Month: December 2021
New iLOBleed Rootkit Targeting HP Enterprise Servers with Data Wiping Attacks
30 December 2021A previously unknown rootkit has been found setting its sights on Hewlett-Packard Enterprise’s Integrated Lights-Out (iLO) server management technology to carry out in-the-wild attacks that tamper with the firmware modules and completely wipe data off the infected systems. The discovery, which is the first instance of real-world malware in iLO firmware, was documented by Iranian […]
Read More
Chinese APT Hackers Used Log4Shell Exploit to Target Academic Institution
30 December 2021A never-before-seen China-based targeted intrusion adversary dubbed Aquatic Panda has been observed leveraging critical flaws in the Apache Log4j logging library as an access vector to perform various post-exploitation operations, including reconnaissance and credential harvesting on targeted systems. Cybersecurity firm CrowdStrike said the infiltration, which was ultimately foiled, was aimed at an unnamed “large academic […]
Read More
Ongoing Autom Cryptomining Malware Attacks Using Upgraded Evasion Tactics
29 December 2021An ongoing crypto mining campaign has upgraded its arsenal while adding new defense evasion tactics that enable the threat actors to conceal the intrusions and fly under the radar, new research published today has revealed. Since first detected in 2019, a total of 84 attacks against its honeypot servers have been recorded to date, four […]
Read More
New Apache Log4j Update Released to Patch Newly Discovered Vulnerability
29 December 2021The Apache Software Foundation (ASF) on Tuesday rolled out fresh patches to contain an arbitrary code execution flaw in Log4j that could be abused by threat actors to run malicious code on affected systems, making it the fifth security shortcoming to be discovered in the tool in the span of a month. Tracked as CVE-2021-44832, […]
Read More
Experts Detail Logging Tool of DanderSpritz Framework Used by Equation Group Hackers
28 December 2021Cybersecurity researchers have offered a detailed glimpse into a system called DoubleFeature that’s dedicated to logging the different stages of post-exploitation stemming from the deployment of DanderSpritz, a full-featured malware framework used by the Equation Group. DanderSpritz came to light on April 14, 2017, when a hacking group known as the Shadow Brokers leaked the […]
Read More
PECB Certified Lead Ethical Hacker: Take Your Career to the Next Level
27 December 2021Cybercrime is increasing exponentially and presents devastating risks for most organizations. According to Cybercrime Magazine, global cybercrime damage is predicted to hit $10.5 trillion annually as of 2025. One of the more recent and increasingly popular forms of tackling such issues by identifying is ethical hacking. This method identifies potential security vulnerabilities in its early […]
Read More
Garrett Walk-Through Metal Detectors Can Be Hacked Remotely
27 December 2021A number of security flaws have been uncovered in a networking component in Garrett Metal Detectors that could allow remote attackers to bypass authentication requirements, tamper with metal detector configurations, and even execute arbitrary code on the devices. “An attacker could manipulate this module to remotely monitor statistics on the metal detector, such as whether […]
Read More
‘Spider-Man: No Way Home’ Pirated Downloads Contain Crypto-Mining Malware
27 December 2021Peter Parker might not be a mastermind cryptocurrency criminal, but the name Spiderman is quickly becoming more associated with the mining landscape. ReasonLabs, a leading provider of cybersecurity prevention and detection software, recently discovered a new form of malware hacking into customer computers in the guise of the latest Spiderman movie. As perhaps the most […]
Read More
New Android Malware Targeting Brazil’s Itaú Unibanco Bank Customers
27 December 2021Researchers have discovered a new Android banking malware that targets Brazil’s Itaú Unibanco with the help of lookalike Google Play Store pages to carry out fraudulent financial transactions on victim devices without their knowledge. “This application has a similar icon and name that could trick users into thinking it is a legitimate app related to […]
Read More
Expert Details macOS Bug That Could Let Malware Bypass Gatekeeper Security
24 December 2021Apple recently fixed a security vulnerability in the macOS operating system that could be potentially exploited by a threat actor to “trivially and reliably” bypass a “myriad of foundational macOS security mechanisms” and run arbitrary code. Security researcher Patrick Wardle detailed the discovery in a series of tweets on Thursday. Tracked as CVE-2021-30853 (CVSS score: […]
Read More