FritzFrog Returns with Log4Shell and PwnKit, Spreading Malware Inside Your Network

By Newsroom — February 1^st 2024 at 15:44

The threat actor behind a peer-to-peer (P2P) botnet known as FritzFrog has made a return with a new variant that leverages the Log4Shell vulnerability to propagate internally within an already compromised network. "The vulnerability is exploited in a brute-force manner that attempts to target as many vulnerable Java applications as possible," web infrastructure and security

The Hacker News

New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP Systems

By Newsroom — January 11^th 2024 at 14:16

Cybersecurity researchers have developed a proof-of-concept (PoC) code that exploits a recently disclosed critical flaw in the Apache OfBiz open-source Enterprise Resource Planning (ERP) system to execute a memory-resident payload. The vulnerability in question is CVE-2023-51467 (CVSS score: 9.8), a bypass for another severe shortcoming in the same software (CVE-

The Hacker News

Researchers Uncover New Drokbk Malware that Uses GitHub as a Dead Drop Resolver

By Ravie Lakshmanan — December 9^th 2022 at 11:25

The subgroup of an Iranian nation-state group known as Nemesis Kitten has been attributed as behind a previously undocumented custom malware dubbed Drokbk that uses GitHub as a dead drop resolver to exfiltrate data from an infected computer, or to receive commands. "The use of GitHub as a virtual dead drop helps the malware blend in," Secureworks principal researcher Rafe Pilling said. "All the

The Hacker News

Iranian Hackers Compromised a U.S. Federal Agency’s Network Using Log4Shell Exploit

By Ravie Lakshmanan — November 17^th 2022 at 06:22

Iranian government-sponsored threat actors have been blamed for compromising a U.S. federal agency by taking advantage of the Log4Shell vulnerability in an unpatched VMware Horizon server. The details, which were shared by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), come in response to incident response efforts undertaken by the authority from mid-June through mid-July 2022

The Hacker News

Hackers Started Exploiting Critical "Text4Shell" Apache Commons Text Vulnerability

By Ravie Lakshmanan — October 21^st 2022 at 11:03

WordPress security company Wordfence on Thursday said it started detecting exploitation attempts targeting the newly disclosed flaw in Apache Commons Text on October 18, 2022. The vulnerability, tracked as CVE-2022-42889 aka Text4Shell, has been assigned a severity ranking of 9.8 out of a possible 10.0 on the CVSS scale and affects versions 1.5 through 1.9 of the library. It's also similar to

Naked Security

Dangerous hole in Apache Commons Text – like Log4Shell all over again

By Paul Ducklin — October 18^th 2022 at 17:26

Third time unlucky. Time to put your patching boots on again...

act-1200

The Hacker News

LockBit Ransomware Abuses Windows Defender to Deploy Cobalt Strike Payload

By Ravie Lakshmanan — August 2^nd 2022 at 08:07

A threat actor associated with the LockBit 3.0 ransomware-as-a-service (RaaS) operation has been observed abusing the Windows Defender command-line tool to decrypt and load Cobalt Strike payloads. According to a report published by SentinelOne last week, the incident occurred after obtaining initial access via the Log4Shell vulnerability against an unpatched VMware Horizon Server. "Once initial

Naked Security

8 months on, US says Log4Shell will be around for “a decade or longer”

By Paul Ducklin — July 18^th 2022 at 16:57

When it comes to cybersecurity, ask not what everyone else can do for you...

The Hacker News

Log4Shell Still Being Exploited to Hack VMWare Servers to Exfiltrate Sensitive Data

By Ravie Lakshmanan — June 24^th 2022 at 03:36

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Coast Guard Cyber Command (CGCYBER), on Thursday released a joint advisory warning of continued attempts on the part of threat actors to exploit the Log4Shell flaw in VMware Horizon servers to breach target networks. "Since December 2021, multiple threat actor groups have exploited Log4Shell on unpatched,

Naked Security