Security News

The business of hackers-for-hire threat actors
2022-07-01 17:57

In the world of illegal cyber activities, different kinds of threat actors exist. Another category of threat actors exists, dubbed hackers-for-hire.

North Korean Hackers Suspected to be Behind $100M Horizon Bridge Hack
2022-06-30 22:07

The notorious North Korea-backed hacking collective Lazarus Group is suspected to be behind the recent $100 million altcoin theft from Harmony Horizon Bridge, citing similarities to the Ronin bridge attack in March 2022. The finding comes as Harmony confirmed that its Horizon Bridge, a platform that allows users to move cryptocurrency across different blockchains, had been breached last week.

CISA warns of hackers exploiting PwnKit Linux vulnerability
2022-06-29 16:30

The Cybersecurity and Infrastructure Security Agency has added a high-severity Linux vulnerability known as PwnKit to its list of bugs exploited in the wild. PwnKit is a memory corruption bug that unprivileged users can exploit to gain full root privileges on Linux systems with default configurations.

Microsoft Azure FabricScape bug let hackers hijack Linux clusters
2022-06-29 10:48

Microsoft has fixed a container escape bug dubbed FabricScape in the Service Fabric application hosting platform that let threat actors escalate privileges to root, gain control of the host node, and compromise the entire SF Linux cluster. Additional details on how CVE-2022-30137 can be exploited to execute code and take over SF Linux clusters are available in Unit 42's report.

Microsoft fixes bug that let hackers hijack Azure Linux clusters
2022-06-29 10:48

Microsoft has fixed a container escape vulnerability in the Service Fabric application hosting platform that would allow threat actors to escalate privileges to root, gain control of the host node, and compromise the entire SF Linux cluster. Additional details on how CVE-2022-30137 can be exploited to execute code and take over SF Linux clusters are available in Unit 42's report.

Evilnum hackers return in new operation targeting migration orgs
2022-06-28 21:49

The Evilnum hacking group is showing renewed signs of malicious activity, targeting European organizations that are involved in international migration. Evilnum is an APT that has been active since at least 2018 and had its campaign and tools exposed only recently, in 2020.

APT Hackers Targeting Industrial Control Systems with ShadowPad Backdoor
2022-06-28 20:13

Entities located in Afghanistan, Malaysia, and Pakistan are in the crosshairs of an attack campaign that targets unpatched Microsoft Exchange Servers as an initial access vector to deploy the ShadowPad malware. "During the initial attacks, the group exploited an MS Exchange vulnerability to deploy ShadowPad malware and infiltrated building automation systems of one of the victims," the company said.

Hackers Exploit Mitel VoIP Zero-Day in Likely Ransomware Attack
2022-06-26 22:55

A suspected ransomware intrusion against an unnamed target leveraged a Mitel VoIP appliance as an entry point to achieve remote code execution and gain initial access to the environment.The findings come from cybersecurity firm CrowdStrike, which traced the source of the attack to a Linux-based Mitel VoIP device sitting on the network perimeter, while also identifying a previously unknown exploit as well as a couple of anti-forensic measures adopted by the actor on the device to erase traces of their actions.

State-Backed Hackers Using Ransomware as a Decoy for Cyber Espionage Attacks
2022-06-24 21:04

A China-based advanced persistent threat group is possibly deploying short-lived ransomware families as a decoy to cover up the true operational and tactical objectives behind its campaigns. The activity cluster, attributed to a hacking group dubbed Bronze Starlight by Secureworks, involves the deployment of post-intrusion ransomware such as LockFile, Atom Silo, Rook, Night Sky, Pandora, and LockBit 2.0.

Mitel zero-day used by hackers in suspected ransomware attack
2022-06-24 17:13

Hackers used a zero-day exploit on Linux-based Mitel MiVoice VOIP appliances for initial access in what is believed to be the beginning of a ransomware attack. Mitel VOIP devices are used by critical organizations in various sectors for telephony services and were recently exploited by threat actors for high-volume DDoS amplification attacks.