Cybersecurity Attacks Archives - Page 5 of 40

H0lyGh0st ransomware actors target small and midsize businesses

Cybersecurity Attacks, Malware, Ransomware / By Frank Crast / July 17, 2022 / Andariel, BLTC.exe, BTLC_C.exe, C2, Cybersecurity Threat Center, DarkSeoul, DEV-0530, H0lyGh0st, HolyGhost, HolyLock.exe, HolyRS.exe, Microsoft, MSTIC, North Korea, Plutonium, Ransomware, SiennaBlue, SiennaPurple, Small Business, SMB

Security researchers from Microsoft warn threat actors from North Korea are using H0lyGh0st ransomware to target small and midsize businesses around the globe.

ZuoRAT targets SOHO devices to launch sophisticated multi-stage cyber attacks

Cybersecurity Attacks, Malware, Network Security / By Frank Crast / July 8, 2022 / ASUS, Black Lotus Labs, Cisco, CVE-2020-26878, CVE-2020-26879, Cybersecurity Attack, Cybersecurity Threat Center, DrayTek, Lumen, NETGEAR, Python, Small Office, SOHO, ZuoRAT

Threat actors are using a multi-stage malware dubbed ZuoRAT to exploit small office/home office (SOHO) routers and launch sophisticated attacks against North American and European networks.

Maui ransomware targets entities in the Healthcare and Public Health sector

Cybersecurity Attacks, Malware / By Frank Crast / July 6, 2022 / CISA, Cybersecurity Threat Center, FBI, Health, healthcare, HPH, Maui, Public Health, Treasury

Cybersecurity experts warn North Korean State-Sponsored threat actors are using Maui ransomware to target entities in the Healthcare and Public Health (HPH) sector.

MedusaLocker ransomware threat

Cybersecurity Attacks, Malware / By Frank Crast / July 6, 2022 / MedusaLocker, Ransomware

Threat actors are exploiting primarily Remote Desktop Protocol (RDP) vulnerabilities on victim computers to deploy MedusaLocker ransomware.

CISA adds 8 vulnerabilities to Known Exploited Vulnerabilities Catalog (to include PwnKit)

Cybersecurity Attacks, Vulnerabilities & Exploits / By Frank Crast / June 30, 2022 / Chromium, CISA, CVE-2018-4344, CVE-2019-8605, CVE-2020-3837, CVE-2020-9907, CVE-2021-30983, Linux, pkexec, polkit, PwnKit

The Cybersecurity and Infrastructure Security Agency (CISA) has added eight vulnerabilities to its Known Exploited Vulnerabilities Catalog, to include two Apple, Mitel, Google Chromium, and the RedHat “PwnKit” vulnerability (CVE-2021-4034) in Polkit’s pkexec tool.

CISA adds Critical Microsoft diagnostics tool vulnerability to Catalog of exploited vulnerabilities

Cybersecurity Attacks, Vulnerabilities & Exploits / By Frank Crast / June 16, 2022 / CVE-2022-30190, Cybersecurity Threat Center, exploits, Follina, Microsoft, MSDT, RCE, Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has added one Microsoft Support Diagnostic Tool (MSDT) vulnerability CVE-2022-30190 (aka “Follina”) to its Known Exploited Vulnerabilities Catalog.

Symbiote: Linux malware ‘nearly impossible to detect’ threat

Cybersecurity Attacks, Malware / By Frank Crast / June 11, 2022 / Blackberry, BPF, Cyberattack, Cybersecurity Threat Center, Linux, malware, Symbiote

Researchers have discovered a new Linux malware dubbed Symbiote, a ‘nearly impossible to detect’ threat.

Microsoft exposes and disables Polonium activity targeting Israeli organizations

Cloud Security, Cybersecurity Attacks / By Frank Crast / June 7, 2022 / CreepyBox, CreepyDrive, CVE-2018-13379, Iran, Lebanon, Microsoft, MOIS, MSTIC, OneDrive, Polonium

Microsoft has exposed and disabled a Lebanon-based Polonium cyber activity targeting Israeli organizations.

Atlassian fixes Critical Confluence RCE vulnerability (CVE-2022-26134) exploited in the wild

Cybersecurity Attacks, Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / By Frank Crast / June 4, 2022 / Atlassian, Confluence, CVE-2022-26134, Zero-day

Atlassian has fixed a Critical severity unauthenticated zero-day RCE vulnerability (CVE-2022-26134) in Confluence Server and Data Center.

Zoom patches XMPP vulnerability chain that could allow an attacker to compromise user over Zoom chat

Cybersecurity Attacks, Messaging Security, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / May 26, 2022 / CVE-2022-22784, CVE-2022-22785, CVE-2022-22786, CVE-2022-22787, Stanza, XMPP, Zoom

Zoom recommends users upgrade their Zoom client to version 5.10.0 to fix an XMPP vulnerability chain that could enable an attacker to execute remote code and compromise another user over Zoom chat.