The attacks started in July 2021 in which threat actors exploited Microsoft MSHTML vulnerability to target overseas Iranians. SafeBreach Labs researchers discovered a new Iranian threat actor trying to steal…
Tag: remote code execution
Files Within Password-Protected WinRAR Archives Locked by New Memento Ransomware Group
Memento ransomware group makes its way on the threat landscape scene. Their approach seems to be quite uncommon, as the threat actor group locks files in WinRAR archives protected by…
Analyzing ProxyShell-related Incidents via Trend Micro Managed XDR
Trend Micro – Trend Micro – Both servers are using Liferay CE version 6.2, which is vulnerable to CVE-2020-7961 (possibly leading to remote code execution). Incident # 2 Similar to…
ProxyShell vulnerabilities exploited in domain-wide ransomware attacks
The ProxyShell vulnerabilities have prompted threat actors to launch domain-wide ransomware attacks against their targets, revealed a new research report from The DFIR Report. The report, published on Monday, explained…
CISA: Patch These ICS Flaws Across Multiple Vendors
CISA: Patch These ICS Flaws Across Multiple Vendors The US authorities have released a new industrial control systems (ICS) alert urging impacted organizations to patch key middleware or risk denial…
Security company faces backlash for waiting 12 months to disclose Palo Alto 0-day
There has been considerable debate within the cybersecurity community about Randori, a security firm that waited one year before disclosing a critical buffer overflow bug it discovered in Palo Alto…
CISA warns of equipment vulnerabilities from multiple vendors
CISA has released a notice urging administrators to apply updates to a variety of industrial control systems after discovering vulnerabilities in multiple open-source and proprietary Object Management Group (OMG) Data-Distribution…