Cybersecurity
Category Added in a WPeMatico Campaign
In addition to targeting researchers with 0-day exploits, the threat actors also developed a standalone Windows tool that has the stated goal of ‘download debugging symbols from Microsoft, Google, Mozilla and Citrix symbol servers for reverse engineers.’ The source code for this tool was first published on GitHub on September 30, 2022, with several updates […]
Researchers at Akamai have unearthed a concerning shift in the behavior of dynamically seeded Domain Generation Algorithm (DGA) families within Domain Name System (DNS) traffic data. This discovery reveals how malicious actors are adapting their tactics to prolong the life of their command-and-control (C2) communication channels, safeguarding their botnets. From a technical standpoint, DGAs come […]
Sep 09, 2023THNMalware / Hacking A legitimate Windows tool used for creating software packages called Advanced Installer is being abused by threat actors to drop cryptocurrency-mining malware on infected machines since at least November 2021. “The attacker uses Advanced Installer to package other legitimate software installers, such as Adobe Illustrator, Autodesk 3ds Max, and SketchUp […]
Today, CISA, Federal Bureau of Investigation (FBI), and U.S. Cyber Command’s Cyber National Mission Force (CNMF) published a joint Cybersecurity Advisory (CSA), Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475. This CSA provides information on an incident at an Aeronautical Sector organization, with malicious activity occurring as early as January 2023. CISA, FBI, and CNMF […]
Attackers are targeting 3D modelers and graphic designers with malicious versions of a legitimate Windows installer tool in a cryptocurrency-mining campaign that’s been ongoing since at least November 2021. The campaign abuses Advanced Installer, a tool for creating software packages, to hide malware in legitimate installers for software used by creative professionals — such as […]
Sep 08, 2023THNCybercrime / Malware The U.K. and U.S. governments on Thursday sanctioned 11 individuals who are alleged to be part of the notorious Russia-based TrickBot cybercrime gang. “Russia has long been a safe haven for cybercriminals, including the TrickBot group,” the U.S. Treasury Department said, adding it has “ties to Russian intelligence services and […]
Cisco on Wednesday announced patches for a critical-severity vulnerability in the BroadWorks Application Delivery Platform and BroadWorks Xtended Services Platform. Tracked as CVE-2023-20238, the vulnerability affecting the BroadWorks calling and collaboration platform was identified in the single sign-on (SSO) implementation and could be exploited by remote, unauthenticated attackers to forge credentials and access affected systems. […]
Multiple vulnerabilities in the Open Automation Software (OAS) Platform can be exploited to bypass authentication, leak sensitive information, and overwrite files, Cisco warns. Enabling communication and data transfer between servers, industrial control systems (ICS), IoT, and other types of devices, the OAS Platform is typically used in industrial operations and enterprise environments. It also supports […]
The US Cybersecurity and Infrastructure Security Agency (CISA) has released new guidance to help federal agencies adopt distributed denial-of-service (DDoS) mitigations. DDoS attacks are a type of cyberattack in which threat actors flood a server or network with internet traffic, exhausting its resources and rendering the target inaccessible. Meant to help federal agencies prevent “large-scale […]