Attacks, Threats, and Vulnerabilities
Remote Code Execution Vulnerability Found in Opera File Sharing Feature (SecurityWeek) A vulnerability in Opera browser’s file sharing feature My Flow could be exploited for remote code execution.
Email Nightmare: 94% of Firms Hit by Phishing Attacks in 2023 (Infosecurity Magazine) In its latest Email Security Risk Report, Egress found that businesses were 10% more negatively affected by phishing attacks in 2023 than in 2022
Remcos RAT Spreading Through Adult Games in New Attack Wave (The Hacker News) reaking News: Remcos RAT, a stealthy remote access trojan, is now spreading in South Korea disguised as adult-themed games via webhards
Remotely Exploitable ‘PixieFail’ Flaws Found in Tianocore EDK II PXE Implementation (SecurityWeek) Quarkslab finds serious, remotely exploitable vulnerabilities in EDK II, the de-facto open source reference implementation of the UEFI spec.
Detailed Analysis of DarkGate; Investigating new top-trend backdoor malware (Malware Analysis, News and Indicators) Author: Minyeop Choi | BLKSMTH Last Modified : Jan 16, 2024 Photo by Nikola Knezevic on UnsplashExecutive Summary DarkGate is a malware that has been developed since 2017 and sold as Malware-as-a-Service. DarkGate was not widely used until 2021, but continued feature additions and modifications were made, and it is now found to be used in various attacks. DarkGate supports attackers able to do malicious acts to victims listed below. — Remote Code Execution by Reverse Shell or Remote Desktop suc...
Hacker spins up 1 million virtual servers to illegally mine crypto (BleepingComputer) A 29-year-old man in Ukraine was arrested this week for using hacked accounts to create 1 million virtual servers used to mine $2 million in cryptocurrency.
Ransomware tracker: the latest figures [March 2023] (The Record) Hospitals and other healthcare providers have gotten a break from ransomware groups in recent months, but other sectors weren't spared.
Ivanti Connect Secure VPN Exploitation Goes Global (Volexity) On January 10, 2024, Volexity publicly shared details of targeted attacks by UTA0178 exploiting two zero-day vulnerabilities (CVE-2024-21887 and CVE-2023-46805) in Ivanti Connect Secure (ICS) VPN appliances. On the same day, Ivanti published a mitigation that could be applied to ICS VPN appliances to prevent exploitation of these vulnerabilities. Since publication of these details, Volexity has continued to monitor its existing customers for exploitation. Volexity has also been contacted by multiple organizations that saw signs of compromise by way of mismatched file detections. Volexity has been actively working multiple new cases of organizations with compromised ICS VPN appliances.
Over 178K SonicWall firewalls vulnerable to DoS, potential RCE attacks (BleepingComputer) Security researchers have found over 178,000 SonicWall next-generation firewalls (NGFW) with the management interface exposed online are vulnerable to denial-of-service (DoS) and potential remote code execution (RCE) attacks.
CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign (Trend Micro) This blog delves into the Phemedrone Stealer campaign's exploitation of CVE-2023-36025, the Windows Defender SmartScreen Bypass vulnerability, for its defense evasion and investigates the malware's payload.
Ransomware attack on US Navy shipbuilder leaked information of nearly 17,000 people (The Record) Fincantieri Marine Group submitted a regulatory filing about an incident that caused widespread production issues in April 2023.
Security Patches, Mitigations, and Software Updates
VMware Releases Critical Security Update for VMware Aria Automation - NHS Digital (NHS Digital) Security update addresses a Missing Access Control vulnerability in the VMware Aria Automation platform
GitLab Critical Security Release: 16.7.2, 16.6.4, 16.5.6 (GitLab) Learn more about GitLab Critical Security Release: 16.7.2, 16.6.4, 16.5.6 for GitLab Community Edition (CE) and Enterprise Edition (EE).
Marketplace
Thomvest Ventures closes $250M fund to invest across fintech, cybersecurity, AI (allinfosecnews.com) Thomvest Ventures deploys capital in the areas of financial and real estate technology, cybersecurity, cloud and AI/data infrastructure. © 2023 TechCrunch. All rights reserved. For personal use only.
Products, Services, and Solutions
Skopenow Grid detects the earliest signals of critical risks - Help Net Security (Help Net Security) Skopenow Grid equips security, intelligence, and investigative teams worldwide with enhanced proactive threat intelligence capabilities.
Technologies, Techniques, and Standards
Building a Shadow IT Policy: What CEOs, CTOs, and CISOs Need to Know | Bitsight (Bitsight) Create a comprehensive policy that includes detection, reporting, and control measures to manage shadow IT.
Litigation, Investigation, and Law Enforcement
Ukrainian arrested for infecting US cloud provider with cryptomining malware (The Record) Ukrainian authorities and an unspecified U.S. cloud computing provider teamed up to capture a suspect in a $2 million cryptomining operation.