PyPI Package ‘secretslib’ Drops Fileless Cryptominer to Linux Systems
Blog PyPI Package ‘secretslib’ Drops Fileless Cryptominer to Linux Systems A PyPI package named “secretslib” has been identified by Sonatype, which describes itself as “secret mapping and verification made easy”. The package secretly runs cryptominers in the memory of the Linux machine, a technique largely used by fileless malware and cryptominers. Secretslib was downloaded 93 […]
Microsoft Has Disrupted SEABORGIUM’s Ongoing Phishing Operation
Blog The Microsoft Threat Intelligence Center (MSTIC) has taken action and taken measures to disrupt the campaigns launched by the SEABORGIUM actor, which has been tracked since 2017. SEABORGIUM is a threat actor with goals aligned with the interests of the Russian state. SEABORGIUM is a threat actor that often targets the same organizations over […]
Kaspersky Published a Report on Malicious Browser Extensions
Blog Kaspersky analyzed threat statistics by processing data voluntarily shared by its users for the period from January 2020 to June 2022. According to this data, during the first half of this year, 1,311,557 users tried to download malicious or unwanted extensions at least once. From January 2020 to June 2022, nearly 70 percent of users […]
13 Organizations Targeted by Chinese-Linked APT41 and a New Wave of Cobalt Strike Infections
Blog APT41, one of the state-sponsored ex-hacker groups, breached government networks in six US states in March 2022, including by exploiting a vulnerability in a livestock management system, according to Mandiant researchers. Cybersecurity firm Group-IB’s investigations resulted in nearly 80 proactive notifications of APT41 attacks against their infrastructure to private and government organizations worldwide. The […]
WordPress Sites Hacked with Fake Cloudflare DDoS Alerts
Blog DDoS protection pages typically verify whether the site visitor is actually a human or part of a Distributed Denial of Service (DDoS) attack or other unwanted bot. Bad bots make up a large portion of web traffic. These include DDoS traffic, scrapers scavenging email addresses to send spam, bots trying to find vulnerable websites […]
CISA Warning Against Active Exploitation of Palo Alto Networks’ PAN-OS Vulnerability
Blog CISA added Palo Alto Networks PAN-OS to its Catalog of Known Exploited Vulnerabilities based on evidence of active exploitation This critical vulnerability is tracked with code CVE-2022-0028 (CVSS: 8.6 High). The vulnerability is the misconfiguration of a URL filtering policy. Misconfiguration of the PAN-OS URL filtering policy could allow a network-based attacker to perform […]
Iranian Threat Actor MERCURY Exploits Log4j 2 Vulnerabilities in Unpatched Systems
Blog The Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Research Team found that Iran-based threat actor MERCURY exploited Log4j 2 vulnerabilities in SysAid applications. The threat actor targets organizations that are all based in Israel. After gaining access, MERCURY maintains persistence, flushes credentials, and moves laterally within the targeted organization using both proprietary […]
LastPass Password Manager with 25 Million Users Hacked
Blog LastPass, one of the world’s largest password managers, has confirmed that it has been hacked. The company revealed that threat actors stole some of the company’s source code and some proprietary LastPass technical information. It was also stated that there is no evidence yet that this incident involved any access to customer data or […]
The fake ‘Internet Download Manager’ Chrome Extension Has Been Downloaded Over 200,000 Times
Blog The adware ‘Internet Download Manager’ Google Chrome extension has been installed by more than 200,000 users. According to reviews, this extension has been on the Chrome Web Store since June 2019. The extension has been observed to exhibit undesirable behavior. For example, opening links to spammy sites, changing the default browser search engine. According […]
Chinese Threat Actors APT40 Targets Energy Sector in Australia and the South China Sea
Blog The Chinese state-owned threat actor, APT40, targets Australian government agencies, Australian media companies and manufacturers that maintain wind turbine fleets in the South China Sea. Cybersecurity firm Proofpoint, which works in collaboration with PwC, said the threat actor sent phishing emails impersonating the latest campaigns, fake Australian Morning News and Australian media outlets. The […]