August 29, 2024

China’s Volt Typhoon Hackers Caught Exploiting Zero-Day in Servers Used by ISPs, MSPs

Security researchers at Lumen Technologies have identified Chinese APT group Volt Typhoon leveraging a newly discovered zero-day vulnerability in Versa Director servers to compromise credentials and infiltrate downstream customer networks.The critical vulnerability, CVE-2024-39717, was recently added to the Cybersecurity and Infrastructure Security Agency’s (CISA) list of mandatory patches. Versa Networks confirmed the active exploitation of the zero-day and issued a […]
July 14, 2024

4TB of internaal date allegedly leaked in Austrailan medical research breach

The Medusa ransomware group has claimed responsibility for stealing over four terabytes of data from the Harry Perkins Institute of Medical Research in Western Australia. The group posted on its dark web leak site, stating that 4.6TB of internal building camera recordings had been uploaded. Medusa is demanding a ransom of US$500,000, though it is also willing to sell the […]
June 25, 2024

DarkGate Malware Replaces AutoIt with AutoHotkey in Latest Cyber Attacks

Cyber attacks involving the DarkGate malware-as-a-service (MaaS) operation have transitioned from using AutoIt scripts to an AutoHotkey mechanism for the final stages of the attack, highlighting the threat actors’ ongoing efforts to evade detection.These updates were observed in DarkGate version 6, released in March 2024 by its developer, RastaFarEye, who has been offering the program on a subscription basis to […]
June 5, 2024

AI Company Hugging Face Detects Unauthorized Access to Its Spaces Platform

Hugging Face, an AI company, revealed on Friday that its Spaces platform experienced unauthorized access earlier this week. We suspect that some Spaces’ secrets may have been accessed without permission, the company shared in an advisory. Spaces is a platform where users can build, host, and share AI and machine learning apps, as well as explore creations by others. Following […]
May 19, 2024

Citrix Releases Security Update For Critical PuTTY Vulnerability In Hypervisor 

There is a critical vulnerability (CVE-2024-31497) in certain versions of Citrix’s Hypervisor virtualization platform that has been disclosed in a security bulletin from Citrix. An issue that stems from XenCenter, the management console for Citrix Hypervisors, has been identified, containing a vulnerable version of PuTTY SSH.Previous versions of XenCenter for Citrix Hypervisor 8.2 CU1 Long Term Service Release (LTSR) included […]
April 22, 2024

CVE-2024-2961 – glibc Vulnerability Opens Door to PHP Attacks: Patch Immediately

The vulnerability cataloged as CVE-2024-2961, is rated 8.8 on the CVSS scale and exists in the ISO-2022-CN-EXT plugin of glibc’s icon library. This critical flaw occurs during the character set conversion process from UCS4, where specific escape characters are needed to indicate changes in the character set to the library. However, due to insufficient boundary checks on internal buffers, an […]
April 18, 2024

Cyberattack Takes Frontier Communications Offline

Texas-based Frontier Communications, a provider of local residential and business telecom services in 25 states, experienced a cyberattack. The breach allowed an unauthorized third party to access portions of its information technology environment, resulting in the theft of personally identifiable information (PII). As part of its containment measures, Frontier took certain systems offline, which led to an operational disruption that […]
March 14, 2024

AndroxGh0st Malware Targets Laravel Apps to Steal Cloud Credentials

AndroxGh0st is a Python-based malware designed to target Laravel applications. It scans and extracts critical information from .env files, revealing login details for AWS and Twilio. As an SMTP cracker, it exploits SMTP using various strategies, including credential exploitation, web shell deployment, and vulnerability scanning. The ability of the program to generate AWS suggests the possibility of brute force attacks. […]
March 5, 2024

New WogRAT malware abuses online notepad service to store malware

A new malware dubbed ‘WogRAT’ targets both Windows and Linux in attacks abusing an online notepad platform named ‘aNotepad’ as a covert channel for storing and retrieving malicious code. aNotepad isn’t blocklisted or treated suspiciously by security tools, which helps make the infection chain stealthier. When the malware is first executed on the victim’s machine, it is unlikely to be […]
1234567891011121314151617181920212223242526272829303132
Next page

Collaboration can mitigate the effects of Ransomware Attacks

Archives
Categories
Privacy Policy
RSS NCSC Threat Reports Feed

© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.