Cybersecurity
Category Added in a WPeMatico Campaign
Jan 12, 2024NewsroomVulnerability / Threat Intelligence As many as five different malware families were deployed by suspected nation-state actors as part of post-exploitation activities leveraging two zero-day vulnerabilities in Ivanti Connect Secure (ICS) VPN appliances since early December 2023. “These families allow the threat actors to circumvent authentication and provide backdoor access to these devices,” […]
This post is also available in: 日本語 (Japanese) Executive Summary Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. Medusa threat actors use this site to disclose sensitive […]
Jan 12, 2024NewsroomDevSecOps / Software security GitLab has released security updates to address two critical vulnerabilities, including one that could be exploited to take over accounts without requiring any user interaction. Tracked as CVE-2023-7028, the flaw has been awarded the maximum severity of 10.0 on the CVSS scoring system and could facilitate account takeover by […]
Defense evasion by exploiting CVE-2023-36025 Once the malicious .url file exploiting CVE-2023-36025 is executed, it connects to an attacker-controlled server to download and execute a control panel item (.cpl) file. Microsoft Windows Defender SmartScreen should warn users with a security prompt before executing the .url file from an untrusted source. However, the attackers craft a […]
Technical Analysis Zscaler ThreatLabz has previously analyzed DreamBus and its modules. Each DreamBus module is an Executable and Linkable Format (ELF) binary that is packed by UPX with a modified header and footer. This alteration is designed to prevent the UPX command-line tool from statically unpacking DreamBus binaries. The magic bytes UPX! (0x21585055) are typically […]
A recent spate of phishing scams — promoted through counterfeit websites — has prompted warnings from police and local businesses in the United Arab Emirates (UAE). The alerts flag fake websites posing as Dubai’s Road and Transport Authority (RTA), which runs the metro and bus network in the city, as well as tourist sites such […]
Team Liquid’s wiki leak exposes 118K users Pierluigi Paganini January 12, 2024 Liquipedia, an online e-sports platform run by Team Liquid, exposed a database revealing its users’ email addresses and other details. Users of the e-sports knowledge base were exposed via a publicly accessible and passwordless MongoDB database, the Cybernews research team has discovered. The […]
The Kansas state court system is close to a full recovery from an October ransomware attack that forced officials to use paper records for weeks, state Supreme Court Chief Justice Marla Luckert said Wednesday. During a State of the Judiciary speech in front of the Kansas legislature, Luckert spoke at length about the incident, telling […]
Jan 12, 2024NewsroomCyber Attack / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The issue, tracked as CVE-2023-29357 (CVSS score: 9.8), is a privilege escalation flaw that could be exploited by an […]