Security News
In this Help Net Security video, Roman Faithfull, Cyber Intelligence Analyst at Digital Shadows, talks about how threat actors mobilize new members within the cybercriminal ecosystem. Cybercriminal forums are awash with users advertising and requesting the services of developers to design fresh new malware.
Medibank on Thursday confirmed that the threat actors behind the devastating cyber attack have posted another dump of data stolen from its systems on the dark web after its refusal to pay a ransom. "We are in the process of analyzing the data, but the data released appears to be the data we believed the criminal stole," the Australian health insurer said.
Medibank on Thursday confirmed that the threat actors behind the devastating cyber attack have posted another dump of data stolen from its systems on the dark web after its refusal to pay a ransom. "We are in the process of analyzing the data, but the data released appears to be the data we believed the criminal stole," the Australian health insurer said.
Amazon Web Services has resolved a cross-tenant vulnerability in its platform that could be weaponized by an attacker to gain unauthorized access to resources. "This attack abuses the AppSync service to assume roles in other AWS accounts, which allows an attacker to pivot into a victim organization and access resources in those accounts," Datadog researcher Nick Frichette said in a report published last week.
Amazon Web Services has resolved a cross-tenant vulnerability in its platform that could be weaponized by an attacker to gain unauthorized access to resources."This attack abuses the AppSync service to assume roles in other AWS accounts, which allows an attacker to pivot into a victim organization and access resources in those accounts," Datadog researcher Nick Frichette said in a report published last week.
Those affected may be unaware that their devices run services using the discontinued Boa web server, and that firmware updates and downstream patches do not address its known vulnerabilities. Boa is an open-source web server designed for embedded applications and used to access settings, management consoles, and sign-in screens in devices.
Microsoft said its own investigation into the attack activity uncovered Boa as a common link, assessing that the intrusions were directed against exposed IoT devices running the web server. "Despite being discontinued in 2005, the Boa web server continues to be implemented by different vendors across a variety of IoT devices and popular software development kits," the company said.
Microsoft said today that security vulnerabilities found to impact a web server discontinued since 2005 have been used to target and compromise organizations in the energy sector. The attackers gained access to the internal networks of the hacked entities via Internet-exposed cameras on their networks as command-and-control servers.
The FBI and U.S. Postal Inspection Service have seized eighteen web domains used to recruit money mules for work-from-home and reshipping scams. The seized domains now display a seizure notice with links [1, 2] warning employment seekers of the risks of home job and reshipping scams.
Multiple high-severity flaws have been uncovered in the open source OpenLiteSpeed Web Server as well as its enterprise variant that could be weaponized to achieve remote code execution. "By chaining and exploiting the vulnerabilities, adversaries could compromise the web server and gain fully privileged remote code execution," Palo Alto Networks Unit 42 said in a Thursday report.