Free unofficial patches are available for a new Windows zero-day vulnerability dubbed ‘EventLogCrasher’ that lets attackers remotely crash the Event Log service on devices within the same Windows domain. […]
CISA orders federal agencies to disconnect Ivanti VPN appliances by Saturday
CISA has ordered U.S. federal agencies to disconnect all Ivanti Connect Secure and Policy Secure VPN appliances vulnerable to multiple actively exploited bugs before Saturday. […]
Exposed Docker APIs Under Attack in ‘Commando Cat’ Cryptojacking Campaign
Exposed Docker API endpoints over the internet are under assault from a sophisticated cryptojacking campaign called Commando Cat.
“The campaign deploys a benign container generated using the Commando project,” Cado security researchers Nate Bill and Matt Muir said in a new report published today. “The attacker escapes this container and runs multiple payloads on the
“The campaign deploys a benign container generated using the Commando project,” Cado security researchers Nate Bill and Matt Muir said in a new report published today. “The attacker escapes this container and runs multiple payloads on the
U.S. Feds Shut Down China-Linked “KV-Botnet” Targeting SOHO Routers
The U.S. government on Wednesday said it took steps to neutralize a botnet comprising hundreds of U.S.-based small office and home office (SOHO) routers hijacked by a China-linked state-sponsored threat actor called Volt Typhoon and blunt the impact posed by the hacking campaign.
The existence of the botnet, dubbed KV-botnet, was first disclosed by the Black Lotus Labs team at
The existence of the botnet, dubbed KV-botnet, was first disclosed by the Black Lotus Labs team at
HeadCrab 2.0 Goes Fileless, Targeting Redis Servers for Crypto Mining
Cybersecurity researchers have detailed an updated version of the malware HeadCrab that’s known to target Redis database servers across the world since early September 2021.
The development, which comes exactly a year after the malware was first publicly disclosed by Aqua, is a sign that the financially-motivated threat actor behind the campaign is actively adapting and
The development, which comes exactly a year after the malware was first publicly disclosed by Aqua, is a sign that the financially-motivated threat actor behind the campaign is actively adapting and
Why the Right Metrics Matter When it Comes to Vulnerability Management
How’s your vulnerability management program doing? Is it effective? A success? Let’s be honest, without the right metrics or analytics, how can you tell how well you’re doing, progressing, or if you’re getting ROI? If you’re not measuring, how do you know it’s working?
And even if you are measuring, faulty reporting or focusing on the wrong metrics can create blind spots and make it harder to
And even if you are measuring, faulty reporting or focusing on the wrong metrics can create blind spots and make it harder to
Warning: New Malware Emerges in Attacks Exploiting Ivanti VPN Vulnerabilities
Google-owned Mandiant said it identified new malware employed by a China-nexus espionage threat actor known as UNC5221 and other threat groups during post-exploitation activity targeting Ivanti Connect Secure VPN and Policy Secure devices.
This includes custom web shells such as BUSHWALK, CHAINLINE, FRAMESTING, and a variant of LIGHTWIRE.
“CHAINLINE is a Python web shell backdoor that is
This includes custom web shells such as BUSHWALK, CHAINLINE, FRAMESTING, and a variant of LIGHTWIRE.
“CHAINLINE is a Python web shell backdoor that is
CISA Warns of Active Exploitation of Critical Vulnerability in iOS, iPadOS, and macOS
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting iOS, iPadOS, macOS, tvOS, and watchOS to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerability, tracked as CVE-2022-48618 (CVSS score: 7.8), concerns a bug in the kernel component.
“An attacker with
The vulnerability, tracked as CVE-2022-48618 (CVSS score: 7.8), concerns a bug in the kernel component.
“An attacker with
Hackers push USB malware payloads via news, media hosting sites
A financially motivated threat actor using USB devices for initial infection has been found abusing legitimate online platforms, including GitHub, Vimeo, and Ars Technica, to host encoded payloads embedded in seemingly benign content. […]
RunC Flaws Enable Container Escapes, Granting Attackers Host Access
Multiple security vulnerabilities have been disclosed in the runC command line tool that could be exploited by threat actors to escape the bounds of the container and stage follow-on attacks.
The vulnerabilities, tracked as CVE-2024-21626, CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653, have been collectively dubbed Leaky Vessels by cybersecurity vendor Snyk.
“These container
The vulnerabilities, tracked as CVE-2024-21626, CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653, have been collectively dubbed Leaky Vessels by cybersecurity vendor Snyk.
“These container