Malware & Threats

Chinese Cyberspies Target Tibetans via Watering Hole, Supply Chain Attacks

China, espionage, Malware, Malware & Threats, Tibet /

Chinese Cyberspies Target Tibetans via Watering Hole, Supply Chain Attacks 2024-03-08 at 15:02 By Ionut Arghire Chinese APT Evasive Panda compromises a software developer’s supply chain to target Tibetans with malicious downloaders. The post Chinese Cyberspies Target Tibetans via Watering Hole, Supply Chain Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek […]

React to this headline:

Loading spinner

Chinese Cyberspies Target Tibetans via Watering Hole, Supply Chain Attacks Read More »

Critical TeamCity Vulnerability Exploitation Started Immediately After Disclosure

exploited, Featured, Malware & Threats, TeamCity /

Critical TeamCity Vulnerability Exploitation Started Immediately After Disclosure 2024-03-07 at 13:36 By Eduard Kovacs Critical TeamCity authentication bypass vulnerability CVE-2024-27198 exploited in the wild after details were disclosed. The post Critical TeamCity Vulnerability Exploitation Started Immediately After Disclosure appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React

React to this headline:

Loading spinner

Critical TeamCity Vulnerability Exploitation Started Immediately After Disclosure Read More »

Linux Malware Campaign Targets Misconfigured Cloud Servers

Cloud, Linux malware, Malware & Threats /

Linux Malware Campaign Targets Misconfigured Cloud Servers 2024-03-06 at 18:31 By Ionut Arghire A new malware campaign has been observed targeting misconfigured Apache Hadoop, Confluence, Docker, and Redis instances. The post Linux Malware Campaign Targets Misconfigured Cloud Servers appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React

React to this headline:

Loading spinner

Linux Malware Campaign Targets Misconfigured Cloud Servers Read More »

US Sanctions Spyware Company and Executives Who Targeted American Journalists, Government Officials

Malware & Threats, Mobile & Wireless, Tracking & Law Enforcement /

US Sanctions Spyware Company and Executives Who Targeted American Journalists, Government Officials 2024-03-05 at 23:01 By Associated Press The Treasury Department sanctioned individuals associated with Intellexa Consortium, maker of the powerful Predator Spyware. The post US Sanctions Spyware Company and Executives Who Targeted American Journalists, Government Officials appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

US Sanctions Spyware Company and Executives Who Targeted American Journalists, Government Officials Read More »

VMware Patches Critical ESXi Sandbox Escape Flaws

CVE-2024-22252, CVE-2024-22253, ESXi, Malware & Threats, VMWare, Vulnerabilities /

VMware Patches Critical ESXi Sandbox Escape Flaws 2024-03-05 at 21:17 By Ryan Naraine The most serious flaws allow hackers with local admin rights to execute code as the virtual machine’s VMX process running on the host. The post VMware Patches Critical ESXi Sandbox Escape Flaws appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

VMware Patches Critical ESXi Sandbox Escape Flaws Read More »

Remote Stuxnet-Style Attack Possible With Web-Based PLC Malware: Researchers

Featured, ICS, ICS malware, ICS/OT, Malware & Threats, PLC /

Remote Stuxnet-Style Attack Possible With Web-Based PLC Malware: Researchers 2024-03-04 at 14:18 By Eduard Kovacs Researchers demonstrate that remote Stuxnet-style attacks are possible against many modern PLCs using web-based malware. The post Remote Stuxnet-Style Attack Possible With Web-Based PLC Malware: Researchers appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

Remote Stuxnet-Style Attack Possible With Web-Based PLC Malware: Researchers Read More »

In Other News: Google Flaw Exploited, 3D Printers Hacked, WhatsApp Gets NSO Spyware

In Other News, Malware & Threats /

In Other News: Google Flaw Exploited, 3D Printers Hacked, WhatsApp Gets NSO Spyware 2024-03-01 at 18:16 By Eduard Kovacs Noteworthy stories that might have slipped under the radar: Unpatched Google vulnerability exploited, 3D printers hacked by white hats, WhatsApp will get NSO spyware.  The post In Other News: Google Flaw Exploited, 3D Printers Hacked, WhatsApp

React to this headline:

Loading spinner

In Other News: Google Flaw Exploited, 3D Printers Hacked, WhatsApp Gets NSO Spyware Read More »

Governments Urge Organizations to Hunt for Ivanti VPN Attacks

Government, Ivanti, Malware & Threats /

Governments Urge Organizations to Hunt for Ivanti VPN Attacks 2024-03-01 at 16:01 By Ionut Arghire Credentials stored on Ivanti VPN appliances impacted by recent vulnerabilities are likely compromised, government agencies say. The post Governments Urge Organizations to Hunt for Ivanti VPN Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

Governments Urge Organizations to Hunt for Ivanti VPN Attacks Read More »

Windows Zero-Day Exploited by North Korean Hackers in Rootkit Attack

CVE-2024-21338, exploited, Featured, Lazarus, Malware & Threats, North Korea, Vulnerabilities, Windows, Zero-Day /

Windows Zero-Day Exploited by North Korean Hackers in Rootkit Attack 2024-02-29 at 13:46 By Eduard Kovacs North Korean group Lazarus exploited AppLocker driver zero-day CVE-2024-21338 for privilege escalation in attacks involving FudModule rootkit. The post Windows Zero-Day Exploited by North Korean Hackers in Rootkit Attack appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Windows Zero-Day Exploited by North Korean Hackers in Rootkit Attack Read More »

Chinese Cyberspies Use New Malware in Ivanti VPN Attacks

China, espionage, Ivanti, Malware & Threats, Nation-State /

Chinese Cyberspies Use New Malware in Ivanti VPN Attacks 2024-02-28 at 14:52 By Ionut Arghire Chinese threat actors target Ivanti VPN appliances with new malware designed to persist system upgrades. The post Chinese Cyberspies Use New Malware in Ivanti VPN Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

Chinese Cyberspies Use New Malware in Ivanti VPN Attacks Read More »

US Government Urges Cleanup of Routers Infected by Russia’s APT28

APT28, botnet, Malware & Threats, Nation-State, Russia /

US Government Urges Cleanup of Routers Infected by Russia’s APT28 2024-02-28 at 14:52 By Ionut Arghire The US government says Russia’s APT28 group compromised Ubiquiti EdgeRouters to run cyberespionage operations worldwide. The post US Government Urges Cleanup of Routers Infected by Russia’s APT28 appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

US Government Urges Cleanup of Routers Infected by Russia’s APT28 Read More »

Black Basta, Bl00dy Ransomware Exploiting Recent ScreenConnect Flaws

ConnectWise, Malware & Threats, Ransomware, ScreenConnect /

Black Basta, Bl00dy Ransomware Exploiting Recent ScreenConnect Flaws 2024-02-27 at 18:26 By Ionut Arghire The Black Basta and Bl00dy ransomware gangs have started exploiting two vulnerabilities in ConnectWise ScreenConnect. The post Black Basta, Bl00dy Ransomware Exploiting Recent ScreenConnect Flaws appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

React to this headline:

Loading spinner

Black Basta, Bl00dy Ransomware Exploiting Recent ScreenConnect Flaws Read More »

Russian Cyberspies Targeting Cloud Infrastructure via Dormant Accounts

APT29, CISA, Cozy Bear, Malware & Threats, Midnight Blizzard, Nation-State, Uncategorized /

Russian Cyberspies Targeting Cloud Infrastructure via Dormant Accounts 2024-02-26 at 19:17 By Ionut Arghire US government and allies expose TTPs used by notorious Russian hacking teams and warn of the targeting of dormant cloud accounts. The post Russian Cyberspies Targeting Cloud Infrastructure via Dormant Accounts appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Russian Cyberspies Targeting Cloud Infrastructure via Dormant Accounts Read More »

‘SlashAndGrab’ ScreenConnect Vulnerability Widely Exploited for Malware Delivery

Featured, Malware & Threats, ScreenConnect, Vulnerabilities /

‘SlashAndGrab’ ScreenConnect Vulnerability Widely Exploited for Malware Delivery 2024-02-23 at 14:31 By Eduard Kovacs ConnectWise ScreenConnect vulnerability tracked as CVE-2024-1709 and SlashAndGrab exploited to deliver ransomware and other malware. The post ‘SlashAndGrab’ ScreenConnect Vulnerability Widely Exploited for Malware Delivery appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

React to this headline:

Loading spinner

‘SlashAndGrab’ ScreenConnect Vulnerability Widely Exploited for Malware Delivery Read More »

Russian Turla Cyberspies Target Polish NGOs With New Backdoor

backdoor, Malware, Malware & Threats, Nation-State, Russia, Turla /

Russian Turla Cyberspies Target Polish NGOs With New Backdoor 2024-02-22 at 18:01 By Ionut Arghire Russian state-sponsored threat actor Turla has been using a new backdoor in recent attacks targeting Polish NGOs. The post Russian Turla Cyberspies Target Polish NGOs With New Backdoor appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

Russian Turla Cyberspies Target Polish NGOs With New Backdoor Read More »

Threat Actors Quick to Abuse ‘SSH-Snake’ Worm-Like Tool

Malware, Malware & Threats, worm /

Threat Actors Quick to Abuse ‘SSH-Snake’ Worm-Like Tool 2024-02-22 at 18:01 By Ionut Arghire Threat actors are actively deploying the recently released self-replicating and self-propagating SSH-Snake worm. The post Threat Actors Quick to Abuse ‘SSH-Snake’ Worm-Like Tool appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to

React to this headline:

Loading spinner

Threat Actors Quick to Abuse ‘SSH-Snake’ Worm-Like Tool Read More »

ConnectWise Confirms ScreenConnect Flaw Under Active Exploitation

ConnectWise, Malware & Threats, remote code execution, ScreenConnect, Vulnerabilities /

ConnectWise Confirms ScreenConnect Flaw Under Active Exploitation 2024-02-21 at 19:16 By Ryan Naraine Security experts describe exploitation of the CVSS 10/10 flaw as “trivial and embarrassingly easy.” The post ConnectWise Confirms ScreenConnect Flaw Under Active Exploitation appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this

React to this headline:

Loading spinner

ConnectWise Confirms ScreenConnect Flaw Under Active Exploitation Read More »

Diversifying Defenses: FjordPhantom Malware Shows Importance of a Multi-Pronged Approach

Malware & Threats, Mobile & Wireless, mobile malware /

Diversifying Defenses: FjordPhantom Malware Shows Importance of a Multi-Pronged Approach 2024-02-21 at 16:46 By Joshua Goldfarb Security teams need to combine the angles of client-side and server-side detection in order to have the best chance of mitigating the risk of advanced mobile malware. The post Diversifying Defenses: FjordPhantom Malware Shows Importance of a Multi-Pronged Approach

React to this headline:

Loading spinner

Diversifying Defenses: FjordPhantom Malware Shows Importance of a Multi-Pronged Approach Read More »

Redis Servers Targeted With New ‘Migo’ Malware

Malware, Malware & Threats, Redis /

Redis Servers Targeted With New ‘Migo’ Malware 2024-02-21 at 14:47 By Ionut Arghire Attackers weaken Redis instances to deploy the new Migo malware and install a rootkit and cryptominers. The post Redis Servers Targeted With New ‘Migo’ Malware appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React

React to this headline:

Loading spinner

Redis Servers Targeted With New ‘Migo’ Malware Read More »

ConnectWise Rushes to Patch Critical Vulns in Remote Access Tool

AnyConnect, ConnectWise, CVSS 10, Malware & Threats, remote access, Vulnerabilities /

ConnectWise Rushes to Patch Critical Vulns in Remote Access Tool 2024-02-20 at 19:31 By Ryan Naraine ConnectWise ships patches for extremely critical security defects in its ScreenConnect remote desktop access product and urges emergency patching. The post ConnectWise Rushes to Patch Critical Vulns in Remote Access Tool appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

ConnectWise Rushes to Patch Critical Vulns in Remote Access Tool Read More »

Scroll to Top