Security News
Google researchers on Thursday disclosed that it found a watering hole attack in late August exploiting a now-parched zero-day in macOS operating system and targeting Hong Kong websites related to a media outlet and a prominent pro-democracy labor and political group to deliver a never-before-seen backdoor on compromised machines. "Based on our findings, we believe this threat actor to be a well-resourced group, likely state backed, with access to their own software engineering team based on the quality of the payload code," Google Threat Analysis Group researcher Erye Hernandez said in a report.
The new BotenaGo malware botnet has been discovered using over thirty exploits to attack millions of routers and IoT devices. CVE-2020-8958: Guangzhou 1GE ONU. Researchers at AT&T who analyzed the new botnet found that it targets millions of devices with functions that exploit the above flaws.
The Magniber ransomware gang is now using two Internet Explorer vulnerabilities and malicious advertisements to infect users and encrypt their devices. The Magniber gang is known for its use of vulnerabilities to breach systems and deploy their ransomware.
At least nine entities across the technology, defense, healthcare, energy, and education industries were compromised by leveraging a recently patched critical vulnerability in Zoho's ManageEngine ADSelfService Plus self-service password management and single sign-on solution. The spying campaign, which was observed starting September 22, 2021, involved the threat actor taking advantage of the flaw to gain initial access to targeted organizations, before moving laterally through the network to carry out post-exploitation activities by deploying malicious tools designed to harvest credentials and exfiltrate sensitive information via a backdoor.
At least nine entities across the technology, defense, healthcare, energy, and education industries were compromised by leveraging a recently patched critical vulnerability in Zoho's ManageEngine ADSelfService Plus self-service password management and single sign-on solution. The spying campaign, which was observed starting September 22, 2021, involved the threat actor taking advantage of the flaw to gain initial access to targeted organizations, before moving laterally through the network to carry out post-exploitation activities by deploying malicious tools designed to harvest credentials and exfiltrate sensitive information via a backdoor.
The embargo period is over for a proof-of-concept tool to test for the recently revealed BrakTooth flaws in Bluetooth devices, and the researchers who discovered them have released both the test kit and full exploit code for the bugs. BrakTooth is a collection of flaws affecting commercial Bluetooth stacks on more than 1,400 chipsets used in billions of devices - including smartphones, PCs, toys, internet-of-things devices and industrial equipment - that rely on Bluetooth Classic for communication.
Researchers have released public exploit code and a proof of concept tool to test Bluetooth devices against System-on-a-Chip security bugs impacting multiple vendors, including Intel, Qualcomm, Texas Instruments, and Cypress. CISA warned vendors Thursday to patch these vulnerabilities after the security researchers released the proof of concept tool to test Bluetooth devices against BrakTooth exploits.
A new threat actor is hacking Microsoft Exchange servers and breaching corporate networks using the ProxyShell vulnerability to deploy the Babuk Ransomware. The ProxyShell attacks against vulnerable Microsoft Exchange servers started several months ago, with LockFile and Conti being among the first ransomware groups to exploit them.
The U.S. has sanctioned four companies located in Israel, Russia, and Singapore for the development of spyware or the sale of hacking tools used by state-sponsored hacking groups. Israeli companies NSO Group and Candiru are being sanctioned for creating and selling spyware used to target journalists and activists.
That's true of a new phishing campaign that uses both Craigslist and OneDrive to trick people into installing malware. Clicking on a button in the email was supposed to take people to a form document that had been uploaded to an actual Microsoft OneDrive site.