FreshRSS

🔒
☐ ☆ ✇ The Hacker News

Chinese Hackers Exploit Zero-Day Flaws in Ivanti Connect Secure and Policy Secure

By Newsroom — January 11th 2024 at 05:29
A pair of zero-day flaws identified in Ivanti Connect Secure (ICS) and Policy Secure have been chained by suspected China-linked nation-state actors to breach less than 10 customers. Cybersecurity firm Volexity, which identified the activity on the network of one of its customers in the second week of December 2023, attributed it to a hacking group it tracks under the name UTA0178
☐ ☆ ✇ The Hacker News

Zyxel Releases Patches to Fix 15 Flaws in NAS, Firewall, and AP Devices

By Newsroom — December 1st 2023 at 06:22
Zyxel has released patches to address 15 security issues impacting network-attached storage (NAS), firewall, and access point (AP) devices, including three critical flaws that could lead to authentication bypass and command injection. The three vulnerabilities are listed below - CVE-2023-35138 (CVSS score: 9.8) - A command injection vulnerability that could allow an
☐ ☆ ✇ The Hacker News

Google Warns How Hackers Could Abuse Calendar Service as a Covert C2 Channel

By Newsroom — November 6th 2023 at 08:25
Google is warning of multiple threat actors sharing a public proof-of-concept (PoC) exploit that leverages its Calendar service to host command-and-control (C2) infrastructure. The tool, called Google Calendar RAT (GCR), employs Google Calendar Events for C2 using a Gmail account. It was first published to GitHub in June 2023. "The script creates a 'Covert Channel' by exploiting the event
☐ ☆ ✇ Naked Security

Ghostscript bug could allow rogue documents to run system commands

By Paul Ducklin — July 4th 2023 at 17:57
Even if you've never heard of the venerable Ghostscript project, you may have it installed without knowing.

☐ ☆ ✇ The Hacker News

Alert! Hackers Exploiting Critical Vulnerability in VMware's Aria Operations Networks

By Ravie Lakshmanan — June 21st 2023 at 05:00
VMware has flagged that a recently patched critical command injection vulnerability in Aria Operations for Networks (formerly vRealize Network Insight) has come under active exploitation in the wild. The flaw, tracked as CVE-2023-20887, could allow a malicious actor with network access to the product to perform a command injection attack, resulting in remote code execution. It impacts VMware
☐ ☆ ✇ The Hacker News

Cacti, Realtek, and IBM Aspera Faspex Vulnerabilities Under Active Exploitation

By Ravie Lakshmanan — April 1st 2023 at 04:51
Critical security flaws in Cacti, Realtek, and IBM Aspera Faspex are being exploited by various threat actors in hacks targeting unpatched systems. This entails the abuse of CVE-2022-46169 (CVSS score: 9.8) and CVE-2021-35394 (CVSS score: 9.8) to deliver MooBot and ShellBot (aka PerlBot), Fortinet FortiGuard Labs said in a report published this week. CVE-2022-46169 relates to a critical
☐ ☆ ✇ The Hacker News

Threat Actors Turn to Sliver as Open Source Alternative to Popular C2 Frameworks

By Ravie Lakshmanan — January 23rd 2023 at 09:54
The legitimate command-and-control (C2) framework known as Sliver is gaining more traction from threat actors as it emerges as an open source alternative to Cobalt Strike and Metasploit. The findings come from Cybereason, which detailed its inner workings in an exhaustive analysis last week. Sliver, developed by cybersecurity company BishopFox, is a Golang-based cross-platform post-exploitation
☐ ☆ ✇ The Hacker News

Researchers Expose Over 80 ShadowPad Malware C2 Servers

By Ravie Lakshmanan — October 27th 2022 at 14:19
As many as 85 command-and-control (C2) servers have been discovered supported by the ShadowPad malware since September 2021, with infrastructure detected as recently as October 16, 2022. That's according to VMware's Threat Analysis Unit (TAU), which studied three ShadowPad variants using TCP, UDP, and HTTP(S) protocols for C2 communications. ShadowPad, seen as a successor to PlugX, is a modular
☐ ☆ ✇ The Hacker News

Critical Vulnerability Discovered in Atlassian Bitbucket Server and Data Center

By Ravie Lakshmanan — August 26th 2022 at 19:39
Atlassian has rolled out fixes for a critical security flaw in Bitbucket Server and Data Center that could lead to the execution of malicious code on vulnerable installations. Tracked as CVE-2022-36804 (CVSS score: 9.9), the issue has been characterized as a command injection vulnerability in multiple endpoints that could be exploited via specially crafted HTTP requests. <!--adsense--> “An
☐ ☆ ✇ The Hacker News

A Growing Number of Malware Attacks Leveraging Dark Utilities 'C2-as-a-Service'

By Ravie Lakshmanan — August 5th 2022 at 10:06
A nascent service called Dark Utilities has already attracted 3,000 users for its ability to provide command-and-control (C2) services with the goal of commandeering compromised systems. "It is marketed as a means to enable remote access, command execution, distributed denial-of-service (DDoS) attacks and cryptocurrency mining operations on infected systems," Cisco Talos said in a report shared
☐ ☆ ✇ Naked Security

OpenSSL issues a bugfix for the previous bugfix

By Paul Ducklin — June 24th 2022 at 15:32
Fortunately, it's not a major bugfix, which means it's easy to patch and can teach us all some useful lessons.

❌