Cyble analyzes CVE-2022-36804 affecting Atlassian Bitbucket and how Threat Actors may exploit this in the near future.
A code injection vulnerability allowing remote code execution was discovered in the User Portal and Webadmin of Sophos Firewall. The vulnerability has been fixed.
Cyble Research and Intelligence Labs analyzes a new malware campaign targeting Zoom users.
2K Games Support System was hacked by an unknown hacker group targeting gamers via a fake user ticketing system.
Microsoft this week released an out-of-band security update for its Endpoint Configuration Manager solution to patch a vulnerability that could be useful to malicious actors for moving around in a targeted organization’s network.
The vulnerability is tracked as CVE-2022-37972 and it has been described by Microsoft as a medium-severity spoofing issue. The tech giant has credited Brandon Colley of Trimarc Security for reporting the flaw.
Trellix Advanced Research Center stumbled across a vulnerability in Python’s tarfile module. As we dug into the issue, we realized this was in fact CVE-2007-4559. The vulnerability is a path traversal attack in the extract and extractall functions in the tarfile module that allow an attacker to overwrite arbitrary files by adding the “..” sequence to filenames in a TAR archive. Over the course of our research into the impact of this vulnerability we discovered that hundreds of thousands of repositories were vulnerable to this vulnerability. While the vulnerability was originally only marked as a 6.8, we were able to confirm that in most cases an attacker can gain code execution from the file write.
New version of Exmatter, and Eamfo malware, used by attackers deploying the Rust-based ransomware.
Microsoft discovered an attack where attackers installed a malicious OAuth application in compromised tenants and used their Exchange Online service to launch spam runs.
The Void Balaur cyber mercenary group has thrived throughout 2022, attacking targets on a global scale with new phishing campaigns.
With the enterprise adoption of MacOS and iOS devices increasing, the Apple security landscape is becoming increasingly complex.
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory to provide information on recent cyber operations against the Government of Albania in July and September. This advisory provides a timeline of activity observed, from initial access to execution of encryption and wiper attacks. Additional information concerning files used by the actors during their exploitation of and cyber attack against the victim organization is provided in Appendices A and B.
With iOS 16 and macOS Ventura, Apple is introducing passkeys—a more convenient and secure alternative to passwords.
Domain shadowing is a special case of DNS hijacking where attackers stealthily create malicious subdomains under compromised domain names.
The “Augury” platform includes highly sensitive network data that Team Cymru, a private company, is selling to the military. “It’s everything. There’s nothing else to capture except the smell of electricity,” one cybersecurity expert said.
California's largest public school district and the second-largest in the U.S. is undergoing a ransomware attack. The attack has disrupted the district's email
School is out for more than 3,000 students of a suburban Detroit district undergoing its second day of forensics analysis following an online attack. Students have
The LockBit ransomware operation has suffered a breach, with an allegedly disgruntled developer leaking the builder for the gang's newest encryptor.
This post describes how I took over an Azure Cloud Shell trusted domain and leveraged it to inject and execute commands in other users’ terminals.
Could TeamTNT be back? Our honeypots were attacked by malware that bears a resemblance to these threat actors and we analyze the possible connection.
The VMware Carbon Black MDR team goes in depth on the latest variants of the Chromeloader malware and how to detect them.
