Sophisticated BundleBot Malware Disguised as Google AI Chatbot and Utilities

A new malware strain known as BundleBot has been stealthily operating under the radar by taking advantage of .NET single-file deployment techniques, enabling threat actors to capture sensitive information from compromised hosts. « BundleBot is abusing the dotnet bundle (single-file), self-contained format that results in very low or no static detection at all, » Check Point said in a report

Local Governments Targeted for Ransomware – How to Prevent Falling Victim

Regardless of the country, local government is essential in most citizens’ lives. It provides many day-to-day services and handles various issues. Therefore, their effects can be far-reaching and deeply felt when security failures occur. In early 2023, Oakland, California, fell victim to a ransomware attack. Although city officials have not disclosed how the attack occurred, experts […]

DDoS Botnets Hijacking Zyxel Devices to Launch Devastating Attacks

Several distributed denial-of-service (DDoS) botnets have been observed exploiting a critical flaw in Zyxel devices that came to light in April 2023 to gain remote control of vulnerable systems. « Through the capture of exploit traffic, the attacker’s IP address was identified, and it was determined that the attacks were occurring in multiple regions, including Central […]

Citrix NetScaler ADC and Gateway Devices Under Attack: CISA Urges Immediate Action

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory on Thursday warning that the newly disclosed critical security flaw in Citrix NetScaler Application Delivery Controller (ADC) and Gateway devices is being abused to drop web shells on vulnerable systems. « In June 2023, threat actors exploited this vulnerability as a zero-day to drop a […]

Critical Flaws in AMI MegaRAC BMC Software Expose Servers to Remote Attacks

Two more security flaws have been disclosed in AMI MegaRAC Baseboard Management Controller (BMC) software that, if successfully exploited, could allow threat actors to remotely commandeer vulnerable servers and deploy malware. « These new vulnerabilities range in severity from High to Critical, including unauthenticated remote code execution and unauthorized device access with superuser

Mallox Ransomware Exploits Weak MS-SQL Servers to Breach Networks

Mallox ransomware activities in 2023 have witnessed a 174% increase when compared to the previous year, new findings from Palo Alto Networks Unit 42 reveal. « Mallox ransomware, like many other ransomware threat actors, follows the double extortion trend: stealing data before encrypting an organization’s files, and then threatening to publish the stolen data on a […]

Apache OpenMeetings Web Conferencing Tool Exposed to Critical Vulnerabilities

Multiple security flaws have been disclosed in Apache OpenMeetings, a web conferencing solution, that could be potentially exploited by malicious actors to seize control of admin accounts and run malicious code on susceptible servers. « Attackers can bring the application into an unexpected state, which allows them to take over any user account, including the admin […]

North Korean State-Sponsored Hackers Suspected in JumpCloud Supply Chain Attack

An analysis of the indicators of compromise (IoCs) associated with the JumpCloud hack has uncovered evidence pointing to the involvement of North Korean state-sponsored groups, in a style that’s reminiscent of the supply chain attack targeting 3CX. The findings come from SentinelOne, which mapped out the infrastructure pertaining to the intrusion to uncover underlying patterns. It’s worth noting

A Few More Reasons Why RDP is Insecure (Surprise!)

If it seems like Remote Desktop Protocol (RDP) has been around forever, it’s because it has (at least compared to the many technologies that rise and fall within just a few years.) The initial version, known as « Remote Desktop Protocol 4.0, » was released in 1996 as part of the Windows NT 4.0 Terminal Server edition […]

Évolution des DDoS : faire face à des attaques toujours plus innovantes

Entre 2005 et 2023, nous avons constaté une multiplication par 10 de la fréquence des attaques par déni de service distribué (DDoS). Un phénomène qui n’est pas étranger à l’utilisation renforcée d’internet, aux multiples connexions et à l’omniprésence des utilisateurs en ligne à des fins professionnelles et personnelles.