CVE-2020-8216

New Sophisticated Linux Malware Exploiting Apache2 Web Servers - Throughout the campaign, the attackers demonstrated advanced knowledge of Linux systems by continuously adapting their malware and tactics to avoid detection while maximizing system resource exploitation for “cryptocurrency mining” and ...
8 months ago Cybersecuritynews.com

New Variant Of XWorm Delivered Via Windows Script File - It executes a wide range of commands like “system manipulation” (‘shutdown,’ ‘restart,’ ‘logoff’), “file operations,” and “remote code execution” via PowerShell. This diverse ...
8 months ago Cybersecuritynews.com

CISA Releases Thirteen Industrial Control Systems Focusing Vulnerabilities & Exploits - An improper output neutralization for logs vulnerability CVE-2024-5594 in Siemens SINEMA Remote Connect Server.  It allows a malicious OpenVPN peer to send garbage to the OpenVPN log or cause high CPU load. The advisory includes missing ...
3 months ago Cybersecuritynews.com CVE-2024-5594

ToyMaker Hackers Compromised Multitude Hosts Using SSH & File Transfer Tools - The threat actor’s primary objective appears to be financially motivated, with ToyMaker establishing initial access and then transferring control to secondary actors, specifically the Cactus ransomware group. After establishing access, ToyMaker ...
1 month ago Cybersecuritynews.com Cactus

Researchers Uncovered SuperShell Payloads & Multiple Tools From Hacker’s Open Directories - The Cobalt Strike beacon, found in a file named ‘test’, utilized different infrastructure than the SuperShell components, connecting to a server disguised with a certificate claiming to represent “jquery.com” with organization ...
1 month ago Cybersecuritynews.com

Check Point Acknowledges Data Breach, Claims Information is 'Old - While Check Point maintains the breach is contained and poses “no risk to Check Point customers,” security experts continue to question how the attackers initially gained access, the true extent of compromised data, and why there appears ...
2 months ago Cybersecuritynews.com CVE-2024-24919

Whistleblower: DOGE Siphoned NLRB Case Data – Krebs on Security - “Our acting chief information officer told us not to adhere to standard operating procedure with the DOGE account creation, and there was to be no logs or records made of the accounts created for DOGE employees, who required the highest level ...
1 month ago Krebsonsecurity.com

8220 Hacker Group Added Hadooken & K4Spreader Tools To Their Arsenal - The 8220 hacker group is known for targeting both Windows and Linux web servers by deploying “crypto-jacking” malware to exploit vulnerabilities. The Linux infection utilized scripts named “c” and “y” to deploy the ...
8 months ago Cybersecuritynews.com

Akira Ransomware Attacking Windows Server via RDP & Evades EDR Using Webcam - Security experts recommend implementing network segmentation for IoT devices, performing regular internal network audits, maintaining strict patch management practices for all connected devices, changing default passwords on IoT equipment, and ...
3 months ago Cybersecuritynews.com Akira

RedCurl APT leveraging Active Directory Explorer & 7-Zip To Archive Exfiltrated Data - Cyber Security News - “The victim sees a single file, ‘CV Applicant *.scr’ which is the legitimate signed Adobe executable ‘ADNotificationManager.exe’. After the victim opens the file, the EarthKapre loader (netutils.dll) is side ...
3 months ago Cybersecuritynews.com

AWS Systems Manager Plugin Vulnerability Let Attackers Execute Arbitrary Code - In a demonstrated exploit, an attacker could set the plugin name in an SSM document to a path traversal string such as ‘../../../../../../malicious_directory’. When this document is executed, the SSM Agent erroneously creates directories ...
2 months ago Cybersecuritynews.com

New WordPress Malware as Anti-Malware Plugin Take Full Control of Website - A sophisticated malware variant masquerading as a legitimate WordPress security plugin has been identified, capable of providing attackers with persistent access to compromised websites. This deceptive malware contains several functions that allow ...
1 month ago Cybersecuritynews.com

Azure Storage Utility Vulnerability Let Attackers Escalate Their Privileges to Root - The security flaw involves a classic privilege escalation method using a Set User ID (SUID) binary that is part of the AZNFS-mount utility installation, Varonis said in a report shared with Cyber Security News. This utility is designed to mount Azure ...
1 month ago Cybersecuritynews.com

New Supply Chain Attack Targets Legitimate npm Package with 45,000 Weekly Downloads - Upon analysis, the malicious payload was identified as a sophisticated Remote Access Trojan (RAT) dubbed “RATatouille” due to its capability to hide among legitimate code while establishing persistence. Security analysis reveals the ...
1 month ago Cybersecuritynews.com

Microsoft Teams To Block Screen Capture During Meetings - “This design proactively limits exposure of sensitive shared media to platforms that lack the technical capability to block screen captures, mitigating a major threat vector while still allowing these users to participate in meeting ...
1 month ago Cybersecuritynews.com

Malware Mastermind Andrei Tarasov Evades US Extradition Returns to Russia - “As alleged, Silnikau, Kadariya, Tarasov, and conspirators used multiple strategies to profit from their widespread hacking and wire fraud,” stated the US Department of Justice in documents released after Silnikau’s extradition from ...
1 month ago Cybersecuritynews.com

CVE-2020-1246 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1266 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1262 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1275 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1264 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1276 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1274 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1237 - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1246, CVE-2020-1262, ...
3 years ago

CVE-2020-1307 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago