Cranefly Hackers Use Stealthy Techniques to Deliver and Control Malware
These attackers reportedly spent at least 18 months on victim networks
Cyber News, Cyber Threat TrendsThese attackers reportedly spent at least 18 months on victim networks
Cyber News, Cyber Threat TrendsCloud computing was the lifeline that kept many companies running during the pandemic. But it was a classic case of medicine that comes with serious side effects. Having anywhere, anytime access to data and apps gives companies tremendous flexibility in a fast-changing world, plus the means to scale and customize IT at will. The cloud is an […]
Cyber News, Cyber Threat TrendsMultiple high-severity security flaws have been disclosed as affecting Juniper Networks devices, some of which could be exploited to achieve code execution. Chief among them is a remote pre-authenticated PHP archive file deserialization vulnerability (CVE-2022-22241, CVSS score: 8.1) in the J-Web component of Junos OS, according to Octagon Networks researcher Paulos Yibelo. “This vulnerability
Cyber News, Cyber Threat TrendsMicrosoft said the worm had alternate infection methods beyond its original USB drive spread
Cyber News, Cyber Threat TrendsThere are no details yet, but it’s really important that you patch Open SSL 3.x when the new version comes out on Tuesday. How bad is “Critical”? According to OpenSSL, an issue of critical severity affects common configurations and is also likely exploitable. It’s likely to be abused to disclose server memory contents, and potentially […]
Cyber News, Cyber Threat TrendsAWS Changing ARNs in Trust Policies — Big Problems ACM.94 Trying to restore things after a user gets deleted leaves you in a malformed state for which there is no simple recovery This is a continuation of my series on Automating Cybersecurity Metrics. While updating my code in prior posts, the KMSAdmin user got inadvertently deleted so I couldn’t […]
Cyber News, Cyber Threat TrendsFive malicious dropper Android apps with over 130,000 cumulative installations have been discovered on the Google Play Store distributing banking trojans like SharkBot and Vultur, which are capable of stealing financial data and performing on-device fraud. “These droppers continue the unstopping evolution of malicious apps sneaking to the official store,” Dutch mobile security firm ThreatFabric
Cyber News, Cyber Threat TrendsTurns out that Tuesday’s zero-day for iOS 16 is Friday’s zero-day for iOS 15…
Cyber News, Cyber Threat TrendsThe Raspberry Robin worm is becoming an access-as-a-service malware for deploying other payloads, including IcedID, Bumblebee, TrueBot (aka Silence), and Clop ransomware. It is “part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection methods beyond its original USB drive spread,” the Microsoft Security Threat Intelligence Center (MSTIC
Cyber News, Cyber Threat Trends