Threat actors are deploying the Mespinoza/ PYSA ransomware by accessing a system via remote desktop to copy and execute the ransomware on other systems on the network. Before deploying the ransomware to other systems, the attacker runs PowerShell scripts on the other systems on the network to exfiltrate files of interest and to maximize the impact of the ransomware.
Microsoft released patches for 55 CVEs in Microsoft Windows, .NET Core and Visual Studio, Internet Explorer (IE), Microsoft Office, SharePoint Server, Open-Source Software, Hyper-V, Skype for Business and Microsoft Lync, and Exchange Server on May Patch Tuesday. Of these 55 bugs, four are rated as Critical in severity. The four critical CVEs to which attention should be paid are all remote code execution (RCE) vulnerabilities that could enable malicious actors to gain persistence on victim networks. These are CVE2021-26419, CVE-2021-31166, CVE-2021-31194, and CVE-2021- 28476
Microsoft has released an emergency out-of-band security update to address the critical zero-day vulnerability - known as "PrintNightmare", affecting the Windows Print Spooler service, which can permit remote threat actors to run arbitrary code and take over vulnerable systems. The PrintNightmare bug acknowledged by Microsoft post release of PoC exploits by several security researchers last week was tracked under CVE 2021-34527.
Security researchers at Eclypsium have discovered a series of four, high-severity vulnerabilities that can allow remote adversaries to gain arbitrary code execution in the pre-boot environment on Dell devices. The bugs affect 129 models of laptops, tablet and desktops, including enterprise and consumer devices, that are protected by Secure Boot, a security standard aimed at making sure that a device boots using only software that is trusted by the device original equipment manufacturer (OEM), to prevent rogue takeovers.
Threat actors behind the SolarMarker/Jupyter malware have started using PDF documents filled with search engine optimization (SEO) keywords to boost their visibility on search engines in order to lead potential victims to malware on a malicious site that poses as Google Drive. SolarMarker is a backdoor malware that pretends to be a legit PDFescape installer which steals data and credentials from browsers once installed.
Sextortion scam emails mislead victims into thinking that the attacker owns a recording of victim’s screen and camera and that recording contains images or videos of the victim in sexually explicit situations. The attackers use this claim of a recording to blackmail the victim into paying the attacker. The attacker threatens to publicly disclose the recording.
The vulnerability was patched in October 2020 as part of a security advisory released by Cisco to address multiple cross-site scripting (XSS) vulnerabilities in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software web services. For the CVE-2020-3580, the initial patch was incomplete and a further fix was released in April 2021. On 24th June 2021, researchers published via twitter, a PoC exploit for the Cisco ASA vulnerability identified as CVE-2020-3580.
Microsoft released an update for a print spooler vulnerability as part of June Patch Tuesday tracking it under CVE-2021- 1675. On June 29, 2021, PoC exploit for another critical remote code execution (RCE) vulnerability in print spooler had been posted by security researchers. US CERT has raised an alert for this bug that has been named PrintNightmare.
Fortinet has recently addressed a high-severity vulnerability (CVE-2021-22123) affecting its FortiWeb web application firewall (WAF), a remote, authenticated attacker can exploit it to execute arbitrary commands via the SAML server
Cisco fixes multiple critical flaws in SD-WAN vManage and HyperFlex HX software. If not patched, these vulnerabilities in Cisco networking device could allow unauthenticated attacker to perform command injection attacks, execute arbitrary code, gain access to sensitive information, escalate privileges, send unauthorized messages ,create new administrative level user accounts, executing commands as root user on affected systems.
Android fake application is capable of spreading itself via WhatsApp messages. If the user downloads the fake application and grants appropriate permissions, the malware is capable of automatically replying to victim’s incoming WhatsApp messages with a payload.
Adobe has released security patches for vulnerabilities now resolved in seven of its products. The impacted software is Photoshop, Illustrator, Animate, Bridge, InCopy, Captivate, and Campaign Classic.
Adobe patches multiple critical and important vulnerabilities including zero day CVE-2021-21017 for Adobe Acrobat and Reader for Windows and macOS. Successful exploitation could lead to arbitrary code execution in the context of the current user.
On Dec. 13, the cyber community observed one of the most significant cybersecurity events of our time, impacting both commercial and government organizations worldwide.
This Joint Cybersecurity Advisory was coauthored by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC).
The Trend Micro InterScan Web Security Virtual Appliance (IWSVA) is affected by multiple critical security issues. Unauthenticated attackers are able to gain root access to the appliance via chained attack vectors, such as CSRF protection bypass, authorization & authentication bypass, and more.
Microsoft has published 58 security fixes across 10+ products and services, as part of the company's monthly batch of security updates, known as Patch Tuesday. More than a third of these patches (22) are classified as remote code execution (RCE) vulnerabilities.
Business Email Compromise (BEC) scammers are exploiting web-based email clients’ autoforwarding rules to intersect financial transactions.
According to Oracle, the attack is “low” in complexity, requires no privileges and no user interaction and can be exploited by attackers with network access via HTTP.
Microsoft recently published a security patch addressing a remote code execution vulnerability in the IPv6 stack, known as CVE-2020- 16898 or "Bad Neighbor". The issue is caused by an improper handling of Router Advertisement messages, which are part of the Neighbor Discovery protocol.
FitzFrog botnet written in GOlang is using secure and encrypted Peer-to-Peer communication protocol to distribute malware and take control of device nodes. Encrypted communication makes the botnet difficult to detect and enables it to propagate across multiple infected SSH servers.