Tag: Cybersecurity

Kasseika Ransomware Exploits Vulnerable Antivirus Drivers

Kasseika ransomware uses a vulnerable antivirus driver to stop security solutions in the attacked system

A new ransomware called “Kasseika” uses Bring Your Own Vulnerable Driver tactics to disable antivirus software before encrypting files. Kasseika was likely built by former members of the BlackMatter group or experienced ransomware actors who purchased its code. Kasseika Ransomware Deploys BYOVD Attacks A new ransomware operation known as “Kasseika” has recently been discovered. This… Continue reading Kasseika Ransomware Exploits Vulnerable Antivirus Drivers

GoAnywhere MFT Auth Bypass Vulnerability Discovered

Fortra insists on installing updates to fix the severe vulnerability in GoAnywhere

The fest of vulnerabilities in enterprise software continues with an auth bypass flaw in Fortra’s GoAnywhere MFT. Rated at CVSS 9.8, this flaw allows an adversary to create an administrator account without gaining any access to the system. Fortra recommends updating the MFT solution to the versions beyond the ones susceptible to the flaw. GoAnywhere… Continue reading GoAnywhere MFT Auth Bypass Vulnerability Discovered

Confluence RCE Vulnerability Under Massive Exploitation

Experts have discovered a vulnerability with maximum CVSS that lures hackers like honey for bees.

Researchers are seeing attempts to exploit a critical vulnerability in outdated Atlassian Confluence servers. The flaw allows attackers to execute code remotely, with most attempts from Russian IP addresses. Typically for remote code execution vulnerabilities, this one received a high severity rating by CVSS scale. RCE Vulnerability in Confluence Exploited in the Wild According to… Continue reading Confluence RCE Vulnerability Under Massive Exploitation

2 Citrix RCE Under Active Exploitation, CISA Notifies

Two Citrix vulnerabilities are exploited and must be patched within seven days.

CISA has given a timeframe of one to three weeks to fix three vulnerabilities related to Citrix NetScaler and Google Chrome. These zero-day vulnerabilities were actively used in cyber attacks. 2 Citrix RCEs Exploited In The Wild, CISA Urges to Update Wednesday, January 17, the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert regarding… Continue reading 2 Citrix RCE Under Active Exploitation, CISA Notifies

LockBit Ransomware Uses Resume Word Files to Spread

LockBit ransomware group is back to utilizing Word files to distribute the payload.

A recent investigation by ASEC reveals the new tactics of an infamous LockBit ransomware. “Post-paid pentesters” started masquerading as innocuous summaries in Word documents. Ironically, this similar tactic is reminiscent of its past modus operandi. This clever tactic allows the ransomware to infiltrate systems unnoticed. LockBit Ransomware in action The LockBit ransomware, known for its… Continue reading LockBit Ransomware Uses Resume Word Files to Spread

Over 178,000 SonicWall Firewalls are Vulnerable to DoS and RCE

SonicWall's series 6 and 7 NGFWs have two unauthenticated DoS vulnerabilities with potential for remote code execution.

Recent research uncovers a significant portion of SonicWall firewall instances being susceptible to attacks. In particular, two vulnerabilities are able to cause remote code execution (RCE) and DoS attacks. Unfortunately, no official patches are available at the moment, forcing clients to seek a workaround. Uncovering the Flaws The vulnerabilities in question are primarily two stack-based… Continue reading Over 178,000 SonicWall Firewalls are Vulnerable to DoS and RCE

9 PixieFail Vulnerabilities Discovered in TianoCore’s EDK II

A newly discovered set of vulnerabilities touches a wide selection of hardware and firmware developers

A chain of 9 vulnerabilities in UEFI’s Preboot Execution Environment (PXE), dubbed PixieFail, was uncovered in a recent research. As the network boot process is a rather novice attack vector, only a few vulnerabilities received high severity status. Nonetheless, their sheer volume, along with the location in rather sensitive places, can create a mess if… Continue reading 9 PixieFail Vulnerabilities Discovered in TianoCore’s EDK II

What are Facebook Job Scams and How to Avoid Them?

A new wave of scams hits Facebook, trying to lure out personal information under the guise of job offers

Facebook is probably the most widely used social media globally. Unfortunately, it has also become a hub for scammers to target unsuspecting users. Among them, fake job scams appear to be on an uptrend. What they are, and how to avoid them – I am going to cover those questions in this post. What is… Continue reading What are Facebook Job Scams and How to Avoid Them?

Novice FBot Stealer Targets Cloud Services

Emerging FBot stealer, a beginner's tool, targets cloud platforms, exploiting vulnerabilities for data theft.

Researchers report about a new malware strain dubbed FBot. This Python-based malicious program appears to be a unique tool in cybercriminals’ arsenal. Its uniqueness is due to its targeting of web and cloud services. Deeper analysis reveals that it was potentially made for a specific cybercrime group or for the use in specific attacks. FBot… Continue reading Novice FBot Stealer Targets Cloud Services

AzorUlt Stealer Is Back In Action, Uses Email Phishing

Once-forgotten malware is back in business

Cybersecurity experts have stumbled upon the eight-year-old Azorult malware. This malware steals information and collects sensitive data, and has been down since late 2021. But will the old dog keep up to new tricks? Azorult Malware Resurfaces After 2 Years A recent research in the cyber threat landscape has brought to light concerning news about… Continue reading AzorUlt Stealer Is Back In Action, Uses Email Phishing