread Adware, Spyware, and Scam Web Forms appeared first on Infoblox Blog.
Security Bloggers, Security Vendor News
VexTrio DDGA Domains Spread Adware, Spyware, and Scam Web Forms
by Infoblox Cyber Intelligence Group •
Author: Christopher Kim 1. Executive summary Since February 2022, Infoblox’s Threat Intelligence Group has been tracking malicious campaigns that use domains generated by a dictionary domain generation algorithm (DDGA) to run scams and spread riskware, spyware, adware, potentially unwanted programs, and pornographic content. This attack is widespread and impacts targets across many industries. From […]
The post VexTrio DDGA Domains Spread Adware, Spyware, and Scam Web Forms appeared first on Infoblox Blog.
Global Security News, North America
Attackers are leveraging Follina. What can you do?
by Zeljka Zorz •
As the world is waiting for Microsoft to push out a patch for CVE-2022-30190, aka “Follina”, attackers around the world are exploiting the vulnerability in a variety of campaigns. A complex vulnerability Microsoft has described CVE-2022-301…
Global Security News, North America
Zero-day bug exploited by attackers via macro-less Office documents (CVE-2022-30190)
by Zeljka Zorz •
A newly numbered Windows zero-day vulnerability (CVE-2022-30190) is being exploited in the wild via specially crafted Office documents (without macros), security researchers are warning. After initially dismissing the vulnerability as “not a secu…
Europe, Global Security News, North America, Vulnerabilities
What We Know About the Vulnerabilities Keeping ‘Dark Souls’ Offline
by Curtis Kang •
A RCE vulnerability has forced FromSoftware to take down ‘Dark Souls’ servers. However, there are more issues that haven’t been publicly addressed.
The post What We Know About the Vulnerabilities Keeping ‘Dark Souls’ Offline appeared first on Flashpoi…
Europe, Global Security News, North America, Vulnerabilities
What We Know About the Vulnerabilities Keeping ‘Dark Souls’ Offline
by Curtis Kang •
A RCE vulnerability has forced FromSoftware to take down ‘Dark Souls’ servers. However, there are more issues that haven’t been publicly addressed.
The post What We Know About the Vulnerabilities Keeping ‘Dark Souls’ Offline appeared first on Flashpoi…
Malware Indicators (IoCs), Vulnerabilities
New Exploit Emerges For A Previously Patched SharePoint Vulnerability
by Abeerah Hashim •
Months after Microsoft patched a remote code execution vulnerability in SharePoint, a new way to…
New Exploit Emerges For A Previously Patched SharePoint Vulnerability on Latest Hacking News.
Security Bloggers, Security Vendor News
2021 Most Exploited Vulnerabilities
by Michael Zuckerman •
Cybersecurity authorities just issued alert AA22-117A, which provides information on the top 15 Common Vulnerabilities and Exposures (CVEs) most frequently used and exploited by malicious cyber actors in 2021. This important alert was co-authored by the cybersecurity authorities from the United States, Australia, New Zealand, Canada, and the United Kingdom. In the United States, key […]
The post 2021 Most Exploited Vulnerabilities appeared first on Infoblox Blog.
Global Security News, North America
Attackers are attempting to exploit critical F5 BIG-IP RCE
by Zeljka Zorz •
Researchers have developed PoC exploits for CVE-2022-1388, a critical remote code execution bug affecting F5 BIG-IP multi-purpose networking devices/modules. Simultaneously, in-the-wild exploitation attempts have also been detected. CVE-2022-1388 PoC exploits Security researchers have started sharing evidence of their successful exploitation attempts of CVE-2022-1388 during the weekend: #CVE-2022-1388 successfully exploited. pic.twitter.com/P04K4PJsAN — Matus Bursa #strongertogether (@BursaMatus) May 9, 2022 🔥 We have reproduced the fresh CVE-2022-1388 in F5’s BIG-IP. Successful exploitation could lead to RCE from … More
The post Attackers are attempting to exploit critical F5 BIG-IP RCE appeared first on Help Net Security.
Europe, Global Security News, North America, Vulnerabilities
CISA Adds Five ‘New’ Exploits to KEV Catalog, Including 2014’s Heartbleed Vulnerability
by Curtis Kang •
On May 4, 2022, the Cybersecurity & Infrastructure Security Agency (CISA) added five “new” vulnerabilities to the Known Exploited Vulnerabilities (KEV) Catalog. Three of the entries were originally disclosed in 2014, including the infamous Heartble…
Global Security News, North America
Attackers are exploiting VMware RCE to deliver malware (CVE-2022-22954)
by Zeljka Zorz •
Cyber crooks have begun exploiting CVE-2022-22954, a RCE vulnerability in VMware Workspace ONE Access and Identity Manager, to deliver cryptominers onto vulnerable systems. About CVE-2022-22954 CVE-2022-22954 is, in effect, a server-side template injec…
Global Security News, North America
CISA adds Spring4Shell to list of exploited vulnerabilities
by Zeljka Zorz •
It’s been almost a week since the Spring4Shell vulnerability (CVE-2022-22965) came to light and since the Spring development team fixed it in new versions of the Spring Framework. There have been reports of scanning, exploit attempts and attempts…
Global Security News, North America
Log4Shell exploitation: Which applications may be targeted next?
by Zeljka Zorz •
Spring4Shell (CVE-2022-22965) has dominated the information security news these last six days, but Log4Shell (CVE-2021-44228) continues to demand attention and action from enterprise defenders as diverse vulnerable applications are being targeted in at…
Global Security News, North America
Vulnerabilities and cyberattacks that marked the year 2021
by Help Net Security •
Rapid7 announced the release of a report examining the 50 most notable security vulnerabilities and high-impact cyberattacks in 2021. On any given day, security professionals must prioritize and address viable threats from an overwhelming number of rep…
Global Security News, North America
Spring4Shell: New info and fixes (CVE-2022-22965)
by Help Net Security •
In this video for Help Net Security, Ax Sharma, Senior Security Researcher at Sonatype, talks about the latest developments regarding Spring4Shell, the unauthenticated RCE zero-day vulnerability in Spring Core whose existence has finally been confirmed…
Global Security News, North America
Spring4Shell: No need to panic, but mitigations are advised
by Zeljka Zorz •
Security teams around the world got another shock on Thursday when news of disclosure of a PoC for an unauthenticated RCE zero-day vulnerability in Spring Core, a massively popular framework for building modern Java-based enterprise applications, began…
Global Security News, North America
Attackers are exploiting recently patched RCE in Sophos Firewall (CVE-2022-1040)
by Zeljka Zorz •
A critical vulnerability (CVE-2022-1040) in Sophos Firewall in being exploited in the wild to target “a small set of specific organizations primarily in the South Asia region,” Sophos has warned. About CVE-2022-1040 CVE-2022-1040 is an auth…
Security Vendor News
Google Chrome patches mysterious new zero-day bug – update now
by Paul Ducklin •
CVE-2022-1096 – another mystery in-the-wild 0-day in Chrome… check your version now!
Europe, Global Security News, North America
New cyberespionage campaign targeting ISPs, research entities
by Help Net Security •
ESET Research discovered a still-ongoing cyberespionage campaign using a previously undocumented Korplug variant by the Mustang Panda APT group. The current campaign exploits the war in Ukraine and other European news topics. Known victims include rese…
Security Vendor News
Serious Security: DEADBOLT – the ransomware that goes straight for your backups
by Paul Ducklin •
Some tips on how to keep your network safe – even (or perhaps especially!) if you think you’re safe already.
Global Security News, North America
The not so scary truth about zero-day exploits
by Help Net Security •
We don’t know what we don’t know; this is the quintessential problem plaguing security teams and the primary reason that zero-day exploits can cause such damage. They’re a threat actor’s dream, creating the perfect storm of downtime and pan…
Security Vendor News
Apple patches 87 security holes – from iPhones and Macs to Windows
by Paul Ducklin •
Lots of fixes, with data leakage flaws and code execution bugs patched on iPhones, Macs and even Windows.
Global Security News, North America
Easily exploitable Linux bug gives root access to attackers (CVE-2022-0847)
by Zeljka Zorz •
An easily exploitable vulnerability (CVE-2022-0847) in the Linux kernel can be used by local unprivileged users to gain root privileges on vulnerable systems by taking advantage of already public exploits. Discovered by security researcher Max Kellerma…
Security Vendor News
Firefox patches two in-the-wild exploits – update now!
by Paul Ducklin •
Firefox just published a double-zero-day patch – “remote code execution” combined with “sandbox escape”. Update now!
Malware Indicators (IoCs), Vulnerabilities
Horde Webmail XSS Vulnerability Allows for Account Takeover
by Abeerah Hashim •
A severe vulnerability riddled the free browser-based groupware Horde Webmail allowing account takeovers. Despite the…
Horde Webmail XSS Vulnerability Allows for Account Takeover on Latest Hacking News.
Security Vendor News
S3 Ep71: VMware escapes, PHP holes, WP plugin woes, and scary scams [Podcast + Transcript]
by Paul Ducklin •
Latest episode – listen now!
Malware Indicators (IoCs), Vulnerabilities
Red Cross Cyberattack Links Back To A Zoho ManageEngine Vulnerability
by Abeerah Hashim •
A month after the disruptive data breach, Red Cross has shared more details about the…
Red Cross Cyberattack Links Back To A Zoho ManageEngine Vulnerability on Latest Hacking News.
Global Security News, North America
Top threat activities this year
by Help Net Security •
ZeroFox published a threat intelligence forecast for 2022, detailing expected cybercriminal behavior trends including ransomware, malware-as-a-service, vulnerabilities and exploits. Within the report, the ZeroFox Intelligence team reviews 12 months of …
Global Security News, North America
Log4Shell: A retrospective
by Help Net Security •
Now that the dust has settled on both the holiday season and the Log4j vulnerability that saw many of us working through it (CVE-2021-44228), it makes sense to look back and take stock of how things played out. What strategies worked in the face of one…
Security Vendor News
Adobe fixes zero-day exploit in e-commerce code: update now!
by Paul Ducklin •
There’s a remote code execution hole in Adobe e-commerce products – and cybercrooks are already exploiting it.
Global Security News, North America
End of 2021 witnessed an explosion of RDP brute-force attacks
by Zeljka Zorz •
RDP brute-force attacks continue to be one of the most used attack vectors for breaching enterprise networks, ESET’s latest Threat Report has revealed. RDP brute-force attacks escalated throughout all of 2020 and 2021, and the last four months of…
Global Security News, North America
Ransomware families becoming more sophisticated with newer attack methods
by Help Net Security •
Ivanti, Cyber Security Works and Cyware announced a report which identified 32 new ransomware families in 2021, bringing the total to 157 and representing a 26% increase over the previous year. The report also found that these ransomware groups are con…
Security Vendor News
Apple fixes Safari data leak (and patches a zero-day!) – update now
by Paul Ducklin •
That infamous “supercookie” bug in Safari has now been fixed. Oh, and there was a zero-day kernel hole as well.
Global Security News, North America
DazzleSpy: macOS backdoor delivered through watering hole attacks
by Help Net Security •
In late 2021, a never before seen macOS backdoor was delivered to pro-democracy individuals in Hong Kong via fake and compromised sites (for example, that of local radio station D100) by exploiting vulnerabilities in Webkit, the browser engine powering…
Global Security News, North America
PolKit vulnerability can give attackers root on many Linux distros (CVE-2021-4034)
by Zeljka Zorz •
A memory corruption vulnerability (CVE-2021-4034) in PolKit, a component used in major Linux distributions and some Unix-like operating systems, can be easily exploited by local unprivileged users to gain full root privileges. While the vulnerability i…
Security Vendor News
Watering hole deploys new macOS malware, DazzleSpy, in Asia
by Marc-Etienne M.Léveillé •
Hong Kong pro-democracy radio station website compromised to serve a Safari exploit that installed cyberespionage malware on site visitors’ Macs
The post Watering hole deploys new macOS malware, DazzleSpy, in Asia appeared first on WeLiveSecurity
Malware Indicators (IoCs)
New Phishing Campaign Exploits Google Docs Comment Feature
by Abeerah Hashim •
Researchers have identified a new phishing attack where the hackers exploit the Google Docs Comment…
New Phishing Campaign Exploits Google Docs Comment Feature on Latest Hacking News.
Exploits, Global Security News
Chinese Hackers Using Log4Shell Exploit Tools to Perform Post-Exploitation Attacks
by BALAJI N •
The cybersecurity firm, CrowdStrike has warned that Chinese hackers are using the Log4Shell exploit tools to perform various post-exploitation operations. The hacker group behind these malicious operations, Aquatic Panda was seen using the Log4Sh…