Cybersecurity

Category Added in a WPeMatico Campaign

Cybersecurity

New Python-based FBot Hacking Toolkit Aims at Cloud and SaaS Platforms

Jan 11, 2024NewsroomCloud Security / Cyber Attacks A new Python-based hacking tool called FBot has been uncovered targeting web servers, cloud services, content management systems (CMS), and SaaS platforms such as Amazon Web Services (AWS), Microsoft 365, PayPal, Sendgrid, and Twilio. “Key features include credential harvesting for spamming attacks, AWS account hijacking tools, and functions […]

Cybersecurity

Chertoff Group Affiliate Completes Trustwave Acquisition

MC2 Security Fund, a growth equity fund and affiliate of The Chertoff Group, has completed its acquisition of managed security services provider Trustwave. Trustwave specializes in managed detection and response, cyber advisory services, database security, and penetration testing. The company offers comprehensive offensive and defensive cybersecurity services. Investment group MC2 makes private-equity investments in high-growth […]

Cybersecurity

Threat Actors Increasingly Abusing GitHub for Malicious Purposes

Jan 11, 2024NewsroomCybersecurity / Software Security The ubiquity of GitHub in information technology (IT) environments has made it a lucrative choice for threat actors to host and deliver malicious payloads and act as dead drop resolvers, command-and-control, and data exfiltration points. “Using GitHub services for malicious infrastructure allows adversaries to blend in with legitimate network […]

Cybersecurity

New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP Systems

Jan 11, 2024NewsroomVulnerability / Cyber Attack Cybersecurity researchers have developed a proof-of-concept (PoC) code that exploits a recently disclosed critical flaw in the Apache OfBiz open-source Enterprise Resource Planning (ERP) system to execute a memory-resident payload. The vulnerability in question is CVE-2023-51467 (CVSS score: 9.8), a bypass for another severe shortcoming in the same software […]

Cybersecurity

Black Basta-Affiliate Spreads Pikabot | Cyware Hacker News

Trend Micro observed the Water Curupira actively propagating the Pikabot loader malware as part of campaigns, more aggressively in Q4 2023. Water Curupira is a Black Basta ransomware affiliate. Diving into Details Pikabot gained notoriety for its sophisticated multi-stage attack mechanism, capable of deploying a decrypted shellcode that extracts another DLL file, the actual payload. […]

Cybersecurity

HMG Healthcare disclosed a data breach

HMG Healthcare disclosed a data breach Pierluigi Paganini January 10, 2024 The Healthcare services provider HMG Healthcare has disclosed a data breach that impacted 40 affiliated nursing facilities. In November 2023, the Healthcare services provider HMG Healthcare discovered a data breach that exposed personal health information related to residents and employees at HMG affiliated nursing […]