A WSO2 Vulnerability is Fraught with Remote Code Execution

The products by WSO2, an open-source API, applications, and web services provider, have been attacked in the wild through the CVE-2022-29464 vulnerability detected back in April 2022. This vulnerability allows attackers to execute malicious code remotely via unhindered file uploading. The scheme of the attack begins with web shell installation through *.jsp or *.war files… Continue reading A WSO2 Vulnerability is Fraught with Remote Code Execution

Experts are already fixing attacks on the Log4Shell vulnerability

Security researchers are already scanning the network looking for products affected by a dangerous bug in the Log4j library and are fixing results of cybercriminals’ attacks on a Log4Shell vulnerability. The vulnerability is already being exploited to deploy miners, Cobalt Strike beacons, and so on. An issue in the popular Log4j logging library included in… Continue reading Experts are already fixing attacks on the Log4Shell vulnerability

Emotet now installs Cobalt Strike beacons

The researchers warn that Emotet now directly installs Cobalt Strike beacons on infected systems, providing immediate access to the network for attackers. Those can use it for lateral movement, which will greatly facilitate extortion attacks. Let me remind you that usually Emotet installs TrickBot or Qbot malware on the victim’s machines, and that one already… Continue reading Emotet now installs Cobalt Strike beacons