Security News
Hitachi Energy confirmed it suffered a data breach after the Clop ransomware gang stole data using a zero-day GoAnyway zero-day vulnerability. Hitachi Energy is a department of Japanese engineering and technology giant Hitachi focused on energy solutions and power systems.
A new Golang-based botnet dubbed HinataBot has been observed to leverage known flaws to compromise routers and servers and use them to stage distributed denial-of-service attacks. The threat actors behind HinataBot are said to have been active since at least December 2022, with the attacks first attempting to use a generic Go-based Mirai variant before switching to their own custom malware starting from January 11, 2023.
A suspected Chinese hacking group has been linked to a series of attacks on government organizations exploiting a Fortinet zero-day vulnerability to deploy malware. The security flaw allowed threat actors to deploy malware payloads by executing unauthorized code or commands on unpatched FortiGate firewall devices, as Fortinet disclosed last week.
Phishing attacks have become increasingly prevalent and sophisticated, making it more difficult for individuals to protect themselves from these scams. In this Help Net Security video, Ofek Ronen, Software Engineer at Perception Point, discusses two-step phishing attacks, which are not only dangerous but also evasive, making them even more challenging to detect and avoid.
LockBit ransomware has claimed a cyber attack on Essendant, a wholesale distributer of office products after a "Significant" and ongoing outage knocked the company's operations offline. As earlier reported by BleepingComputer, Essendant's wide-spread network outage has been preventing placement or fulfillment of online orders, and impacting both the company's customers and suppliers.
Microsoft's Patch Tuesday update for March 2023 is rolling out with remediations for a set of 80 security flaws, two of which have come under active exploitation in the wild. The two vulnerabilities that have come under active attack include a Microsoft Outlook privilege escalation flaw and a Windows SmartScreen security feature bypass.
Cybersecurity company Rubrik has confirmed that its data was stolen using a zero-day vulnerability in the Fortra GoAnywhere secure file transfer platform. Rubrik is a cloud data management service that offers enterprise data backup and recovery services and disaster recovery solutions.
The two scripts were set up to activate one another in case the other wasn'tt already running, which created a backup instance of the primary malware process and thereby enhanced its resilience. A bash script named "GeoBotnetd" found on an infected device checks every 10 seconds for a firmware upgrade to appear in /cf/FIRMWARE/NEW/INITRD.GZ. If that's the case, the script will backup the file, unzip it, mount it, and then copy over the whole package of malware files.
Microsoft has patched another zero-day bug used by attackers to circumvent the Windows SmartScreen cloud-based anti-malware service and deploy Magniber ransomware payloads without raising any red...
A new Golang-based malware dubbed GoBruteforcer has been found targeting web servers running phpMyAdmin, MySQL, FTP, and Postgres to corral the devices into a botnet. The malware is mainly designed to single out Unix-like platforms running x86, x64 and ARM architectures, with GoBruteforcer attempting to obtain access via a brute-force attack using a list of credentials hard-coded into the binary.