An emerging actor is the latest to deploy a tactic that terminates AV processes and services before deploying its payload; the campaign is part of a bigger “bring your own vulnerable driver” trend.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-01-24 18:11:502024-01-24 18:11:50Kasseika Ransomware Linked to BlackMatter in BYOVD Attack
An external threat actor in possession of a Google account could misuse this misconfiguration by using their own Google OAuth 2.0 bearer token to seize control of the cluster for follow-on exploitation.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-01-24 18:11:502024-01-24 18:11:50How the Sys:All Loophole Allowed Us To Penetrate GKE Clusters in Production
The company has discovered a limited number of individuals whose personal information may have been impacted during the breach and is working with a third-party forensics firm to assess the extent of the attack’s impact on its operations and systems.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-01-24 17:06:352024-01-24 17:06:35Water Services Giant Veolia North America Hit by Ransomware Attack
KB5034204 also fixes an issue caused by a deadlock that prevents search from working on the Start menu for some users and addresses a bug affecting the OpenType font driver, affecting how text renders for third-party applications.
VexTrio has been attributed to malicious campaigns that use domains generated by a dictionary domain generation algorithm (DDGA) to propagate scams, riskware, spyware, adware, potentially unwanted programs (PUPs), and pornographic content.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-01-24 14:12:422024-01-24 14:12:42VexTrio: The Uber of Cybercrime – Brokering Malware for 60+ Affiliates
Deserialization of untrusted data can allow malicious code to be executed on the system. This is because the serialized data can contain instructions that the application will execute when it deserializes the data.
For those concerned, the Trello leak has been added to the Have I Been Pwned data breach notification service, allowing anyone to check if they are among the 15 million leaked email addresses.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-01-24 11:10:292024-01-24 11:10:29Trello API Abused to Link Email Addresses to 15 Million Accounts
Authentication bypass in Fortra’s GoAnywhere MFT before 7.4.1 allows an unauthorized user to create an admin user via the administration portal,” Fortra said in an advisory released on January 22, 2024.
BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
Kasseika Ransomware Linked to BlackMatter in BYOVD Attack
/in General NewsAn emerging actor is the latest to deploy a tactic that terminates AV processes and services before deploying its payload; the campaign is part of a bigger “bring your own vulnerable driver” trend.
darkreading – Read More
How the Sys:All Loophole Allowed Us To Penetrate GKE Clusters in Production
/in General NewsAn external threat actor in possession of a Google account could misuse this misconfiguration by using their own Google OAuth 2.0 bearer token to seize control of the cluster for follow-on exploitation.
Cyware News – Latest Cyber News – Read More
Water Services Giant Veolia North America Hit by Ransomware Attack
/in General NewsThe company has discovered a limited number of individuals whose personal information may have been impacted during the breach and is working with a third-party forensics firm to assess the extent of the attack’s impact on its operations and systems.
Cyware News – Latest Cyber News – Read More
Windows 11 KB5034204 Update Fixes Bluetooth Audio Issues, 24 bugs
/in General NewsKB5034204 also fixes an issue caused by a deadlock that prevents search from working on the Start menu for some users and addresses a bug affecting the OpenType font driver, affecting how text renders for third-party applications.
Cyware News – Latest Cyber News – Read More
VexTrio: The Uber of Cybercrime – Brokering Malware for 60+ Affiliates
/in General NewsVexTrio has been attributed to malicious campaigns that use domains generated by a dictionary domain generation algorithm (DDGA) to propagate scams, riskware, spyware, adware, potentially unwanted programs (PUPs), and pornographic content.
Cyware News – Latest Cyber News – Read More
Splunk fixed high-severity flaw impacting Windows versions
/in General NewsDeserialization of untrusted data can allow malicious code to be executed on the system. This is because the serialized data can contain instructions that the application will execute when it deserializes the data.
Cyware News – Latest Cyber News – Read More
Chrome 121 Patches 17 Vulnerabilities
/in General NewsGoogle releases Chrome 121 to the stable channel with 17 security fixes, including 11 reported by external researchers.
The post Chrome 121 Patches 17 Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More
Trello API Abused to Link Email Addresses to 15 Million Accounts
/in General NewsFor those concerned, the Trello leak has been added to the Have I Been Pwned data breach notification service, allowing anyone to check if they are among the 15 million leaked email addresses.
Cyware News – Latest Cyber News – Read More
GoAnywhere MFT Critical Flaw Lets Anyone Be Admin
/in General NewsAuthentication bypass in Fortra’s GoAnywhere MFT before 7.4.1 allows an unauthorized user to create an admin user via the administration portal,” Fortra said in an advisory released on January 22, 2024.
Cyware News – Latest Cyber News – Read More
Netskope Announces MSP-Friendly, Enterprise-Grade SASE Tailored for the Midmarket
/in General NewsPost Content
darkreading – Read More