Ransomware actors attempt to stay at the forefront of the malicious trends in their strive for bigger profits. Recently, security researchers spotted a new threat actor leveraging a critical vulnerability in Atlassian Confluence (CVE-2021-26084) to proceed with ransomware infections. Dubbed Atom Silo, the gang relies on CVE-2021-26084 alongside several novel evasion techniques to fly under […]
Thousands of Microsoft Exchange servers remain vulnerable to ProxyShell remote code execution vulnerabilities despite the patches issued in April-May. To make things even worse, security researchers are observing a significant spike in scans for vulnerable Exchange servers, after the technical overview of the ProxyShell attack was revealed at the Black Hat conference on August 4-5, […]
Ivanti has addressed a critical security hole (CVE-2021-22937) that affects its Pulse Connect Secure VPNs. The flaw is a bypass of the patch issued in October last year to mitigate the CVE-2020-8260, a notorious bug that allows malicious admins to execute arbitrary code remotely with root privileges. CVE-2021-22937 Description According to the in-depth inquiry by […]
July continues to be an effortful month for Microsoft. After the critical PrintNightmare (CVE-2021-1675) and HiveNightmare (CVE-2021-36934) vulnerabilities, security researchers have identified a critical security gap that might result in a complete Windows domain compromise. The issue, dubbed PetitPotam, takes advantage of the Encrypting File System Remote Protocol (MS-EFSRPC) and allows attackers to proceed with […]
Israeli spyware firm Candiru supplied zero-day exploits to the nation-baked actors globally, Microsoft and Citizen Lab revealed. According to the analysis, Candiru leveraged previously unknown zero-day bugs in Windows and Chrome to power its high-end spyware dubbed DevilsTongue. Although DevilsTongue was marketed as a āmercenary softwareā facilitating surveillance operations for government agencies, it was identified […]
July 2021 proceeds to be a really hot and tough month in terms of the loud cybersecurity events. While the world of cyber is still recovering from PrintNighmare vulnerability (CVE-2021-1675), Kaseya supply chain attack, and SolarWinds Serv-U zero-day (CVE-2021-35211), Windows has officially announced a new notorious flaw within its products. A recently disclosed HiveNightmare (aka […]
WildPressure ATP group, known for its repeating attacks against the oil and gas sector in the Middle East, has recently upgraded its malicious toolkit with a new version of Milum Trojan. The enhancements made to the strain allow adversaries to compromise macOS devices alongside traditional Windows systems. According to security experts, the Trojan is able […]
Hundreds of companies have been recently exposed to a massive supply chain attack on the software company Kaseya. A zero-day bug in Kaseyaās VSA software was nefariously leveraged by the REvil gang to infect 30 managed service providers (MSPs) and multiple their customers with ransomware.Ā Although the vendor has been aware of the vulnerability since […]
A notorious remote code execution (RCE) bug in Windows Print Spooler allows attackers to achieve full system compromise on the unpatched instances. The vulnerability, dubbed PrintNightmare (CVE-2021-1675), was initially rated as a low-severity issue that enables privilege escalation to admin on the targeted hosts. However, after deep-dive research by experts who discovered the potential for […]
Experts warn about an unusual approach to infect targets with BazarLoader ā a notorious strain frequently used to deliver ransomware. The hacker collective, dubbed BazarCall, abuses call center functionality to trick victims into downloading the malicious payload. The campaign has been active since at least February 2021, continuously adding new tricks to increase its notoriety. […]