Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools A now-patched critical security flaw impacting Fortinet FortiClient EMS is being exploited by malicious actors as part of a cyber campaign that installed remote desktop software such as AnyDesk and ScreenConnect. The vulnerability in question is CVE-2023-48788 (CVSS score: Read more…
Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017 Cybersecurity researchers have discovered a novel surveillance program that’s suspected to be used by Chinese police departments as a lawful intercept tool to gather a wide range of information from mobile devices. The Android tool, codenamed EagleMsgSpy by Lookout, has been Read more…
U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls The U.S. government on Tuesday unsealed charges against a Chinese national for allegedly breaking into thousands of Sophos firewall devices globally in 2020. Guan Tianfeng (aka gbigmao and gxiaomao), who is said to have worked at Sichuan Silence Information Read more…
Ngioweb Botnet Fuels NSOCKS Residential Proxy Network Exploiting IoT Devices The malware known as Ngioweb has been used to fuel a notorious residential proxy service called NSOCKS, as well as by other services such as VN5Socks and Shopsocks5, new findings from Lumen Technologies reveal. “At least 80% of NSOCKS bots Read more…
Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments Threat actors are increasingly banking on a new technique that leverages near-field communication (NFC) to cash out victim’s funds at scale. The technique, codenamed Ghost Tap by ThreatFabric, enables cybercriminals to cash-out money from stolen credit cards linked to Read more…
‘Top 10’ malware strain, Remcos RAT, now exploiting Microsoft Excel files A new phishing campaign that exploits a high-severity bug from 2017 has been discovered in the wild spreading a new variant of the Remcos remote access trojan (RAT), which was among the Top Ten malware strains of 2021. In Read more…
Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft Nov 01, 2024Ravie LakshmananThreat Intelligence / Network Security Microsoft has revealed that a Chinese threat actor it tracks as Storm-0940 is leveraging a botnet called Quad7 to orchestrate highly evasive password spray attacks. The tech giant has given the Read more…
Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks Oct 22, 2024Ravie LakshmananDocker Security / Cloud Security Bad actors have been observed targeting Docker remote API servers to deploy the SRBMiner crypto miner on compromised instances, according to new findings from Trend Micro. “In this attack, the threat actor Read more…
Nation-State Attackers Exploiting Ivanti CSA Flaws for Network Infiltration Oct 14, 2024Ravie LakshmananNetwork Security / Vulnerability A suspected nation-state adversary has been observed weaponizing three security flaws in Ivanti Cloud Service Appliance (CSA) a zero-day to perform a series of malicious actions. That’s according to findings from Fortinet FortiGuard Labs, Read more…
CISA Warns of Threat Actors Exploiting F5 BIG-IP Cookies for Network Reconnaissance Oct 11, 2024Ravie LakshmananVulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that it has observed threat actors leveraging unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager (LTM) module to Read more…