Cybersecurity

8220 Gang Exploiting Oracle WebLogic Server Vulnerability to Spread Malware

Dec 19, 2023NewsroomCryptojacking / Cyber Threat The threat actors associated with the 8220 Gang have been observed exploiting a high-severity flaw in Oracle WebLogic Server to propagate their malware. The security shortcoming is CVE-2020-14883 (CVSS score: 7.2), a remote code execution bug that could be exploited by authenticated attackers to take over susceptible servers. “This […]

Cybersecurity

Double-Extortion Play Ransomware Strikes 300 Organizations Worldwide

Dec 19, 2023NewsroomRansomware / Threat Intelligence The threat actors behind the Play ransomware are estimated to have impacted approximately 300 entities as of October 2023, according to a new joint cybersecurity advisory from Australia and the U.S. “Play ransomware actors employ a double-extortion model, encrypting systems after exfiltrating data and have impacted a wide range […]

Cybersecurity

Pro-China influence operation gained YouTube following, researchers find

A new influence campaign that has gained substantial traction is pushing pro-China and anti-United States narratives on YouTube, researchers have found. According to a report released this week by the Australian Strategic Policy Institute (ASPI), the videos garnered substantial views and subscribers — a rarity in the world of social media influence operations. Named Shadow […]

Cybersecurity

ALPHV Second Most Prominent Ransomware Strain Before Reported Downtime

ALPHV was the second-most leveraged ransomware strain in North America and Europe between January 2022 and October 2023, just before the reported takedown of the group’s website, according to ZeroFox research. The analysis found that ALPHV, aka BlackCat, accounted for around 11% of all ransomware and digital extortion (R&DE) attacks in North America over the […]

Cybersecurity

Beware: Experts Reveal New Details on Zero-Click Outlook RCE Exploits

Dec 18, 2023NewsroomEmail Security / Vulnerability Technical details have emerged about two now-patched security flaws in Microsoft Windows that could be chained by threat actors to achieve remote code execution on the Outlook email service sans any user interaction. “An attacker on the internet can chain the vulnerabilities together to create a full, zero-click remote […]