State-sponsored Threat Actors Steal Airline Data Using the Slack API

Reports show that a recently found backdoor dubbed ‘Aclip’ that exploits the Slack API for covert communications is being used by an alleged Iranian state-sponsored cybercriminal. The malicious actor began…

Espionage Hacking Campaign Is Targeting Telecom Operators

A fresh espionage hacking effort targeting Middle Eastern and Asian telecommunications and IT service companies was recently discovered. The operation has been running for six months, and it may have…

IIS Extensible Web Server Used to Steal Microsoft Exchange Credentials

Cybercriminals are installing a new malicious add-on for the IIS web server on Microsoft Exchange Outlook Web Access (OWA) servers to collect login information and remotely perform commands on the…

Security company offers Log4j 'vaccine' for systems that can't be updated immediately

For those unable to patch the Apache Log4Shell vulnerability, cybersecurity firm Cybereason has released what they called a “fix” for the 0-day exploit. Cybereason urged people to patch their systems…

A Critical Zoho ManageEngine Desktop Central and Desktop Central MSP Vulnerability Is Exploited by an APT Actor

Zoho ManageEngine Desktop Central is a popular management tool that administrators use for automatic software distribution and remote troubleshooting across the whole network. What Happened? An authentication bypass vulnerability in…

There's been a big jump in crooks selling access to hacked networks. Ransomware gangs are their best customers

There’s been a surge in cyber criminals selling access to compromised corporate networks as hackers look to cash in on the demand for vulnerable networks from gangs looking to initiate ransomware…

AT&T Takes Steps to Mitigate Botnet Found Inside Its Network 

AT&T is battling a modular malware called EwDoor on 5,700 VoIP servers, but it could have a larger wildcard certificate problem. AT&T is taking action to take down a botnet…

FBI issues flash alert after APT groups exploited VPN flaws

With this flaw, FatPipe joins the list of VPN providers that have faced a similar situation in the past, including Fortinet, Cisco, Pulse Secure, and Citrix. The Federal Bureau of…

Now Iran's state-backed hackers are turning to ransomware

Microsoft has detailed the activities of six Iranian hacker groups that are behind waves of ransomware attacks that have arrived every six to eight weeks since September 2020.  Russia is…

Analyzing ProxyShell-related Incidents via Trend Micro Managed XDR

Trend Micro – Trend Micro – Both servers are using Liferay CE version 6.2, which is vulnerable to CVE-2020-7961 (possibly leading to remote code execution). Incident # 2 Similar to…