A new DDoS botnet dubbed AndoryuBot poses a threat to Ruckus Wireless Admin panels by exploiting a newly patched critical severity flaw tracked as CVE-2023-25717 with the CVSS base score reaching 9.8. The vulnerability exploitation can potentially lead to remote code execution (RCE) and a full compromise of wireless Access Point (AP) equipment. Detecting CVE-2023-25717 […]
With the constantly changing cyber threat landscape and the increasing sophistication of the adversary toolkit, information exchange between cybersecurity experts is of paramount value. On January 25 and 26, 2023, the global cyber defender community welcomed the sixth JSAC2023 conference for security analysts aimed to boost their expertise in the field. This annual cybersecurity event […]
The financially-motivated hacking collective tracked as UAC-0006 comes back to the cyber threat arena exploiting the phishing attack vector and distributing the SmokeLoader malware. According to the latest CERT-UA cybersecurity alert, threat actors massively distribute phishing emails exploiting the compromised accounts with the financially related email subject and using a malicious ZIP attachment to deploy […]
Adversaries are constantly looking for novel ways to overcome security protections. After Microsoft started blocking macros for Office documents by default last year, cybercriminals adapted their deployment methods to slip through the defense. APT37 follows this major trend, using Windows shortcut (LNK) files to proceed with the ROKRAT (aka DOGCALL) campaigns successfully. Detect ROKRAT Malware […]
Since the outbreak of the global cyber war, state bodies of Ukraine and its allies have become targets of diverse malicious campaigns launched by multiple hacking collectives. Experts estimate a 250% surge of cyber attacks against Ukraine in 2022 and over 2,000 of them launched by russia-affiliated threat actors since the beginning of the full-fledged […]
The infamous russian nation-backed hacking collective tracked as APT28 or UAC-0001, which has a history of targeted attacks against Ukrainian government agencies, reemerges in the cyber threat arena. The latest CERT-UA#6562 alert confirms that over April 2023, the hacking collective has been leveraging the phishing attack vector to massively distribute spoofed emails among Ukrainian state […]
The popular open-source data visualization and data exploration tool, Apache Superset, is claimed to be vulnerable to authentication bypass and remote code execution (RCE), enabling threat actors to gain administrator access to the targeted servers and further collect user credentials and compromise data. The discovered bug is an insecure default configuration flaw tracked as CVE-2023-27524, […]
PaperCut has recently reported that the company’s application servers are vulnerable to a critical RCE flaw known as CVE-2023-27350, with a CVSS of 9.8. As a response to a growing number of exploitation attempts, CISA added the discovered bug to its Known Exploited Vulnerabilities (KEV) catalog. Detect CVE-2023-27350 Exploitation Attempts Proactive detection of vulnerability exploitation […]
Cybersecurity researchers have uncovered a new malware family called Domino attributed to the adversary activity of the financially motivated russia-backed FIN7 APT group. Cyber defenders also link the use of Domino with another former hacking group known as Trickbot aka Conti, which has been applied in the malicious campaign by the latter threat actors since […]
With the tax season in full swing, threat actors are setting eyes on financial organizations. According to the latest cybersecurity reports, U.S. accounting firms and other financial institutions have fallen prey to a series of adversary campaigns spreading GuLoader malware since March 2022. Threat actors spread the GuLoader malicious samples by leveraging a phishing attack […]