TeamTNT’s Silentbob Botnet Infecting 196 Hosts in Cloud Attack Campaign
As many as 196 hosts have been infected as part of an aggressive cloud campaign mounted by the TeamTNT group called Silentbob. « The botnet run by TeamTNT has set its sights on Docker and Kubernetes environments, Redis servers, Postgres databases, Hadoop clusters, Tomcat and Nginx servers, Weave Scope, SSH, and Jupyter applications, » Aqua security researchers Ofek […]
Fake PoC for Linux Kernel Vulnerability on GitHub Exposes Researchers to Malware
In a sign that cybersecurity researchers continue to be under the radar of malicious actors, a proof-of-concept (PoC) has been discovered on GitHub, concealing a backdoor with a « crafty » persistence method. « In this instance, the PoC is a wolf in sheep’s clothing, harboring malicious intent under the guise of a harmless learning tool, » Uptycs researchers […]
Rockwell Automation ControlLogix Bugs Expose Industrial Systems to Remote Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has alerted of two security flaws impacting Rockwell Automation ControlLogix EtherNet/IP (ENIP) communication module models that could be exploited to achieve remote code execution and denial-of-service (DoS). « The results and impact of exploiting these vulnerabilities vary depending on the ControlLogix system configuration, but
U.S. Government Agencies’ Emails Compromised in China-Backed Cyber Attack
An unnamed Federal Civilian Executive Branch (FCEB) agency in the U.S. detected anomalous email activity in mid-June 2023, leading to Microsoft’s discovery of a new China-linked espionage campaign targeting two dozen organizations. The details come from a joint cybersecurity advisory released by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation
New Vulnerabilities Disclosed in SonicWall and Fortinet Network Security Products
SonicWall on Wednesday urged customers of Global Management System (GMS) firewall management and Analytics network reporting engine software to apply the latest fixes to secure against a set of 15 security flaws that could be exploited by a threat actor to circumvent authentication and access sensitive information. Of the 15 shortcomings (tracked from CVE-2023-34123 through […]
The Risks and Preventions of AI in Business: Safeguarding Against Potential Pitfalls
Artificial intelligence (AI) holds immense potential for optimizing internal processes within businesses. However, it also comes with legitimate concerns regarding unauthorized use, including data loss risks and legal consequences. In this article, we will explore the risks associated with AI implementation and discuss measures to minimize damages. Additionally, we will examine regulatory
Microsoft Thwarts Chinese Cyber Attack Targeting Western European Governments
Microsoft on Tuesday revealed that it repelled a cyber attack staged by a Chinese nation-state actor targeting two dozen organizations, some of which include government agencies, in a cyber espionage campaign designed to acquire confidential data. The attacks, which commenced on May 15, 2023, entailed access to email accounts affecting approximately 25 entities and a small number […]
Comment NVIDIA a cadré l’exercice de sa « red team IA »
NVIDIA a communiqué quelques éléments à propose du cadre méthodologique dans lequel évolue sa « red team IA ».
Chinese Hackers Deploy Microsoft-Signed Rootkit to Target Gaming Sector
Cybersecurity researchers have unearthed a novel rootkit signed by Microsoft that’s engineered to communicate with an actor-controlled attack infrastructure. Trend Micro has attributed the activity cluster to the same actor that was previously identified as behind the FiveSys rootkit, which came to light in October 2021. « This malicious actor originates from China and their main victims […]
Python-Based PyLoose Fileless Attack Targets Cloud Workloads for Cryptocurrency Mining
A new fileless attack dubbed PyLoose has been observed striking cloud workloads with the goal of delivering a cryptocurrency miner, new findings from Wiz reveal. « The attack consists of Python code that loads an XMRig Miner directly into memory using memfd, a known Linux fileless technique, » security researchers Avigayil Mechtinger, Oren Ofer, and Itamar Gilad said. « This is the […]