Jul 13, 2023THNOT/ICS, SCADA Cybersecurity The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has alerted of two security flaws impacting Rockwell Automation ControlLogix EtherNet/IP (ENIP) communication module models that could be exploited to achieve remote code execution and denial-of-service (DoS). "The results and impact of exploiting these vulnerabilities … [Read more...] about Rockwell Automation ControlLogix Bugs Expose Industrial Systems to Remote Attacks
attacks
Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers
Jun 26, 2023Ravie LakshmananCyber Threat / Password Security Microsoft has disclosed that it's detected a spike in credential-stealing attacks conducted by the Russian state-affiliated hacker group known as Midnight Blizzard. The intrusions, which made use of residential proxy services to obfuscate the source IP address of the attacks, target governments, IT service … [Read more...] about Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers
Fractureiser attacks Minecraft players | Kaspersky official blog
The gaming community is actively discussing news about malware dubbed fractureiser, found in mods for Minecraft. It was downloaded from CurseForge and dev.bukkit.org. Gamers are advised not to download new .jar files from those sites. Anyone who did recently should check their computers with antimalware solutions. The malware affects players of Windows and Linux game versions … [Read more...] about Fractureiser attacks Minecraft players | Kaspersky official blog
Dark Pink APT Group Leverages TelePowerBot and KamiKakaBot in Sophisticated Attacks
May 31, 2023Ravie LakshmananAdvanced Persistent Threat The threat actor known as Dark Pink has been linked to five new attacks aimed at various entities in Belgium, Brunei, Indonesia, Thailand, and Vietnam between February 2022 and April 2023. This includes educational entities, government agencies, military bodies, and non-profit organizations, indicating the adversarial … [Read more...] about Dark Pink APT Group Leverages TelePowerBot and KamiKakaBot in Sophisticated Attacks
Notorious Cyber Gang FIN7 Returns Cl0p Ransomware in New Wave of Attacks
May 20, 2023Ravie LakshmananCyber Crime / Ransomware The notorious cybercrime group known as FIN7 has been observed deploying Cl0p (aka Clop) ransomware, marking the threat actor's first ransomware campaign since late 2021. Microsoft, which detected the activity in April 2023, is tracking the financially motivated actor under its new taxonomy Sangria Tempest. "In these recent … [Read more...] about Notorious Cyber Gang FIN7 Returns Cl0p Ransomware in New Wave of Attacks
XWorm Malware Exploits Follina Vulnerability in New Wave of Attacks
May 12, 2023Ravie LakshmananCyber Threat / Malware Cybersecurity researchers have discovered an ongoing phishing campaign that makes use of a unique attack chain to deliver the XWorm malware on targeted systems. Securonix, which is tracking the activity cluster under the name MEME#4CHAN, said some of the attacks have primarily targeted manufacturing firms and healthcare … [Read more...] about XWorm Malware Exploits Follina Vulnerability in New Wave of Attacks
CERT-UA Warns of SmokeLoader and RoarBAT Malware Attacks Against Ukraine
May 08, 2023Ravie LakshmananCyber Attack / Data Safety An ongoing phishing campaign with invoice-themed lures is being used to distribute the SmokeLoader malware in the form of a polyglot file, according to the Computer Emergency Response Team of Ukraine (CERT-UA). The emails, per the agency, are sent using compromised accounts and come with a ZIP archive that, in reality, is … [Read more...] about CERT-UA Warns of SmokeLoader and RoarBAT Malware Attacks Against Ukraine
Insecure Default Configuration Exposes Servers to RCE Attacks
Apr 26, 2023Ravie LakshmananServer Security / Vulnerability The maintainers of the Apache Superset open source data visualization software have released fixes to plug an insecure default configuration that could lead to remote code execution. The vulnerability, tracked as CVE-2023-27524 (CVSS score: 8.9), impacts versions up to and including 2.0.1 and relates to the use of a … [Read more...] about Insecure Default Configuration Exposes Servers to RCE Attacks
Russia-Linked Hackers Launches Espionage Attacks on Foreign Diplomatic Entities
Apr 14, 2023Ravie LakshmananUnited States The Russia-linked APT29 (aka Cozy Bear) threat actor has been attributed to an ongoing cyber espionage campaign targeting foreign ministries and diplomatic entities located in NATO member states, the European Union, and Africa. According to Poland's Military Counterintelligence Service and the CERT Polska team, the observed activity … [Read more...] about Russia-Linked Hackers Launches Espionage Attacks on Foreign Diplomatic Entities
Iran-Based Hackers Caught Carrying Out Destructive Attacks Under Ransomware Guise
Apr 08, 2023Ravie LakshmananCyber War / Cyber Threat The Iranian nation-state group known as MuddyWater has been observed carrying out destructive attacks on hybrid environments under the guise of a ransomware operation. That's according to new findings from the Microsoft Threat Intelligence team, which discovered the threat actor targeting both on-premises and cloud … [Read more...] about Iran-Based Hackers Caught Carrying Out Destructive Attacks Under Ransomware Guise