Supply chain blunder puts 3CX telephone app users at risk
Internet telephony company 3CX is warning its customers of malware that was apparently weaseled into the company’s own 3CX Desktop App by cybercriminals who seem to have acquired access to one or more of 3CX’s source code repositories. As you can imagine, given that the company is scrambling not only to figure out what happened,…
Critical “10-out-of-10” Linux kernel SMB hole – should you worry?
Just before the Christmas weekend – in fact, at about the same time that beleaguered password management service LastPass was admitting that, yes, your password vaults were stolen by criminals after all – we noticed a serious-sounding Linux kernel vulnerability that hit the news. The alerts came from Trend Micro’s Zero Day Initiative (ZDI), probably…
Cyber-Threat Group Targets Critical RCE Vulnerability in ‘Bleed You’ Campaign
The “Bleed You” campaign is trying to take advantage of a known remote code execution (RCE) vulnerability in Windows Internet Key Exchange (IKE) Protocol Extensions, and more than 1,000 systems are unpatched and vulnerable to compromise. The critical flaw, tracked as CVE-2022-34721, has been under active attack since September, a new report from Cyfirma warns,…
New ‘Alchimist’ Attack Framework Targets Windows, Linux, macOS
Dubbed Alchimist and already used in the wild, the attack framework is implemented in GoLang, the same as the Insekt RAT that it implants on compromised systems. The attack framework provides a web interface written in simplified Chinese that allows operators to generate and deploy malicious payloads, establish remote connections, execute code on the compromised…
Hackers Possibly From China Using New Method to Deploy Persistent ESXi Backdoors
The new technique, spotted by Mandiant in April, involves using malicious vSphere Installation Bundles (VIBs). A VIB is a collection of files packaged into a single archive to facilitate distribution — they are similar to a tarball or ZIP archive. VIB packages can be used to create startup tasks, custom firewall rules, or to deploy…
Ransomware Attacks Target Government Agencies in Latin America
Several government agencies in Latin America were targeted in ransomware attacks in the past months, and the latest victims are Chile and the Dominican Republic. read moreChile’s Ministry of Interior reported last week that a government agency had its systems and online services disrupted by a piece of ransomware that targeted Windows and VMware ESXi…
Windows Vulnerability Could Crack DC Server Credentials Open
Researchers have discovered a vulnerability in the remote procedure calls (RPC) for the Windows Server service, which could allow an attacker to gain control over the domain controller (DC) in a specific network configuration and execute remote code. Malicious actors could also exploit the vulnerability to modify a server’s certificate mapping to perform server spoofing….
Chinese Cyberspies Use Supply Chain Attack to Deliver Windows, macOS Malware
Also referred to as APT27, Bronze Union, Emissary Panda, Lucky Mouse, and TG-3390 (Threat Group 3390), Iron Tiger has been active since at least 2010, targeting hundreds of organizations worldwide for cyberespionage purposes. As part of recent attacks, the advanced persistent threat (APT) group abused the compromised servers of MiMi – an instant messaging application…
DogWalk and several vulnerabilities in Exchange
With this August patch Tuesday Microsoft fixed more than a hundred vulnerabilities. Some of the vulnerabilities require special attention from corporate cybersecurity personal. Among them there are 17 critical ones, two of which are zero-days. At least one vulnerability has already been actively exploited in the wild, so it would be wise not to delay…
Microsoft Publishes Office Symbols to Improve Bug Hunting
Symbols are pieces of information used during debugging, and are contained within Symbol files, which are created by the compiler during application build. Some of these symbols are called ‘public symbols’. They contain basic information, such as function names and global variables, and are used in all forms of debugging. Symbol files that contain only…
