A new ransomware called “Kasseika” uses Bring Your Own Vulnerable Driver tactics to disable antivirus software before encrypting files. Kasseika was likely built by former members of the BlackMatter group or experienced ransomware actors who purchased its code. Kasseika Ransomware Deploys BYOVD Attacks A new ransomware operation known as “Kasseika” has recently been discovered. This… Continue reading Kasseika Ransomware Exploits Vulnerable Antivirus Drivers
Tag: Cybersecurity
GoAnywhere MFT Auth Bypass Vulnerability Discovered
The fest of vulnerabilities in enterprise software continues with an auth bypass flaw in Fortra’s GoAnywhere MFT. Rated at CVSS 9.8, this flaw allows an adversary to create an administrator account without gaining any access to the system. Fortra recommends updating the MFT solution to the versions beyond the ones susceptible to the flaw. GoAnywhere… Continue reading GoAnywhere MFT Auth Bypass Vulnerability Discovered
Confluence RCE Vulnerability Under Massive Exploitation
Researchers are seeing attempts to exploit a critical vulnerability in outdated Atlassian Confluence servers. The flaw allows attackers to execute code remotely, with most attempts from Russian IP addresses. Typically for remote code execution vulnerabilities, this one received a high severity rating by CVSS scale. RCE Vulnerability in Confluence Exploited in the Wild According to… Continue reading Confluence RCE Vulnerability Under Massive Exploitation
2 Citrix RCE Under Active Exploitation, CISA Notifies
CISA has given a timeframe of one to three weeks to fix three vulnerabilities related to Citrix NetScaler and Google Chrome. These zero-day vulnerabilities were actively used in cyber attacks. 2 Citrix RCEs Exploited In The Wild, CISA Urges to Update Wednesday, January 17, the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert regarding… Continue reading 2 Citrix RCE Under Active Exploitation, CISA Notifies
LockBit Ransomware Uses Resume Word Files to Spread
A recent investigation by ASEC reveals the new tactics of an infamous LockBit ransomware. “Post-paid pentesters” started masquerading as innocuous summaries in Word documents. Ironically, this similar tactic is reminiscent of its past modus operandi. This clever tactic allows the ransomware to infiltrate systems unnoticed. LockBit Ransomware in action The LockBit ransomware, known for its… Continue reading LockBit Ransomware Uses Resume Word Files to Spread
Over 178,000 SonicWall Firewalls are Vulnerable to DoS and RCE
Recent research uncovers a significant portion of SonicWall firewall instances being susceptible to attacks. In particular, two vulnerabilities are able to cause remote code execution (RCE) and DoS attacks. Unfortunately, no official patches are available at the moment, forcing clients to seek a workaround. Uncovering the Flaws The vulnerabilities in question are primarily two stack-based… Continue reading Over 178,000 SonicWall Firewalls are Vulnerable to DoS and RCE
9 PixieFail Vulnerabilities Discovered in TianoCore’s EDK II
A chain of 9 vulnerabilities in UEFI’s Preboot Execution Environment (PXE), dubbed PixieFail, was uncovered in a recent research. As the network boot process is a rather novice attack vector, only a few vulnerabilities received high severity status. Nonetheless, their sheer volume, along with the location in rather sensitive places, can create a mess if… Continue reading 9 PixieFail Vulnerabilities Discovered in TianoCore’s EDK II
What are Facebook Job Scams and How to Avoid Them?
Facebook is probably the most widely used social media globally. Unfortunately, it has also become a hub for scammers to target unsuspecting users. Among them, fake job scams appear to be on an uptrend. What they are, and how to avoid them – I am going to cover those questions in this post. What is… Continue reading What are Facebook Job Scams and How to Avoid Them?
Novice FBot Stealer Targets Cloud Services
Researchers report about a new malware strain dubbed FBot. This Python-based malicious program appears to be a unique tool in cybercriminals’ arsenal. Its uniqueness is due to its targeting of web and cloud services. Deeper analysis reveals that it was potentially made for a specific cybercrime group or for the use in specific attacks. FBot… Continue reading Novice FBot Stealer Targets Cloud Services
AzorUlt Stealer Is Back In Action, Uses Email Phishing
Cybersecurity experts have stumbled upon the eight-year-old Azorult malware. This malware steals information and collects sensitive data, and has been down since late 2021. But will the old dog keep up to new tricks? Azorult Malware Resurfaces After 2 Years A recent research in the cyber threat landscape has brought to light concerning news about… Continue reading AzorUlt Stealer Is Back In Action, Uses Email Phishing