Attackers are exploiting a recently patched and critical severity Atlassian Confluence authentication bypass flaw to encrypt victims’ files using Cerber ransomware. […]
New Jupyter Infostealer Version Emerges with Sophisticated Stealth Tactics
An updated version of an information stealer malware known as Jupyter has resurfaced with “simple yet impactful changes” that aim to stealthily establish a persistent foothold on compromised systems.
“The team has discovered new waves of Jupyter Infostealer attacks which leverage PowerShell command modifications and signatures of private keys in attempts to pass off the malware as a legitimately
“The team has discovered new waves of Jupyter Infostealer attacks which leverage PowerShell command modifications and signatures of private keys in attempts to pass off the malware as a legitimately
US sanctions Russian who laundered money for Ryuk ransomware affiliate
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned Russian national Ekaterina Zhdanova for laundering millions in cryptocurrency for various individuals, including ransomware actors. […]
QNAP Releases Patch for 2 Critical Flaws Threatening Your NAS Devices
QNAP has released security updates to address two critical security flaws impacting its operating system that could result in arbitrary code execution.
Tracked as CVE-2023-23368 (CVSS score: 9.8), the vulnerability is described as a command injection bug affecting QTS, QuTS hero, and QuTScloud.
“If exploited, the vulnerability could allow remote attackers to execute commands via a network,” the
Tracked as CVE-2023-23368 (CVSS score: 9.8), the vulnerability is described as a command injection bug affecting QTS, QuTS hero, and QuTScloud.
“If exploited, the vulnerability could allow remote attackers to execute commands via a network,” the
TellYouThePass ransomware joins Apache ActiveMQ RCE attacks
Internet-exposed Apache ActiveMQ servers are also targeted in TellYouThePass ransomware attacks targeting a critical remote code execution (RCE) vulnerability previously exploited as a zero-day. […]
SecuriDropper: New Android Dropper-as-a-Service Bypasses Google’s Defenses
Cybersecurity researchers have shed light on a new dropper-as-a-service (DaaS) for Android called SecuriDropper that bypasses new security restrictions imposed by Google and delivers the malware.
Dropper malware on Android is designed to function as a conduit to install a payload on a compromised device, making it a lucrative business model for threat actors, who can advertise the capabilities
Dropper malware on Android is designed to function as a conduit to install a payload on a compromised device, making it a lucrative business model for threat actors, who can advertise the capabilities
QNAP warns of critical command injection flaws in QTS OS, apps
QNAP Systems published security advisories for two critical command injection vulnerabilities that impact multiple versions of the QTS operating system and applications on its network-attached storage (NAS) devices. […]
Cybercrime service bypasses Android security to install malware
A new dropper-as-a-service (DaaS) named ‘SecuriDropper’ has emerged, using a method that bypasses Android 13’s ‘Restricted Settings’ to install malware on devices and grant them access to the Accessibility Services. […]
Iranian Hackers Launches Destructive Cyberattacks on Israeli Tech and Education Sectors
Israeli higher education and tech sectors have been targeted as part of a series of destructive cyber attacks that commenced in January 2023 with an aim to deploy previously undocumented wiper malware.
The intrusions, which took place as recently as October, have been attributed to an Iranian nation-state hacking crew it tracks under the name Agonizing Serpens, which is also known as Agrius,
The intrusions, which took place as recently as October, have been attributed to an Iranian nation-state hacking crew it tracks under the name Agonizing Serpens, which is also known as Agrius,
Google Warns How Hackers Could Abuse Calendar Service as a Covert C2 Channel
Google is warning of multiple threat actors sharing a public proof-of-concept (PoC) exploit that leverages its Calendar service to host command-and-control (C2) infrastructure.
The tool, called Google Calendar RAT (GCR), employs Google Calendar Events for C2 using a Gmail account. It was first published to GitHub in June 2023.
“The script creates a ‘Covert Channel’ by exploiting the event
The tool, called Google Calendar RAT (GCR), employs Google Calendar Events for C2 using a Gmail account. It was first published to GitHub in June 2023.
“The script creates a ‘Covert Channel’ by exploiting the event