Month: May 2023
Cybercriminals Targeting Apache NiFi Instances for Cryptocurrency Mining
31 May 2023May 31, 2023Ravie LakshmananServer Security / Cryptocurrency A financially motivated threat actor is actively scouring the internet for unprotected Apache NiFi instances to covertly install a cryptocurrency miner and facilitate lateral movement. The findings come from the SANS Internet Storm Center (ISC), which detected a spike in HTTP requests for “/nifi” on May 19, 2023. […]
Read More
Critical Firmware Vulnerability in Gigabyte Systems Exposes ~7 Million Devices
31 May 2023May 31, 2023Ravie LakshmananFirmware Security / Vulnerability Cybersecurity researchers have found “backdoor-like behavior” within Gigabyte systems, which they say enables the UEFI firmware of the devices to drop a Windows executable and retrieve updates in an unsecure format. Firmware security firm Eclypsium said it first detected the anomaly in April 2023. Gigabyte has since acknowledged […]
Read More
Beware of Ghost Sites: Silent Threat Lurking in Your Salesforce Communities
31 May 2023May 31, 2023Ravie LakshmananData protection / Cyber Threat Improperly deactivated and abandoned Salesforce Sites and Communities (aka Experience Cloud) could pose severe risks to organizations, leading to unauthorized access to sensitive data. Data security firm Varonis dubbed the abandoned, unprotected, and unmonitored resources “ghost sites.” “When these Communities are no longer needed, though, they are […]
Read More
Microsoft Details Critical Apple macOS Vulnerability Allowing SIP Protection Bypass
31 May 2023May 31, 2023Ravie LakshmananEndpoint Security / Vulnerability Microsoft has shared details of a now-patched flaw in Apple macOS that could be abused by threat actors with root access to bypass security enforcements and perform arbitrary actions on affected devices. Specifically, the flaw – dubbed Migraine and tracked as CVE-2023-32369 – could be abused to get […]
Read More
6 Steps to Effectively Threat Hunting: Safeguard Critical Assets and Fight Cybercrime
31 May 2023May 31, 2023The Hacker NewsThreat Hunting / Cybersecurity Finding threat actors before they find you is key to beefing up your cyber defenses. How to do that efficiently and effectively is no small task – but with a small investment of time, you can master threat hunting and save your organization millions of dollars. Consider […]
Read More
Dark Pink APT Group Leverages TelePowerBot and KamiKakaBot in Sophisticated Attacks
31 May 2023May 31, 2023Ravie LakshmananAdvanced Persistent Threat The threat actor known as Dark Pink has been linked to five new attacks aimed at various entities in Belgium, Brunei, Indonesia, Thailand, and Vietnam between February 2022 and April 2023. This includes educational institutions, government agencies, military bodies, and non-profit organizations, indicating the adversarial crew’s continued focus on […]
Read More
RomCom RAT Using Deceptive Web of Rogue Software Sites for Covert Attacks
31 May 2023May 31, 2023Ravie LakshmananCyber Threat / Malware The threat actors behind RomCom RAT are leveraging a network of fake websites advertising rogue versions of popular software at least since July 2022 to infiltrate targets. Cybersecurity firm Trend Micro is tracking the activity cluster under the name Void Rabisu, which is also known as Tropical Scorpius […]
Read More
Alert: Hackers Exploit Barracuda Email Security Gateway 0-Day Flaw for 7 Months
31 May 2023May 31, 2023Ravie LakshmananNetwork Security / Zero Day Enterprise security firm Barracuda on Tuesday disclosed that a recently patched zero-day flaw in its Email Security Gateway (ESG) appliances had been abused by threat actors since October 2022 to backdoor the devices. The latest findings show that the critical vulnerability, tracked as CVE-2023-2868 (CVSS score: N/A), […]
Read More
Hackers Win $105,000 for Reporting Critical Security Flaws in Sonos One Speakers
30 May 2023May 30, 2023Ravie LakshmananZero Day / Vulnerability Multiple security flaws uncovered in Sonos One wireless speakers could be potentially exploited to achieve information disclosure and remote code execution, the Zero Day Initiative (ZDI) said in a report published last week. The vulnerabilities were demonstrated by three different teams from Qrious Secure, STAR Labs, and DEVCORE […]
Read More
CAPTCHA-Breaking Services with Human Solvers Helping Cybercriminals Defeat Security
30 May 2023May 30, 2023Ravie Lakshmanan Cybersecurity researchers are warning about CAPTCHA-breaking services that are being offered for sale to bypass systems designed to distinguish legitimate users from bot traffic. “Because cybercriminals are keen on breaking CAPTCHAs accurately, several services that are primarily geared toward this market demand have been created,” Trend Micro said in a report […]
Read More