From mid-June through mid-July 2022, CISA conducted an incident response engagement at a Federal Civilian Executive Branch (FCEB) organization where CISA observed suspected advanced persistent threat (APT) activity. In the course of incident response activities, CISA determined that cyber threat actors exploited the Log4Shell vulnerability in an unpatched VMware Horizon server, installed XMRig crypto mining software, moved laterally to the domain controller (DC), compromised credentials, and then implanted Ngrok reverse proxies on several hosts to maintain persistence.
FortiGuard Labs provides an analysis on RapperBot focusing on comparing samples for different campaigns, including one aiming to launch Distributed Denial of Service (DDoS) attacks. Read our blog to learn more about the differences observed in this campaign vs previous RapperBot and similar campaigns in the past.
Attorneys general found that Google violated state consumer protection laws by misleading consumers about its location-data practices, tracking consumers even when their location history setting was turned off.
At this stage, on November 11, 2022, at 3pm (CET time) Thales is able to confirm the following information:
Vyacheslav “Tank” Penchukov, the accused 40-year-old Ukrainian leader of a prolific cybercriminal group that stole tens of millions of dollars from small to mid-sized businesses in the United States and Europe, has been arrested in Switzerland, according to multiple sources.
Recently, Apache MINA fixed an unsafe deserialization vulnerability. The bug exists in the class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider, an attacker could exploit this vulnerability to deserialize and thus achieve remote code execution. Track as CVE-2022-45047, the flaw severity is important.
In this intrusion from May 2022, the threat actors used BumbleBee as the initial access vector from a Contact Forms campaign. We have previously reported on two BumbleBee intrusions (1, 2), and this report is a continuation of a series of reports uncovering multiple TTPs seen by BumbleBee post exploitation operators.
The intrusion began with the delivery of an ISO file that contained an LNK and a DLL. The threat actors leveraged BumbleBee to load a Meterpreter agent and Cobalt Strike Beacons. They then performed reconnaissance, used two different UAC bypass techniques, dumped credentials, escalated privileges using a ZeroLogon exploit, and moved laterally through the environment.
Apple is facing a proposed federal class action alleging that it records users' mobile activity without their consent and despite privacy...
Computer security incident response teams: are they legally regulated? The Swiss example
Christopher Wray, the F.B.I.’s director, told Congress last December that the bureau purchased the phone hacking tool Pegasus for research and development purposes.
Automation features make LockBit one of the more destructive pieces of ransomware.
Federal prosecutors on Thursday charged a dual Russian and Canadian national for his alleged participation in a global campaign to spread ransomware known as LockBit.
Mikhail Vasiliev, 33, of Bradford, Ontario, Canada, was taken into custody in late October by authorities in Ontario, officials at Interpol said. He is now in custody in Canada awaiting extradition to the US.
Compromising Plesk via its REST API, CSRF, CORS misconfiguration, add db user, add backdoor, add secret token, cookieless CSRF
Windows ZIP extraction bug (CVE-2022-41049) lets attackers craft ZIP files, which evade warnings on attempts to execute packaged files, even if ZIP file was downloaded from the Internet.
Our deep analysis of the Worok toolset (previously described by ESET Research) reveals the final stage, hidden in a PNG file, that steals data and provides a multifunctional backdoor using the DropBox repository and API.
Learn how attackers are redirecting WordPress website visitors to fake Q&A sites via ois[.]is. Nearly 15,000 websites affected by this malware so far.
WeightBufs is a kernel r/w exploit for all Apple devices with Neural Engine support. Bugs and Exploit by @simo36, you can read my presentation slides at POC for more details about the vulnerabilities and the exploitation techniques.
TAG highlights four case studies involving Russian IO tied to the Internet Research Agency and Russian oligarch Yevgeny Prigozhin.
TrustCor Systems vouches for the legitimacy of websites. But its physical address is a UPS Store in Toronto.
