An unknown threat actor has been identified as the developer of a malware toolkit called the “Eternity Project”. The malware allows professional and amateur cybercriminals to buy stealers, clippers, worms, miners, ransomware, and a distributed denial-of-service (DDoS) bot. The malware-as-a-service(MaaS)…
Latest posts
Zyxel rolls out patches for critical firewall OS command injection vulnerability
Zyxel has patched a serious flaw plaguing Zyxel firewall devices, which allows unauthenticated and remote attackers to execute code arbitrarily. “A command injection vulnerability in the CGI program of some firewall versions could allow an attacker to modify specific files…
Several WordPress websites were attacked; visitors were redirected to corrupt websites
Cybersecurity researchers have revealed a campaign entailing the injection of malicious JavaScript code into affected WordPress websites. The affected websites redirect visitors to fake pages and other infected websites to create illegitimate traffic. “The websites all shared a common issue…
Ransomware and cryptocurrency crime are the focus for a new DOJ team.
While no security officer would rely only on this, it’s encouraging to hear that the US Department of Justice is stepping up its efforts to combat cybercrime. New efforts will focus on ransomware and cryptocurrency occurrences, according to Deputy Attorney…
German companies are being targeted with malicious NPM packages
Cybersecurity researchers have found several malicious packages in the NPM registry, and these packages have been targeting big German companies to execute supply chain attacks. “Compared with most malware found in the NPM repository, this payload seems particularly dangerous: a…
Microsoft fixes vulnerability plaguing Azure Synapse and Data Factory
On Monday, Microsoft said it patched a vulnerability plaguing Azure Synapse and Azure Data Factory. Further, Microsoft said, if the vulnerability was successfully exploited, it could lead to remote code execution. Researchers from Orca Security have codenamed the vulnerability, labelled…
A fresh perspective on “fileless” malware: Event logs carrying harmful code
Security researchers have discovered a malicious campaign that stores malware in Windows event logs, a technique that has never been publicly described for attacks in the wild. The technology allowed the attacker to plant fileless malware in the file system…
DeFi Platform loses more than $2 million
MM. Finance revealed that hackers stole $2 million in digital assets in a Domain Namer System (DNS) attack. These attacks entail hackers targeting the availability or stability of a network’s DNS service. The team at MM.Finance—which claims to be the…
Researchers create an RCE exploit for the latest F5 BIG-IP flaw
Security researchers are warning that they were able to construct an exploit for a serious remote code execution vulnerability affecting F5’s BIG-IP family of devices just days after the company provided patches for the flaw. The weakness, which has been…
Chinese hacker group Mustang Panda executing espionage attacks
Mustang Panda, a China-based threat actor, has been improving and adding tools to attack firms located in Asia, the European Union, Russia, and the U.S. “Mustang Panda is a highly motivated APT group relying primarily on the use of topical…