CVE-2020-8220

New Sophisticated Linux Malware Exploiting Apache2 Web Servers - Throughout the campaign, the attackers demonstrated advanced knowledge of Linux systems by continuously adapting their malware and tactics to avoid detection while maximizing system resource exploitation for “cryptocurrency mining” and ...
1 month ago Cybersecuritynews.com

How To Collect Malware Indicators Of Compromise In The ANY.RUN Sandbox - The sandbox captures various types of IOCs like “network communications,” “file system changes,” “registry modifications,” and “process behaviors,” enabling thorough threat assessment. The ANY.RUN ...
1 month ago Cybersecuritynews.com

Hackers Exploiting Docker Swarm, Kubernetes & SSH Servers In Large Scale - The primary goal was “cryptojacking,” using the XMRig miner to mine “Monero cryptocurrency.” The attackers showed advanced tactics by manipulating “Docker Swarm,” to create a botnet-like network of compromised ...
1 month ago Cybersecuritynews.com

8220 Hacker Group Added Hadooken & K4Spreader Tools To Their Arsenal - The 8220 hacker group is known for targeting both Windows and Linux web servers by deploying “crypto-jacking” malware to exploit vulnerabilities. The Linux infection utilized scripts named “c” and “y” to deploy the ...
1 month ago Cybersecuritynews.com

New Variant Of XWorm Delivered Via Windows Script File - It executes a wide range of commands like “system manipulation” (‘shutdown,’ ‘restart,’ ‘logoff’), “file operations,” and “remote code execution” via PowerShell. This diverse ...
1 month ago Cybersecuritynews.com

Hackers Exploiting Critical SolarWinds Serv-U Vulnerability In The Wild - The attacks evolved from simple vulnerability scans to intense exploitation attempts, with peaks of new payload types observed on specific dates (“July 7” and “July 29”). attempts emerged and target sensitive files like ...
1 month ago Cybersecuritynews.com

SIEM agent being used in SilentCryptoMiner attacks | Securelist - The most interesting action in this attack was the implementation of unusual techniques like using an SIEM agent as backdoor, adding the malicious payload to a legitimate digital signature, and hiding directories containing malicious files. The ...
1 month ago Securelist.com

Crooked Cops, Stolen Laptops & the Ghost of UGNazi – Krebs on Security - Earlier this year, an Internet sleuth on Youtube showed that even though Zelocchi’s IMDB profile has him earning more awards than most other actors on the platform (here he is holding a Youtube top viewership award), Zelocchi is probably better ...
1 month ago Krebsonsecurity.com

Imperva Detects Undocumented 8220 Gang Activities - Imperva Threat Research has detected previously undocumented activity from the 8220 gang, which is known for the mass deployment of malware using a variety of continuously evolving TTPs. This threat actor has been known to target both Windows and ...
11 months ago Imperva.com

A Single Cloud Compromise Can Feed an Army of AI Sex Bots – Krebs on Security - “Once initial access was obtained, they exfiltrated cloud credentials and gained access to the cloud environment, where they attempted to access local LLM models hosted by cloud providers: in this instance, a local Claude (v2/v3) LLM model from ...
1 month ago Krebsonsecurity.com

Securities and Exchange Commission Cyber Disclosure Rules: How to Prepare for December Deadlines - Starting Dec. 18, publicly traded companies will need to report material cyber threats to the SEC. Deloitte offers business leaders tips on how to prepare for these new SEC rules. The U.S. Securities and Exchange Commission’s new rules around ...
11 months ago Techrepublic.com

California Governor Vetoes AI Safety Bill | Silicon UK Tech News - US tech companies and researchers voiced similar concerns over the California bill, with Li Feifei, known as the “godmother of AI” and co-founder of AI start-up World Labs, saying in an August opinion piece that the bill would “harm ...
1 month ago Silicon.co.uk

Book Review: "Premier CISO - Board & C-Suite" By Michael S. Oberlaender - Home - Future, Trends and Insight - Book Review - Book Review: “Premier CISO – Board & C-Suite” by Michael S. Overall, “Premier CISO – Board & C-Suite” is a valuable resource for cybersecurity professionals ...
1 month ago Informationsecuritybuzz.com

Hackers Turned Visual Studio Code As A Remote Access Tool - After successfully intercepting the exfiltrated data the threat actors exploit unauthorized access through GitHub’s authentication system by navigating to “hxxps://github[.]com/login/device” and utilizing stolen alphanumeric ...
1 month ago Cybersecuritynews.com

Imperva Report Previously Undocumented 8220 Gang Activities - Imperva Threat Research team has recently discovered a previously unreported activity from the 8220 gang, which is well-known for mass-deploying a range of constantly evolving TTPs to distribute malware in large quantities. The threat actor has a ...
11 months ago Cysecurity.news

ISB Cybersecurity Awareness Month: Expert Tips - Information Security Buzz spoke with several security experts and asked them, “What’s the one piece of advice that could make a difference?” Their responses highlight that cybersecurity is not one-size-fits-all—each organization must tailor ...
1 month ago Informationsecuritybuzz.com

Authorities Unmasked LockBit Affiliate Evil Corp Key Member - In a separate development, the United States Department of Justice unsealed a 2023 indictment charging Ryzhenkov with using the BitPaymer ransomware variant to attack numerous victims in Texas and throughout the United States. The United ...
1 month ago Cybersecuritynews.com

New PyPI Malware Poses as Crypto Wallet Tools to Steal Private Keys - The cybersecurity researchers at Checkmarx uncovered a series of new supply chain attacks that exploited the Python Package Index (PyPI) in September 2024 using malicious packages to target cryptocurrency wallets. These packages identified as ...
1 month ago Hackread.com

8220 gang exploits old Oracle WebLogic vulnerability to deliver infostealers, cryptominers - The 8220 gang has been leveraging an old Oracle WebLogic Server vulnerability to distribute malware, the Imperva Threat Research team has found. Active since 2017, the 8220 gang has been known for deploying cryptocurrency miners on Linux and Windows ...
11 months ago Helpnetsecurity.com

14 New DrayTek routers' flaws impacts over 700,000 devices in 168 countries - Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. Multiple flaws in DrayTek ...
1 month ago Securityaffairs.com

Key Group uses leaked builders of ransomware and wipers | Securelist - The first discovered sample of Key Group, the Xorist ransomware, established persistence in the system by changing file extension associations. The .huis_bn extension added to encrypted files in the early versions of Key Group samples, Xorist and ...
1 month ago Securelist.com

Private US companies targeted by Stonefly APT - Help Net Security - “Given available information, it is possible that APT45 is carrying out financially-motivated cybercrime not only in support of its own operations but to generate funds for other North Korean state priorities,” Mandiant analysts said, and ...
1 month ago Helpnetsecurity.com

Linux Malware perfctl Attacking Millions of Linux Servers - By combining elements from standard Linux tools like “perf” (a performance monitoring tool) and “ctl” (indicating control), the malware authors have crafted a seemingly innocuous name that masks its malicious intent. ...
1 month ago Gbhackers.com