The Checkmk IT Infrastructure monitoring software has vulnerabilities that have been publicly revealed and could be exploited by a remote, unauthenticated attacker to completely…
remote command execution
Ransomware
Hackers using the Black Basta ransomware breach networks using Qakbot to deploy Brute Ratel C4
Recent assaults were carried out by the threat actors responsible for the Black Basta ransomware family. It saw the use of the Qakbot trojan…
Vulnerabilities
A serious open source flaw WebPageTest is still not patched.
After a talk, a blog post, and public publication, the RCE exploit is still open for discussion. The maintainers of the WebPageTest project seem…
Vulnerabilities
There are two fresh zero-days for Exchange Server
As it looks at (yep, more) reported vulnerabilities in Microsoft Exchange Server that affect the software’s 2013, 2016, and 2019 editions, Microsoft has released…
Malware
Findings of New Malware Families Aimed at VMware ESXi Hypervisors
VMware’s virtualization software has been revealed to be used by threat actors to implant never-before-seen post-compromise implants. The implants allow them to take control…
Malware
The new campaign uses government, union-themed lures to deliver Cobalt Strike beacons
Cisco Talos found a malicious campaign using a modularized attack method to distribute Cobalt Strike beacons on compromised endpoints. The initial attack vector is…
backdoor
Tibetans are the target of Chinese espionage hackers using the new LOWZERO backdoor.
An advanced persistent threat actor (APTA) with ties to China identified as TA413 used recently discovered security holes in Microsoft Office and Sophos Firewall…
backdoor
Multiple issues with WAPPLES web application firewall have been raised
RCE (Remote Code Execution) and unknown backdoor threats are discovered by researchers. A researcher issues a warning on many flaws in the WAPPLES web…
Microsoft Teams
GIFShell attack creates reverse shell using Microsoft Teams GIFs
In order to ensure that PII and/or configuration data, such as Wi-Fi, WPA, PSK, etc., are deleted from the devices before they are sold…
cyberattack
MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations
The Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Research Team have recently discovered Iran-based threat actor MERCURY using SysAid applications’ exploits of…