Security News

A quickly expanding botnet called Chaos is targeting and infecting Windows and Linux devices to use them for cryptomining and launching DDoS attacks. Even though it mainly propagates by attacking devices unpatched against various security vulnerabilities and SSH brute-forcing, Chaos will also use stolen SSH keys to hijack more devices.

Four vulnerabilities in the widely adopted 'Stacked VLAN' Ethernet feature allows attackers to perform denial-of-service or man-in-the-middle attacks against network targets using custom-crafted packets. Stacked VLANs, also known as VLAN Stacking, is a feature in modern routers and switches that allows companies to encapsulate multiple VLAN IDs into a single VLAN connection shared with an upstream provider.

The relatively new Bl00Dy Ransomware Gang has started to use a recently leaked LockBit ransomware builder in attacks against companies. Last week, the LockBit 3.0 ransomware builder was leaked on Twitter after the LockBit operator had a falling out with his developer.

A common question we are asked by clients after deploying is, "Are attack paths in Active Directory this bad for everyone?". What does often cheer them up is learning that many of those attack paths can be fixed quickly and easily, now that the security team knows they exist.

In order to understand how a pass-the-hash attack works, you must first understand how password hashes are used. When you log into the system, the authentication engine uses the same mathematical formula to compute a hash for the password that you entered and compares it to the stored hash.

Sonatype has found a massive year-over-year increase in cyberattacks aimed at open source projects. To capitalize on weaknesses in upstream open source ecosystems, cybercriminals continue to target organizations through open source repositories.

The APWG's Phishing Activity Trends Report reveals that in the second quarter of 2022, the APWG observed 1,097,811 total phishing attacks - the worst quarter for phishing that APWG has ever observed. The number of phishing attacks reported has quadrupled since early 2020 - when APWG was observing between 68,000 and 94,000 attacks per month.

Vulnerable Microsoft SQL servers are being targeted in a new wave of attacks with FARGO ransomware, security researchers are warning. BleepingComputer has reported similar attacks in February, dropping Cobalt Strike beacons, and in July when threat actors hijacked vulnerable MS-SQL servers to steal bandwidth for proxy services.

Australian telecommunications company Optus has fallen victim to a significant cyberattack and data breach. Coming clean on Thursday, Optus said the attack exposed information including customers' names, dates of birth, phone numbers, email addresses, and - for some - physical addresses, ID document numbers such as driving license or passport numbers.

Sophos warned today that a critical code injection security vulnerability in the company's Firewall product is being exploited in the wild. The company says it has released hotfixes for Sophos Firewall versions affected by this security bug and older) that will roll out automatically to all instances since automatic updates are enabled by default.