Security News

A nascent botnet called Andoryu has been found to exploit a now-patched critical security flaw in the Ruckus Wireless Admin panel to break into vulnerable devices. While the malware is known to weaponize remote code execution flaws in GitLab and Lilin DVR for propagation, the addition of CVE-2023-25717 shows that Andoryu is actively expanding its exploit arsenal to ensnare more devices into the botnet.

Adversaries were able to encrypt data in 76% of the ransomware attacks that were conducted against surveyed organizations, according to Sophos. Overall, 66% of the organizations surveyed were attacked by ransomware-the same percentage as the previous year.

A 23-year-old British citizen has confessed to "Multiple schemes" involving computer crimes, including playing a part in the July 2020 Twitter attack that saw the accounts of Amazon CEO Jeff Bezos, Kanye West, and former President Barack Obama hijacked by an unidentified crew. The 2020 Twitter attack happened when blue ticks still meant "Verified account" and was accomplished using social engineering just as the COVID-19 pandemic was starting to gain traction.

In a new report by Cisco Talos, researchers explain how the Greatness phishing platform launched in mid-2022, with a spike in activity in December 2022 and then again in March 2023. The phishing service will automatically inject the target's company logo and background image from the employer's actual Microsoft 365 login page.

Your humble vulture is a glass-half-empty-and-who-the-hell-drank-my-whiskey kind of bird, so instead of looking on the bright side, we're looking at the two Microsoft bugs that have already been found and exploited by miscreants. The two that are under active exploit, at least according to Microsoft, are CVE-2023-29336, a Win32k elevation of privilege vulnerability; and CVE-2023-24932, a Secure Boot security feature bypass vulnerability, which was exploited by the BlackLotus bootkit to infect Windows machines.

To address this issue, AI Spera released a new WordPress plugin called Anti-Brute Force, Login Fraud Detector, also known as Criminal IP FDS, on May 3rd. The plugin utilizes Criminal IP, an OSINT-based search engine, to provide real-time data and intelligence technology to detect and prevent fraudulent login attempts on WordPress websites comprehensively. What to expect from Criminal IP FDS plugin for WordPress.

Iranian nation-state groups have now joined financially motivated actors in actively exploiting a critical flaw in PaperCut print management software, Microsoft said. The tech giant's threat intelligence team said it observed both Mango Sandstorm and Mint Sandstorm weaponizing CVE-2023-27350 in their operations to achieve initial access.

Customer information was stolen from the IT systems of Western Digital in that March IT security breach, forcing the storage manufacturer to shut down its online store until at least next week. Western Digital first disclosed the intrusion in early April, saying that in late March its engineers discovered someone had broken into "a number" of the biz's systems.

Microsoft has started enforcing number matching in Microsoft Authenticator push notifications to fend off multi-factor authentication fatigue attacks. As previously announced, Microsoft will start enforcing number matching for Microsoft Authenticator MFA alerts to block MFA fatigue attack attempts across tenants beginning today.

Microsoft says Iranian state-backed hackers have joined the ongoing assault targeting vulnerable PaperCut MF/NG print management servers. "The PaperCut exploitation activity by Mint Sandstorm appears opportunistic, affecting organizations across sectors and geographies," the Microsoft Threat Intelligence team said.