Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cyberattacks

manageengine

MOVEit mayhem: Attackers found, patch released, but no end in sight

Jun 28, 2023 By Log360 In ManageEngine

The entire cybersecurity realm is buzzing over zero-day vulnerabilities and SQL injection attacks owing to the MOVEit Transfer MFT breach. In case you missed it, here’s the back story, timeline of events, and latest updates. On May 31, 2023, Progress Software rolled out security patches for the recently discovered SQL injection vulnerability in their file sharing application, MOVEit Transfer.

Read Post

GOOTLOADER Malware Case Study - Kroll Cyber Risk

Jun 28, 2023 By Kroll In Kroll
In Q1 2023, Kroll Cyber Threat Intelligence analysts noticed an uptick in GOOTLOADER malware infections leading to large-scale exfiltration of sensitive data, and even extortion. In this video, Threat Intelligence expert, Ryan Hicks, walks through a GOOTLOADER malware case study and provides recommendations for how to prevent such an attack.
View Video
knowbe4

National Cyber Security Centre Notes UK Law Firms are Main Target for Cybercriminals

Jun 28, 2023 By Stu Sjouwerman In KnowBe4

In the most recent Cyber Threat report from the National Cyber Security Centre (NCSC), it is clear that UK law firms are a gold mine for cybercriminals. Given the large sums of money and highly sensitive information that is handled, it's no question as to why UK law firms would be an attractive target for threat actors.

Read Post

The 443 Podcast - Episode 248 - RepoJacking

Jun 27, 2023 By WatchGuard In WatchGuard
On this week's podcast we discuss a recent analysis on the risks of GitHub RepoJacking. After that, we dive in to the Barracuda 0-day that China-based threat actors are actively exploiting as well as a novel command and control distribution method for a separate China-based APT. You can view more information on the CISA guidance as well as Blaze Lab's full blog post at the links below: The 443 Security Simplified is a weekly podcast that gets inside the minds of leading white-hat hackers and security researchers, covering the latest cybersecurity headlines and trends.
View Video
alienvault

Blacktail: Unveiling the tactics of a notorious cybercrime group

Jun 26, 2023 By Arjun Patel In AT&T Cybersecurity

In recent months, a cybercrime group known as Blacktail has begun to make headlines as they continue to target organizations around the globe. The group was first spotted by the Unit 42 Team at Palo Alto Networks earlier this year. Since February, the group has launched multiple attacks based on their latest ransomware campaign labeled Buhti.

Read Post
noname security

Noname Public Service Announcement: Moveit attack involving API abuse

Jun 26, 2023 By Daren Presbitero In Noname Security

A recent onslaught of attacks targeting the MoveIT application have affected several US Government agencies including Department of Energy (DOE); the Oak Ridge National Laboratory (ORNL) and several State governments such as Minnesota, Missouri, and Illinois. Media coverage of the vulnerabilities (CVE-2023-34362, CVE-2023-35036, and most recently CVE-2023-35708) involving a SQL injection are front and center.

Read Post

CrowdStrike Takes On Spyboy's "Terminator"

Jun 26, 2023 By CrowdStrike In CrowdStrike
On May 21, 2023, a new threat actor named Spyboy emerged, advertising a tool known as “Terminator” in a Russian-language forum, claiming the software could bypass over 20 common AV and EDR controls. CrowdStrike automatically blocked this executable, categorizing this as a high-severity detection, enabled by our AI-powered indicators of attack.
View Video
knowbe4

SolarWinds' Head Refuses to Back Down Amid Potential US Regulatory Action over Russian hack

Jun 24, 2023 By Stu Sjouwerman In KnowBe4

According to an internal email obtained by CNN, the CEO of SolarWinds informed employees on Friday that the company plans to vigorously defend itself against potential legal action from US regulators over its handling of the 2020 breach by alleged Russian hackers.

Read Post
tripwire

BlackLotus bootkit patch may bring "false sense of security", warns NSA

Jun 23, 2023 By Graham Cluley In Tripwire

The NSA has published a guide about how to mitigate against attacks involving the BlackLotus bootkit malware, amid fears that system administrators may not be adequately protected against the threat. The BlackLotus UEFI bootkit made a name for itself in October 2022, when it was seen being sold on cybercrime underground forums for $5,000.

Read Post
Featured Post
cato networks

Exploiting ancient vulnerabilities: How did the 3CX supply chain attack occur and what can we learn from it?

Jun 22, 2023 By Etay Maor, Senior Director of Security Strategy In Cato Networks
On March 29th, North-Korean linked threat-actors targeted 3CX, a VoIP IPX developer, exploiting a 10-year-old vulnerability (CVE-2013-3900) that made executables appear to be legitimately signed by Microsoft when, in fact, they were being used to distribute malware. The 3CX attack is just the latest in a series of high-profile supply chain attacks over the past year. The SolarWinds attack compromised the Orion system, affecting thousands of organizations, and the Kaseya VSA attack that was used to deliver REvil ransomware also to thousands of organizations and is considered one of the largest security breaches of the 21st century.
Read Post
Subscribe to Cyberattacks

Copyright © 2024 OpsMatters™. All rights reserved.