Mitigating risks promptly and securing critical assets against the latest attack vectors and cyber risks requires situational awareness in this dynamic threat landscape.
Company managers are consequently advised to urgently scale up security measures against such attacks.
The attack includes deploying a web shell script that enables remote command execution on compromised servers.
The Chinese intelligence-backed hackers are known for their sophistication in the attack on the United Kingdom's Ministry of Defence systems, which led to exposure of military personnel's personal details.
This cyber attack targeted a contractor's IT system that holds sensitive data.
The attack originated from a supply chain compromise in which the real installer was substituted with a malicious one that was signed by an unauthorized certificate.
Previously, ALPHV/BlackCat ransomware group carried out an infamous cyber attack on Change Healthcare, a large healthcare payment processor.
After emerging following the occurrence at Change Healthcare, RansomHub is actively hiring former ALPHV members and has admitted responsibility for the attack on Matadero de Gijon.
The structures are often changed within 31 days making it difficult for defenders to trace where an attack came from as the source could be different every time.
Since November 2023, they have been using spear-phishing campaigns to target Africans and then in January 2024, compromised email infrastructure was used by them to attack multiple regional governments in the Caribbean.
VMware ESXi infrastructure is now being targeted by groups that use ransomware such as LockBit, HelloKitty, and BlackCat which are utilizing a new pattern of attack that involves the exfiltration of data before the systems are encrypted.
To stop these disastrous attacks organizations must adopt a defense-in-depth strategy involving timely patching, strong access controls, network segmentation, and robust incident response plans.
DNSBomb is a pulsing denial of service attack that manipulates DNS query rate limits, timeouts, and response size settings to generate timed response floods.
The owner of these devices may be traced through an attacker locating many others like travel routers since most APs are stationary.
A critical vulnerability, CVE-2024-36052, in WinRAR versions prior to 7.00 allows attackers to manipulate displayed file names using ANSI escape sequences which potentially trick users into running malicious files.
Multiple critical SQL injection vulnerabilities have been discovered in Ivanti Endpoint Manager that could allow unauthenticated attackers to execute arbitrary code on affected systems.
Exploiting these flaws could enable attackers to carry out unauthorized actions such as Denial of Service attacks and remote code execution.
An exploit of insufficient sanitization of user input within the doPost method of LicenseUploadServlet makes it possible for remote attackers to execute arbitrary commands.
The vulnerability originates from an oversight in the font rendering code of PDF.js, through this, an attacker can manipulate the commands going into the Function body and insert or execute arbitrary code by manipulating the fontMatrix array specified in the PDF metadata.
A consultant body is being formed by Japan for an active cyber defense system that can help them counter cyber attacks on important national infrastructure.
This Cyber News was published on cybersecuritynews.com. Publication date: Sun, 26 May 2024 19:10:27 +0000