Security News

A dozen malicious Python packages were uploaded to the PyPi repository this weekend in a typosquatting attack that performs DDoS attacks on a Counter-Strike 1.6 server. Python Package Index is a repository of open-source software packages that developers can easily incorporate into their Python projects to build complex apps with minimal effort.

Researchers have discovered at least 9,000 exposed VNC endpoints that can be accessed and used without authentication, allowing threat actors easy access to internal networks. Security weakness hunters at Cyble scanned the web for internet-facing VNC instances with no password and found over 9,000 accessible servers.

Advanced, the MSP forced to shut down some of its servers last week after identifying an "Issue" with its infrastructure hosting products, has confirmed a ransomware attack and says recovery will be in the order of weeks. Some 36 customers from the UK's National Health Service use services provided by Advanced, including NHS 111, which provides round-the-clock support such as health information.

An authentication bypass Zimbra security vulnerability is actively exploited to compromise Zimbra Collaboration Suite email servers worldwide. Zimbra is an email and collaboration platform used by more than 200,000 businesses from over 140 countries, including over 1,000 government and financial organizations.

Offensive Security has released Kali Linux 2022.3, the latest version of its popular penetration testing and digital forensics platform. The Kali Team knows the importance of practicing instead of relying on theory, and for infosecurity professionals, test labs are a way to test tools and hone their own skills in a legal environment.

Did Slack send you a password reset link last week? The company has admitted to accidentally exposing the hashed passwords of workspace users. Slack said only 0.5 percent of users were affected, which doesn't sound too terrible until you consider how many Slack users are out there.

"This family borrows heavily from the original Mirai source code, but what separates it from other IoT malware families is its built-in capability to brute force credentials and gain access to SSH servers instead of Telnet as implemented in Mirai," Fortinet FortiGuard Labs said in a report. The malware, which gets its name from an embedded URL to a YouTube rap music video in an earlier version, is said to have amassed a growing collection of compromised SSH servers, with over 3,500 unique IP addresses used to scan and brute-force their way into the servers.

A new ransomware family called 'GwisinLocker' targets South Korean healthcare, industrial, and pharmaceutical companies with Windows and Linux encryptors, including support for encrypting VMware ESXi servers and virtual machines. On Wednesday, Korean cybersecurity experts at Ahnlab published a report on the Windows encryptor, and yesterday, security researchers at ReversingLabs published their technical analysis of the Linux version.

A new botnet called 'RapperBot' is being used in attacks since mid-June 2022, focusing on brute-forcing its way into Linux SSH servers to establish a foothold on the device. Over the past 1.5 months since its discovery, the new botnet used over 3,500 unique IPs worldwide to scan and attempt brute-forcing Linux SSH servers.

Threat actors are generating revenue by using adware bundles, malware, or even hacking into Microsoft SQL servers, to convert devices into proxies rented through online proxy services. To steal a device's bandwidth, the threat actors install software called 'proxyware' that allocates a device's available internet bandwidth as a proxy server that remote users can use for various tasks, like testing, intelligence collection, content distribution, or market research.