Hades ransomware gang targets big organizations in the US

Accenture security researchers published an analysis of the latest Hades campaign, which is ongoing since at least December 2020.  Accenture’s Cyber Investigation & Forensic Response (CIFR) and Cyber Threat Intelligence (ACTI) teams published an analysis of the latest campaign conducted by financially motivated threat group Hades which have been operating since at least December 2020.  Experts discovered that threat actors targeted […]

The post Hades ransomware gang targets big organizations in the US appeared first on Security Affairs.

2021-03-26T14:37:31-04:00March 26th, 2021|Latest Cyber Attacks, Malware|

North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

North Korea-linked Lazarus APT group has targeted the defense industry with the custom-backdoor dubbed ThreatNeedle since 2020. North Korea-linked Lazarus APT group has targeted the defense industry with the backdoor dubbed ThreatNeedle since early 2020. The state-sponsored hackers targeted organizations from more than a dozen countries. The experts discovered the custom backdoor while investigating an […]

The post North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor appeared first on Security Affairs.

2021-02-26T18:09:32-05:00February 25th, 2021|Latest Cyber Attacks, Malware|

A Cryptomining botnet abuses Bitcoin blockchain transactions as C2 backup mechanism

Crooks are exploiting BTC blockchain transactions to hide backup command-and-control (C2) server addresses for a cryptomining botnet. Security experts from Akamai have spotted a new botnet used for illicit cryptocurrency mining activities that are abusing Bitcoin (BTC) transactions to implement a backup mechanism for C2.  This technique allows botnet operators to make their infrastructure resilient […]

The post A Cryptomining botnet abuses Bitcoin blockchain transactions as C2 backup mechanism appeared first on Security Affairs.

2021-02-26T18:09:31-05:00February 24th, 2021|Latest Cyber Attacks, Malware|

Researchers uncovered a new Malware Builder dubbed APOMacroSploit

Researchers spotted a new Office malware builder, tracked as APOMacroSploit, that was employed in a campaign targeting more than 80 customers worldwide. Researchers from security firm Check Point uncovered a new Office malware builder called APOMacroSploit, which was employed in attacks that targeted more than 80 customers worldwide. APOMacroSploit is a macro builder that was […]

The post Researchers uncovered a new Malware Builder dubbed APOMacroSploit appeared first on Security Affairs.

2021-02-22T02:28:33-05:00February 22nd, 2021|Latest Cyber Attacks, Malware|

CVE-2014-4019

ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores fragile information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0. (CVSS:5.0) (Concluding Update:2020-02-28)

2020-02-19T20:00:00-05:00February 19th, 2020|Vulnerabilities with Exploits|

CVE-2012-2629

Multiple cross-site request forgery (CSRF) and cross-site scripting (XSS) vulnerabilities in Axous 1.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator account via an addnew action to admin/administrators_add.php; or (2) conduct cross-site scripting (XSS) attacks via the page_title parameter to admin/content_pages_edit.php; the (3) category_name[] parameter to admin/products_category.php; the (4) site_name, (5) seo_title, or (6) meta_keywords parameter to admin/settings_siteinfo.php; the (7) company_name, (8) address1, (9) address2, (10) city, (11) state, (12) country, (13) author_first_name, (14) author_last_name, (15) author_email, (16) contact_first_name, (17) contact_last_name, (18) contact_email, (19) general_email, (20) general_phone, (21) general_fax, (22) sales_email, (23) sales_phone, (24) support_email, or (25) support_phone parameter to admin/settings_company.php; or the (26) system_email, (27) sender_name, (28) smtp_server, (29) smtp_username, (30) smtp_password, or (31) order_notice_email parameter to admin/settings_email.php. (CVSS:6.8) (Closing Update:2020-02-28)

2020-02-19T20:00:00-05:00February 19th, 2020|Vulnerabilities with Exploits|

CVE-2012-6614

D-Link DSR-250N devices before 1.08B31 allow remote authenticated users to obtain "persistent root access" via the BusyBox CLI, as demonstrated by overwriting the super user password. (CVSS:9.0) (Closing Update:2020-03-05)

2020-02-18T20:00:00-05:00February 18th, 2020|Vulnerabilities with Exploits|

CVE-2013-4211

A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 owed to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code (CVSS:7.5) (Concluding Update:2020-02-19)

2020-02-13T20:00:00-05:00February 13th, 2020|Vulnerabilities with Exploits|

CVE-2014-4170

A Privilege Escalation Vulnerability exists in Free Reprintables ArticleFR 11.06.2014 due to insufficient accession restrictions in the data.php script, which could let a remote malicious user obtain admittance or modify or delete database information. (CVSS:7.5) (Concluding Update:2020-02-19)

2020-02-12T20:00:00-05:00February 12th, 2020|Vulnerabilities with Exploits|

CVE-2014-4968

The WebView class and use of the WebView.addJavascriptInterface method in the Boat Browser application 8.0 and 8.0.1 for Android allow remote attackers to execute arbitrary code via a crafted web site, a related issue to CVE-2012-6636. (CVSS:6.8) (Terminal Update:2020-02-19)

2020-02-11T20:00:00-05:00February 11th, 2020|Vulnerabilities with Exploits|
Go to Top