Tagged: computer security
A never-before-seen China-based targeted intrusion adversary dubbed Aquatic Panda has been observed leveraging critical flaws in the Apache Log4j logging library as an access vector to perform various post-exploitation operations, including reconnaissance and credential harvesting on...
A previously unknown rootkit has been found setting its sights on Hewlett-Packard Enterprise’s Integrated Lights-Out (iLO) server management technology to carry out in-the-wild attacks that tamper with the firmware modules and completely wipe data...
The Apache Software Foundation (ASF) on Tuesday rolled out fresh patches to contain an arbitrary code execution flaw in Log4j that could be abused by threat actors to run malicious code on affected systems,...
An ongoing crypto mining campaign has upgraded its arsenal while adding new defense evasion tactics that enable the threat actors to conceal the intrusions and fly under the radar, new research published today has...
A number of security flaws have been uncovered in a networking component in Garrett Metal Detectors that could allow remote attackers to bypass authentication requirements, tamper with metal detector configurations, and even execute arbitrary...
Cybersecurity researchers have offered a detailed glimpse into a system called DoubleFeature that’s dedicated to logging the different stages of post-exploitation stemming from the deployment of DanderSpritz, a full-featured malware framework used by the Equation...
Cybercrime is increasing exponentially and presents devastating risks for most organizations. According to Cybercrime Magazine, global cybercrime damage is predicted to hit $10.5 trillion annually as of 2025. One of the more recent and...
By the end of 2021, there will be 12 billion connected IoT devices, and by 2025, that number will rise to 27 billion. All these devices will be connected to the internet and will...
China’s internet regulator, the Ministry of Industry and Information Technology (MIIT), has temporarily suspended a partnership with Alibaba Cloud, the cloud computing subsidiary of e-commerce giant Alibaba Group, for six months on account of...
Ransomware groups continue to evolve their tactics and techniques to deploy file-encrypting malware on compromised systems, notwithstanding law enforcement’s disruptive actions against the cybercrime gangs to prevent them from victimizing additional companies. “Be it...
Apple recently fixed a security vulnerability in the macOS operating system that could be potentially exploited by a threat actor to “trivially and reliably” bypass a “myriad of foundational macOS security mechanisms” and run...
Cybersecurity researchers have disclosed details of an evasive malware campaign that makes use of valid code signing certificates to sneak past security defenses and stay under the radar with the goal of deploying Cobalt...
Cybersecurity agencies from Australia, Canada, New Zealand, the U.S., and the U.K. on Wednesday released a joint advisory in response to widespread exploitation of multiple vulnerabilities in Apache’s Log4j software library by nefarious adversaries....
Microsoft is urging customers to patch two security vulnerabilities in Active Directory domain controllers that it addressed in November following the availability of a proof-of-concept (PoC) tool on December 12. The two vulnerabilities — tracked as CVE-2021-42278 and CVE-2021-42287 —...
Multiple backdoors have been discovered during a penetration test in the firmware of a widely used voice over Internet Protocol (VoIP) appliance from Auerswald, a German telecommunications hardware manufacturer, that could be abused to...
Transportation industry and government agencies related to the sector are the victims of an ongoing campaign since July 2020 by a sophisticated and well-equipped cyberespionage group in what appears to be yet another uptick...