Malware & Threats North Korean Hackers Use New ‘KandyKorn’ macOS Malware in Attacks Security researchers uncover new macOS and Windows malware associated with the North Korea-linked Lazarus Group. Ionut ArghireNovember 3, 2023
Malware & Threats Apache ActiveMQ Vulnerability Exploited as Zero-Day The recently patched Apache ActiveMQ vulnerability tracked as CVE-2023-46604 has been exploited as a zero-day since at least October 10. Eduard KovacsNovember 3, 2023
Incident Response FIRST Releases CVSS 4.0 Vuln Scoring Standard The CVSS vulnerability scoring standard is refreshed to provide more data and remove ambiguities in rating the severity of downstream issues. Ryan NaraineNovember 1, 2023
Malware & Threats Mozi Botnet Likely Killed by Its Creators The recent shutdown of the Mozi botnet is believed to have been carried out by its creators, possibly forced by Chinese authorities. Eduard KovacsNovember 1, 2023
Cyberwarfare Iranian Cyber Spies Use ‘LionTail’ Malware in Latest Attacks Check Point reports that an Iranian APT has been observed using a new malware framework in targeted attacks in the Middle East. Ionut ArghireNovember 1, 2023
Malware & Threats Mass Exploitation of ‘Citrix Bleed’ Vulnerability Underway Multiple threat actors are exploiting CVE-2023-4966, aka Citrix Bleed, a critical vulnerability in NetScaler ADC and Gateway. Ionut ArghireNovember 1, 2023
Malware & Threats Malicious NuGet Packages Abuse MSBuild Integrations for Code Execution Threat actors are constantly publishing malicious NuGet packages to automatically execute code on developers’ machines. Ionut ArghireNovember 1, 2023
Cloud Security Attackers Can Use Modified Wikipedia Pages to Mount Redirection Attacks on Slack Researchers document the Wiki-Slack attack, a new technique that uses modified Wikipedia pages to target end users on Slack. Ionut ArghireOctober 30, 2023
Malware & Threats Advanced ‘StripedFly’ Malware With 1 Million Infections Shows Similarities to NSA-Linked Tools The StripedFly malware has APT-like capabilities, but remained unnoticed for five years, posing as a cryptocurrency miner. Ionut ArghireOctober 27, 2023
Malware & Threats ‘YoroTrooper’ Espionage Group Linked to Kazakhstan Cisco links the espionage-focused ‘YoroTrooper’ threat actor to Kazakhstan. Ionut ArghireOctober 25, 2023
Endpoint Security Apple Ships Major iOS, macOS Security Updates Apple patches dozens of serious security flaws in its macOS and iOS platforms, warning that hackers could launch code execution exploits. Ryan NaraineOctober 25, 2023
Malware & Threats Russian Hackers Caught Exploiting Roundcube Webmail Zero-Day Russian APT Winter Vivern exploits a zero-day in the Roundcube webmail server in attacks targeting European governments. Ionut ArghireOctober 25, 2023