Security News

The Chinese state-sponsored group known as UNC3886 has been found to exploit a zero-day flaw in VMware ESXi hosts to backdoor Windows and Linux systems. The VMware Tools authentication bypass vulnerability, tracked as CVE-2023-20867, "Enabled the execution of privileged commands across Windows, Linux, and PhotonOS guest VMs without authentication of guest credentials from a compromised ESXi host and no default logging on guest VMs," Mandiant said.

VMware patched today a VMware ESXi zero-day vulnerability exploited by a Chinese-sponsored hacking group to backdoor Windows and Linux virtual machines and steal data.The cyber espionage group-tracked as UNC3886 by cybersecurity firm Mandiant who discovered the attacks-abused the CVE-2023-20867 VMware Tools authentication bypass flaw to deploy VirtualPita and VirtualPie backdoors on guest VMs from compromised ESXi hosts where they escalated privileges to root.

A hacking group tracked as 'Pink Drainer' is impersonating journalists in phishing attacks to compromise Discord and Twitter accounts for cryptocurrency-stealing attacks. According to ScamSniffer analysts, Pink Drainer successfully compromised the accounts of 1,932 victims to steal roughly $2,997,307 worth of digital assets on the Mainnet and Arbitrum.

Squad claimed an attack that took down Russian telecom provider Infotel JSC on Thursday evening. Among other things, Moscow-based Infotel provides connectivity services between the Russian Central Bank and other Russian banks, online stores, and credit institutions.

British Airways, BBC and Boots have all been served an ultimatum after they were hit with a supply-chain attack by the ransomware group Clop. In February 2023, Clop claimed responsibility for a supply-chain attack that affected more than 130 organizations, including data belonging to CHS Healthcare patients.

The University of Manchester warns staff and students that they suffered a cyberattack where threat actors likely stole data from the University's network. In a statement published on its website, the University of Manchester says they discovered the breach on Tuesday, June 6th, and immediately launched an investigation.

A hacking group tracked as 'Asylum Ambuscade' was observed in recent attacks targeting small to medium-sized companies worldwide, combining cyber espionage with cybercrime. ESET has published a new report on the actor today, disclosing more details about last year's Asylum Ambuscade operations and highlighting updates on its victimology and toolset.

For Windows 11, Microsoft and Intel had worked for over five years on the features that would support Windows 11's secure by default objectives, for example. The Intel vPro architecture includes a set of features in Intel chips that offer hardware assistance in areas including remote management and security.

The notorious North Korean hacking group known as Lazarus has been linked to the recent Atomic Wallet hack, resulting in the theft of over $35 million in crypto. The attack on Atomic Wallet occurred last weekend when numerous users reported that their wallets were compromised and their funds had been stolen.

Microsoft has officially linked the ongoing active exploitation of a critical flaw in the Progress Software MOVEit Transfer application to a threat actor it tracks as Lace Tempest. "Exploitation is often followed by deployment of a web shell with data exfiltration capabilities," the Microsoft Threat Intelligence team said in a series of tweets today.