INTERPOL Arrests 31 in Global Operation, Identifies 1,900+ Ransomware-Linked IPs
An INTERPOL-led collaborative operation targeting phishing, banking malware, and ransomware attacks has led to the identification of 1,300 suspicious IP addresses and URLs. The law enforcement effort, codenamed Synergia, took place between September and November 2023 in an attempt to blunt the « growth, escalation and professionalization of transnational cybercrime. » Involving 60 law
Volt Typhoon : les Etats-Unis annoncent le démantèlement du botnet chinois
Les autorités américaines ont lancé une opération contre Volt Typhoon, à la fin de l’année dernière, notamment en désactivant à distance des éléments du botnet.
L’Ouzbékistan pénalise les mineurs et les propriétaires de crypto-monnaies
En Ouzbékistan, la responsabilité pénale a été introduite pour le minage et la circulation illégale de crypto-monnaies.
Cloudflare Breach: Nation-State Hackers Access Source Code and Internal Docs
Cloudflare has revealed that it was the target of a likely nation-state attack in which the threat actor leveraged stolen credentials to gain unauthorized access to its Atlassian server and ultimately access some documentation and a limited amount of source code. The intrusion, which took place between November 14 and 24, 2023, and detected on […]
FritzFrog Returns with Log4Shell and PwnKit, Spreading Malware Inside Your Network
The threat actor behind a peer-to-peer (P2P) botnet known as FritzFrog has made a return with a new variant that leverages the Log4Shell vulnerability to propagate internally within an already compromised network. « The vulnerability is exploited in a brute-force manner that attempts to target as many vulnerable Java applications as possible, » web infrastructure and security
Exposed Docker APIs Under Attack in ‘Commando Cat’ Cryptojacking Campaign
Exposed Docker API endpoints over the internet are under assault from a sophisticated cryptojacking campaign called Commando Cat. « The campaign deploys a benign container generated using the Commando project, » Cado security researchers Nate Bill and Matt Muir said in a new report published today. « The attacker escapes this container and runs multiple payloads on the
U.S. Feds Shut Down China-Linked « KV-Botnet » Targeting SOHO Routers
The U.S. government on Wednesday said it took steps to neutralize a botnet comprising hundreds of U.S.-based small office and home office (SOHO) routers hijacked by a China-linked state-sponsored threat actor called Volt Typhoon and blunt the impact posed by the hacking campaign. The existence of the botnet, dubbed KV-botnet, was first disclosed by the Black Lotus Labs […]
Why the Right Metrics Matter When it Comes to Vulnerability Management
How’s your vulnerability management program doing? Is it effective? A success? Let’s be honest, without the right metrics or analytics, how can you tell how well you’re doing, progressing, or if you’re getting ROI? If you’re not measuring, how do you know it’s working? And even if you are measuring, faulty reporting or focusing on […]
HeadCrab 2.0 Goes Fileless, Targeting Redis Servers for Crypto Mining
Cybersecurity researchers have detailed an updated version of the malware HeadCrab that’s known to target Redis database servers across the world since early September 2021. The development, which comes exactly a year after the malware was first publicly disclosed by Aqua, is a sign that the financially-motivated threat actor behind the campaign is actively adapting and
Warning: New Malware Emerges in Attacks Exploiting Ivanti VPN Vulnerabilities
Google-owned Mandiant said it identified new malware employed by a China-nexus espionage threat actor known as UNC5221 and other threat groups during post-exploitation activity targeting Ivanti Connect Secure VPN and Policy Secure devices. This includes custom web shells such as BUSHWALK, CHAINLINE, FRAMESTING, and a variant of LIGHTWIRE. « CHAINLINE is a Python web shell backdoor that […]