Cloud risk management and threat detection firm Rapid7 warns that it has seen organizations being compromised in attacks exploiting a recently patched Zoho ManageEngine vulnerability. Tracked as CVE-2022-47966, the security defect exists in a third-party dependency (Apache xmlsec, also known as XML Security for Java, version 1.4.1), allowing attackers to execute arbitrary code remotely without ..
Tag : Virus&Threats
Fortinet warns of three new malicious PyPI packages containing code designed to fetch the Wacatac trojan and information stealer as a next stage payload. The three Python packages, ‘colorslib’, ‘httpslib’ and ‘libhttps’ were uploaded to PyPI (Python Package Index) on January 7 and January 12. All three packages were published by the same author from ..
A GitHub Codespaces feature meant to help with code development and collaboration can be abused for malware delivery, Trend Micro reports. Generally available since November 2022, following a private preview period, GitHub Codespaces is a free cloud-based integrated development environment (IDE) that allows developers to create, edit, and run code in their browsers via a ..
Most internet-exposed Cacti installations have not been patched against a critical-severity command injection vulnerability that is being exploited in attacks. An open-source web-based network monitoring and graphing tool that offers an operational monitoring and fault management framework, Cacti is a front-end application for the data logging utility RRDtool. In early December 2022, the tool’s maintainers ..
Google and Adobe this week announced the availability of new open source security tools, for continuous fuzzing and detecting living-off-the-land attacks. Google releases ClusterFuzzLite Google announced the open source release of ClusterFuzzLite, which it described as a ClusterFuzz-based continuous fuzzing solution that runs as part of continuous integration (CI) workflows in an effort to help ..
Google on Thursday shared details about a recent attack that exploited a zero-day vulnerability in macOS to deliver malware to users in Hong Kong. According to Google, the attack, discovered in late August, was likely conducted by a well-resourced state-sponsored threat group which, based on the quality of their code, had access to their own ..
The cybercriminals behind the BlackMatter Ransomware-as-a-Service (RaaS) operation this week announced plans to close shop. Active since July 2021, BlackMatter is the product of the Coreid cybercrime group, which also operated the DarkSide ransomware. BlackMatter’s use in assaults on critical infrastructure entities in the United States has resulted in the U.S. government recently issuing an ..
The cybercriminal group tracked as TA551 recently showed a significant change in tactics with the addition of the open-source pentest tool Sliver to its arsenal, according to cybersecurity firm Proofpoint. Also referred to as Shathak, TA551 is an initial access broker known for the distribution of malware through thread hijacking – a technique where the ..
Google says it has disrupted phishing attacks in which threat actors were attempting to use cookie theft malware to hijack YouTube accounts and abuse them to promote cryptocurrency scams. As part of these campaigns, which have been ongoing since 2019, hackers recruited on a Russian-speaking forum targeted thousands with phishing emails that promised fake collaboration ..
A rootkit named FiveSys is able to evade detection and slip unnoticed onto Windows users’ systems courtesy of a Microsoft-issued digital signature, according to security researchers with Bitdefender. To prevent certain types of malicious attacks, Microsoft introduced strict requirements for driver packages that seek to receive a WHQL (Windows Hardware Quality Labs) digital signature, and ..