Sep 20, 2023THNZero Day / Vulnerability Cybersecurity company Trend Micro has released patches and hotfixes to address a critical security flaw in Apex One and Worry-Free Business Security solutions for Windows that has been actively exploited in real-world attacks. Tracked as CVE-2023-41179 (CVSS score: 9.1), it relates to a third-party antivirus uninstaller module that’s bundled […]
In a recent security incident, Sophos detected the most recent variant of the BlackCat/ALPHV variant, named Sphynx. This version introduces new functionalities and has been employed to encrypt Azure Storage accounts. In this incident, The attackers managed to infiltrate a victim’s Sophos Central account and successfully encrypted 39 Azure Storage accounts. Modus operandi After gaining […]
While cloud storage technology is still a popular strategy for IT leaders, its track record increasingly begs the question: Is it still the easy decision it once was? Traditional reasons to move to cloud services include cost and space savings, storage capacity flexibility and emergency recoverability. Organizations are reexamining their original strategy in light of […]
Sep 20, 2023THNVulnerability / Software Security GitLab has shipped security patches to resolve a critical flaw that allows an attacker to run pipelines as another user. The issue, tracked as CVE-2023-5009 (CVSS score: 9.6), impacts all versions of GitLab Enterprise Edition (EE) starting from 13.12 and prior to 16.2.7 as well as from 16.3 and […]
FBI Director Christopher Wray urged private sector organizations to help the agency by coming forward with information regarding malicious cyber activity. Wray told attendees at Mandiant’s annual mWISE 2023 conference Monday that many of the agency’s successful cyber operations in recent years were accomplished with the assistance of private sector partners. He emphasized organization would […]
Three high-severity Kubernetes vulnerabilities (CVE-2023-3676, CVE-2023-3893, CVE-2023-3955) could allow attackers to execute code remotely and gain control over all Windows nodes in the Kubernetes cluster. About the vulnerabilities CVE-2023-3676, discovered by Akamai researcher Tomer Peled, is a command injection vulnerability that can be exploited by applying a malicious YAML file on the cluster. “The Kubernetes […]
A recently discovered Linux backdoor malware, named SprySOCKS, was observed in a cyberespionage campaign targeting government agencies in multiple countries. The campaign was attributed to the Chinese hacking group Earth Lusca. More about SprySOCKS In the campaign, the attackers used a Linux variant of the ELF injector called mandibule to drop SprySOCKS. The backdoor employs […]
XWorm is a relatively new representative of the remote access trojan cohort that has already earned its spot among the most persistent threats across the globe. Since 2022, when it was first observed by researchers, it has undergone a number of major updates that have significantly enhanced its functionality and solidified its staying power. The […]
Sep 19, 2023THNCyber Attack / Threat Intel Targets located in Azerbaijan have been singled out as part of a new campaign that’s designed to deploy Rust-based malware on compromised systems. Cybersecurity firm Deep Instinct is tracking the operation under the name Operation Rusty Flag. It has not been associated with any known threat actor or […]