Malware & Threats New hVNC macOS Malware Advertised on Hacker Forum A new macOS-targeting hVNC malware family is being advertised on a prominent cybercrime forum. Ionut ArghireAugust 2, 2023
Malware & Threats Ivanti Zero-Day Exploited by APT Since at Least April in Norwegian Government Attack The recently patched Ivanti EPMM zero-day CVE-2023-35078 has been exploited to hack the Norwegian government since at least April 2023. Eduard KovacsAugust 2, 2023
Malware & Threats Second Ivanti EPMM Zero-Day Vulnerability Exploited in Targeted Attacks Ivanti EPMM customers have been warned of CVE-2023-35081, a second zero-day vulnerability that has been exploited in targeted attacks. Eduard KovacsJuly 31, 2023
Malware & Threats CISA Analyzes Malware Used in Barracuda ESG Attacks CISA has shared analysis reports on three malware families obtained from an organization hacked via a recent Barracuda ESG vulnerability. Ionut ArghireJuly 31, 2023
Malware & Threats Exploitation of Recent Citrix ShareFile RCE Vulnerability Begins The first attempts to exploit CVE-2023-24489, a recent critical Citrix ShareFile remote code execution vulnerability, have been observed. Ionut ArghireJuly 28, 2023
Email Security In Other News: Military Emails Leaked, Google Restricts Internet Access, Chinese Spyware Weekly cybersecurity news roundup that provides a summary of noteworthy stories that might have slipped under the radar for the week of July 17,... SecurityWeek NewsJuly 21, 2023
Malware & Threats Multiple DDoS Botnets Exploiting Recent Zyxel Vulnerability Multiple DDoS botnets have been observed targeting CVE-2023-28771, a Zyxel firewall vulnerability patched in April. Ionut ArghireJuly 20, 2023
Malware & Threats P2PInfect: New Peer-to-Peer Worm Targeting Redis Servers The Rust-based peer-to-peer worm ‘P2PInfect’ is targeting a Lua sandbox escape vulnerability in internet-accessible Redis servers. Ionut ArghireJuly 20, 2023
Malware & Threats Two Jira Plugin Vulnerabilities in Attacker Crosshairs Attackers are exploiting two path traversal vulnerabilities in the Stagil navigation for Jira – Menus & Themes plugin. Ionut ArghireJuly 19, 2023
Government US Gov Mercenary Spyware Clampdown Hits Cytrox, Intellexa The two foreign companies are being sanctioned for “for trafficking in cyber exploits used to gain access to information systems.” Ryan NaraineJuly 18, 2023
Malware & Threats WordPress Sites Hacked via Critical Vulnerability in WooCommerce Payments Plugin Attackers have started exploiting CVE-2023-28121, a recent critical vulnerability in the WooCommerce Payments WordPress plugin. Ionut ArghireJuly 18, 2023
Fraud & Identity Theft Netcraft Raises $100M, Hires New CEO for Global Expansion The British company secures $100 million in funding and announced the hiring of a new chief executive to pursue global expansion plans. Ryan NaraineJuly 18, 2023