ATP – InfosecToday

‘Tropic Trooper’ Reemerges to Target Transportation Outfits

Analysts warn that the attack group, now known as ‘Earth Centaur,’ is honing its attacks to go after transportation and government agencies. They’ve been an active threat group since 2011,…

Critical Infrastructure Cybersecurity Government Hacks Malware Web Security

‘PseudoManuscrypt’ Mass Spyware Campaign Targets 35K Systems

7 months ago

admin

It’s similar to Lazarus’s Manuscrypt malware, but the new spyware is splattering itself onto government organizations and ICS in a non-Lazarus-like, untargeted wave of attacks. Researchers have tracked new spyware…

Cybersecurity Malware Web Security

‘DarkWatchman’ RAT Shows Evolution in Fileless Malware

7 months ago

admin

The new tool manipulates Windows Registry in unique ways to evade security detections and is likely being used by ransomware groups for initial network access. A novel remote access trojan…

Cybersecurity Malware Vulnerabilities Web Security

Relentless Log4j Attacks Include State Actors, Possible Worm

7 months ago

admin

More than 1.8 million attacks, against half of all corporate networks, have already launched to exploit Log4Shell. Call it a “logjam” of threats: Attackers including nation-state actors have already targeted…

Cybersecurity Malware Privacy Web Security

Malicious Exchange Server Module Hoovers Up Outlook Credentials

7 months ago

admin

“Owowa” stealthily lurks on IIS servers, waiting to harvest successful logins when an Outlook Web Access (OWA) authentication request is made. Researchers have uncovered a previously unknown malicious IIS module,…

Cybersecurity Vulnerabilities Web Security

SAP Kicks Log4Shell Vulnerability Out of 20 Apps

7 months ago

admin

SAP’s still feverishly working to patch another 12 apps vulnerable to the Log4Shell flaw, while its Patch Tuesday release includes 21 other fixes, some rated at 9.9 criticality. SAP has…

Cybersecurity Hacks Malware Vulnerabilities Web Security

Apache’s Fix for Log4Shell Can Lead to DoS Attacks

7 months ago

admin

Not only is the jaw-dropping flaw in the Apache Log4j logging library ubiquitous; Apache’s blanket of a quickly baked patch for Log4Shell also has holes. As if finding one easily-exploited…

Cybersecurity InfoSec Insider

In 2022, Expect More Supply Chain Pain and Changing Security Roles

7 months ago

admin

If 2021 was the Year of Supply Chain Pain, 2022 will be the Year of Supply Chain Chronic Pain (or something worse than pain). This past year, the pain was…

Cybersecurity Hacks Mobile Security Vulnerabilities

Apple iOS Update Fixes Cringey iPhone 13 Jailbreak Exploit

7 months ago

admin

It took just 15 seconds to hack the latest, greatest, shiniest iPhone 13 Pro on stage at the Tianfu Cup in October, using a now-fixed iOS kernel bug. As if…

Cloud Security Cybersecurity IoT Malware Vulnerabilities Web Security

Actively Exploited Microsoft Zero-Day Allows App Spoofing, Malware Delivery

7 months ago

admin

December’s Patch Tuesday updates address six publicly known bugs and seven critical security vulnerabilities. Microsoft has addressed a zero-day vulnerability that was exploited in the wild to deliver Emotet, Trickbot…