As it looks at (yep, more) reported vulnerabilities in Microsoft Exchange Server that affect the software’s 2013, 2016, and 2019 editions, Microsoft has released some consumer guidance. According to the business, “few targeted assaults employing the two vulnerabilities to access…
VMware’s virtualization software has been revealed to be used by threat actors to implant never-before-seen post-compromise implants. The implants allow them to take control of compromised systems while avoiding detection. It affects VMware ESXi, Linux vCenter servers, and Windows virtual…
As part of a novel strategy in its watering-hole attacks, the SolarMarker attack organization is encouraging victims to download phoney Chrome browser updates by attacking a WordPress-powered website. Researchers have identified the hacking group utilizing SolarMarker attack malware, which uses…
While providing security monitoring and incident response services around the beginning of August 2022, the GTSC SOC team learned that a vital infrastructure was under assault, specifically their Microsoft Exchange application. The research revealed that the attack used a 0-day…
User names, emails, passwords, mobile numbers, OTP-related information, and login IPs. And hacked unique user tokens are among the Swachhata City data. On Friday, September 23, a threat actor going by the handle LeakBase posted a 6GB data dump containing…
After a year-long operational sabbatical, the Brazilian threat actor Prilex has returned with sophisticated and intricate Point-of-Sale Malware to steal money through fraudulent transactions. According to Kaspersky researchers, “The Prilex gang has demonstrated a high level of expertise about credit…
On September 22, 2022, Australian telecoms firm Optus revealed Optus Data Breach a security issue. Since then, a lot has transpired. The majority of it reads like a screenplay. Prologue According to a hacker using the alias “optusdata,” 10 million…
Cisco Talos found a malicious campaign using a modularized attack method to distribute Cobalt Strike beacons on compromised endpoints. The initial attack vector is a phishing email with a malicious Microsoft Word document attachment. Attachment tries to exploit the Microsoft…
Microsoft has recently discovered social engineering activities by an actor we trace as ZINC that weaponized legal open-source software. In the US, UK, India, and Russia, the Microsoft Threat Intelligence Center (MSTIC) has detected activities aimed against employees of businesses…
Agent Tesla’s remote access trojan is distributed using Quantum Builder, a newly identified malware creator (RAT). When compared to earlier attacks of this type, this campaign has improvements and a shift toward LNK (Windows shortcut) files. According to a report…
