LockBit Ransomware Abuses Windows Defender to Deploy Cobalt Strike Payload

By Ravie Lakshmanan — August 2^nd 2022 at 08:07

A threat actor associated with the LockBit 3.0 ransomware-as-a-service (RaaS) operation has been observed abusing the Windows Defender command-line tool to decrypt and load Cobalt Strike payloads. According to a report published by SentinelOne last week, the incident occurred after obtaining initial access via the Log4Shell vulnerability against an unpatched VMware Horizon Server. "Once initial

Naked Security

8 months on, US says Log4Shell will be around for “a decade or longer”

By Paul Ducklin — July 18^th 2022 at 16:57

When it comes to cybersecurity, ask not what everyone else can do for you...

The Hacker News

Hackers Targeting VoIP Servers By Exploiting Digium Phone Software

By Ravie Lakshmanan — July 16^th 2022 at 06:33

VoIP phones using Digium's software have been targeted to drop a web shell on their servers as part of an attack campaign designed to exfiltrate data by downloading and executing additional payloads. "The malware installs multilayer obfuscated PHP backdoors to the web server's file system, downloads new payloads for execution, and schedules recurring tasks to re-infect the host system," Palo

The Hacker News

Log4Shell Still Being Exploited to Hack VMWare Servers to Exfiltrate Sensitive Data

By Ravie Lakshmanan — June 24^th 2022 at 03:36

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Coast Guard Cyber Command (CGCYBER), on Thursday released a joint advisory warning of continued attempts on the part of threat actors to exploit the Log4Shell flaw in VMware Horizon servers to breach target networks. "Since December 2021, multiple threat actor groups have exploited Log4Shell on unpatched,

Naked Security