The PyPI repository is home to a number of malicious Python packages that have been found to steal sensitive data like AWS credentials and send it to openly accessible locations. Software developers can choose the building blocks for their Python-based…
Latest posts - Page 53
Chinese hackers are disseminating an SMS bomber tool that contains malware
As part of a recently revealed effort, a threat cluster connected to the hacking organisation Tropic Trooper has been seen employing previously unknown malware written in the Nim programming language to attack targets. According to a study from the Israeli…
VMware servers are still being compromised via Log4Shell exploits
Today, CISA issued a warning about threat actors continuing utilising the Log4Shell (CVE-2021-44228) remote code execution vulnerability to attack VMware Horizon and Unified Access Gateway (UAG) servers. Attackers can migrate laterally across networks until they get access to internal systems…
Hacker exploits a zero-day vulnerability in Mitel VoIP
A ransomware attack against an unnamed target used Mitel VoIP equipment as an entry point to execute the code remotely and access the environment. Crowdstrike, a cybersecurity firm, reported the findings, which tracked the source of the attack to a…
A serious PHP bug makes QNAP NAS equipment vulnerable to RCE attacks.
Customers of QNAP have been informed today that certain Network Attached Storage (NAS) devices (with non-default configurations) are susceptible to attacks that would take advantage of a serious, three-year-old PHP bug that permits remote code execution. “Versions of PHP 7.1.x…
Mega says it can’t decrypt your files. New PoC exploit shows otherwise
Mega’s encryption system has been found to have serious weaknesses that allow services to view your data. Mega, a cloud storage service with 250 million registered users and 120 billion files stored across 1,000 petabytes of storage, was launched ten…
NSO admits to the EU committee that Pegasus has been misused by 5 E.U countries
The infamous Israeli surveillance ware vendor NSO Group accepted that five countries used its Pegasus tool. The acceptance was in response to a question asked by European Union lawmakers. “We’re trying to do the right thing and that’s more than…
Researchers claim SmartTub site flaws could disclose Jacuzzi consumers data
According to a security researcher, flaws in the online interface of Jacuzzi’s SmartTub app could have allowed an attacker to view and perhaps change personal data of hot tub owners. SmartTub also has a module that sits inside hot tubs…
Avos ransomware organisation increases its attack capabilities
We recently noticed a month-long AvosLocker promotion during a client engagement. Cobalt Strike, Sliver, and various commercial network scanners were among the tools used by the attackers. Two VMWare Horizon Unified Access Gateways that were vulnerable to Log4Shell served as…
Magecraft campaign sheds light on the scale of the ongoing campaign
A Magecart skimming campaign, recently discovered, was traced back to an earlier attack in November 2021. Two malware domains have been tracked for hosting credit card skimmer code in the light of the Magecart campaign. It appears these domains are…