A notorious Chinese APT group known under the moniker “DriftingCloud” targets a cybersecurity firm Sophos. Namely, the threat actor is believed to be behind the active exploitation of a security hole in Sophos firewall. The flaw, tracked as CVE-2022-1040, scores 9.8 in severity and has been affecting Sophos Firewall versions 18.5 MR3 and older since […]
Brace yourself for a new PetitPotam-like NTLM relay attack enabling complete Windows domain takeover via Microsoft’s Distributed File System (MS-DFSNM) abuse. The new attack method, dubbed DFSCoerce, allows adversaries to coerce Windows servers into authentication with a relay under hackers’ control. Domain Controllers (DC) are also vulnerable, which poses a significant risk of the entire […]
A new phishing campaign is on the rise, impacting a wide range of industries and organizations in the U.S., including critical infrastructures such as security, healthcare and pharmaceuticals, the military, and also manufacturing supply chain. The scam began sweeping across the U.S. in May 2022 and is still going on. The targets receive a phishing […]
A rather peculiar type of malware has recently hit the headlines. The new strain is dubbed GoodWill ransomware, and its novelty lies in the nature of the demands that victims have to fulfill to get the decryption key. The ransomware operators, claiming that they are “hungry for kindness”, expect their targets to support those in […]
Cybersecurity researchers have recently shed light on a wave of new cyber attacks by the Iranian nation-backed APT group acting under the moniker “Lyceum” also known as HEXANE. Lyceum actors have been operating in the cyber threat arena since 2017 mainly targeting Middle East organizations in the energy and telecom industry sectors. In the latest […]
Blue Mockingbird cybercrime group has been on the cybersecurity radar for about two years now. In the current campaign, the threat actor exploits the vulnerabilities discovered in 2019 in a popular Telerik UI suite for ASP.NET AJAX that includes around 120 components. The major vulnerability, tracked as CVE-2019-18935 with a critical severity level of 9.8, […]
Cybersecurity researchers have observed the activity of a more advanced version of a fully-functional malware loader dubbed PureCrypter that has been actively distributing remote access Trojans (RATs) and information stealers since March 2021. Notorious malware samples delivered using PureCrypter include AsyncRAT, LokiBot, Remcos, Warzone RAT, NanoCore, Arkei Stealer, and RedLine Stealer. The updated features of […]
Fujitsu Eternus CS8000 (Control Center) V8.1. was deemed vulnerable to privilege escalation attacks in early April 2022, with the Fujitsu PSIRT (Product Security Incident Response Team) releasing an official security notice on June 1, 2022. Security researchers reported two security holes in the vendor’s Control Center software that enabled unauthorized attackers to gain remote code […]
The notorious Microsoft Office zero-day vulnerability tracked as CVE-2022-30190 aka Follina is still being actively exploited by multiple hacking organizations across the world. On June 10, 2022, CERT-UA released a new alert warning of ongoing cyber-attacks targeting Ukrainian media organizations. Threat actors continue to leverage the CVE-2022-30190 vulnerability in the latest malicious email campaign aimed […]
Another zero-day security flaw in the Microsoft Support Diagnostic Tool (MSDT) nicknamed DogWalk comes hard on the heels of its actively exploited counterpart, a remote code execution vulnerability Follina, tracked as CVE-2022-30190. Just like in the case of Follina, a big security issue affecting MSDT, Microsoft troubleshooters ignored the bug when it was first brought […]