'

Exploitation of Recently Patched VMware Bug Started in 2021

Exploitation of Recently Patched VMware Bug Started in 2021

A Chinese threat group exploited a critical-severity remote code execution flaw in VMware’s centralized management utility, vCenter Server, for almost two years before patches were released. VMware released fixes for the flaw (CVE-2023-34048) in October 2023, but at the time the company said it had not seen evidence of exploitation. On Wednesday, VMware updated its … Read more

Categories duo

Russian COLDRIVER Group Uses New Backdoor to Target Governments

Russian COLDRIVER Group Uses New Backdoor to Target Governments

A well-established and prolific threat group that has focused on phishing and hack-and-leak operations in the last few years has begun to move up the food chain recently, employing a new backdoor known as SPICA in attacks on members of NATO government agencies, NGOs, and other sensitive organizations. Researchers with Google’s Threat Analysis Group (TAG) … Read more

Categories duo

Citrix Discloses Actively Exploited NetScaler ADC and Gateway Flaws

Citrix Discloses Actively Exploited NetScaler ADC and Gateway Flaws

Citrix is warning of two vulnerabilities in its NetScaler Application Delivery Controller (ADC) and Gateway appliances that are being exploited in the wild. The two flaws in Citrix’s network solution appliances include a high-severity denial-of-service bug (CVE-2023-6549) and a medium-severity remote code execution flaw (CVE-2023-6548). Citrix said it is aware of a “limited number of … Read more

Categories duo

Memory Safe: Casey Ellis

Memory Safe: Casey Ellis

In the latest Decipher Memory Safe episode, Casey Ellis, founder and CTO of Bugcrowd, talks about everything from imposter syndrome to the security concept of “building it like it’s broken.” Go to Source Author:

Categories duo

VMware Fixes Critical Aria Automation Bug

VMware Fixes Critical Aria Automation Bug

VMware is warning of a critical-severity vulnerability in its infrastructure automation platform, Aria Automation, which if successfully exploited by cybercriminals could allow unauthorized access to remote organizations and workflows. The issue (CVE-2023-34063) stems from a missing access control in the Aria Automation platform, formerly known as vRealize Automation. All versions of Aria Automation prior to … Read more

Categories duo

APT Group Targets Ivanti Flaws

APT Group Targets Ivanti Flaws

Researchers have discovered evidence of an unidentified APT group exploiting the recently disclosed Ivanti vulnerabilities to install malware, webshells, and other malicious tools, and say the activity began well before the bugs were publicly known. The two vulnerabilities (CVE-2023-46805 and CVE-2024-21887) affect all supported versions of the company’s Connect Secure and Pulse Secure gateway appliances … Read more

Categories duo

GitLab Patches Critical Account Takeover Flaw

GitLab Patches Critical Account Takeover Flaw

GitLab has fixed a critical-severity flaw in several versions of its platform that, if successfully exploited, could enable attackers to take over accounts without user interaction. The flaw (CVE-2023-7028) stems from the fact that user account password reset emails can be delivered to unverified email addresses. GitLab Community Edition (CE) and Enterprise Edition (EE) versions … Read more

Categories duo

FBot Hacking Tool Targets Cloud, Payment Platforms

FBot Hacking Tool Targets Cloud, Payment Platforms

Researchers have discovered a new Python-based hacking tool being leveraged by cybercriminals to target cloud and SaaS platforms, and payment services, like AWS, Office365, PayPal and Twilio. The tool, which is called FBot and has functionalities for harvesting credentials and hijacking accounts, shows the continued interest by cybercriminals in cloud platforms as an attack vector, … Read more

Categories duo

Ivanti Warns of Connect Secure, Policy Secure Zero Days

Ivanti Warns of Connect Secure, Policy Secure Zero Days

Ivanti is warning of two actively exploited vulnerabilities in its Connect Secure and Policy Secure gateways. Currently, the company said it is aware of “less than 10 customers impacted by the vulnerabilities.” Connect Secure and Policy Secure contain a command injection bug (CVE-2024-21887) and an authentication bypass flaw (CVE-2023-46805). If these vulnerabilities are chained together, … Read more

Categories duo

Decryptor Issued For Babuk Tortilla Ransomware Variant

Decryptor Issued For Babuk Tortilla Ransomware Variant

Researchers with Cisco Talos have released a decryptor for the Tortilla variant of the Babuk ransomware, allowing businesses targeted by the ransomware to recover their files. The Cisco Talos team also shared related threat intelligence with Dutch law enforcement agencies, which were then able to identify and apprehend the threat actor behind Babuk Tortilla operations. … Read more

Categories duo

Threat Actors Target Microsoft SQL Servers in Mimic Ransomware Attacks

Threat Actors Target Microsoft SQL Servers in Mimic Ransomware Attacks

For several weeks, threat actors have been targeting insecure Microsoft SQL database servers (MSSQL) of organizations based in the U.S., EU and Latin America, in order to deploy ransomware. In the ongoing campaign, observed by researchers with Securonix, attackers first brute force administrative passwords on MSSQL servers in order to download a number of payloads, … Read more

Categories duo