High Speed VPS servers
The Indonesian government has acknowledged a significant ransomware attack on its national datacenter, operated by the Ministry of Communication and Information Technology (Kominfo), known as the National Data Center or Pusat Data Nasional (PDN). via GIPHY The attack, reportedly involving Continue reading Indonesian Government Datacenter Targeted by $8M LockBit 3.0 Ransomware Attack
On June 25, 2024, Wordfence security researcher Chloe Chamberland alerted that several WordPress plugins have been compromised to inject malicious code, enabling the creation of rogue administrator accounts for performing arbitrary actions. via GIPHY The injected malware creates new administrative Continue reading Hackers Compromise WordPress Plugins to Create Rogue Admin Accounts
The data breach at Australian telecommunications company Optus, which resulted in the exposure of personal information for over nine million customers, has been attributed to a coding error that compromised API access controls and remained unaddressed for years. via GIPHY Continue reading Coding Error in Forgotten API Leads to Massive Data Breach at Optus
Cybersecurity researchers have identified a new evasive malware loader, SquidLoader, which is spreading through phishing campaigns aimed at Chinese organizations. via GIPHY AT&T LevelBlue Labs, who first detected SquidLoader in late April 2024, noted that the malware has features designed Continue reading Researchers Identify New Evasive SquidLoader Malware Targeting Chinese Organizations
Two security vulnerabilities affecting the Mailcow open-source mail server suite have been disclosed, potentially enabling malicious actors to execute arbitrary code on vulnerable instances. via GIPHY These flaws impact all versions of Mailcow released before April 4, 2024. SonarSource responsibly Continue reading Mailcow Mail Server Vulnerabilities Allow Remote Code Execution
Chinese hackers breached 20,000 Fortinet FortiGate systems worldwide in 2022 and 2023, using this access to target Western governments and private defense companies in a scheme described as “much more extensive than previously known.” FortiGate is Fortinet’s firewall and network Continue reading Chinese Hackers Exploit Firewall Vulnerability to Deploy ‘Coathanger’ Malware
Cybersecurity researchers have identified an ongoing cryptojacking campaign targeting misconfigured Kubernetes clusters to mine Dero cryptocurrency. Cloud security firm Wiz has uncovered this activity, describing it as an updated variant of a financially motivated operation first reported by CrowdStrike in Continue reading Cryptojacking Campaign Exploits Misconfigured Kubernetes Clusters for Dero Mining
A previously undocumented cross-platform malware, Noodle RAT, has been utilized by Chinese-speaking threat actors for espionage or cybercrime for several years. Initially categorized as a variant of Gh0st RAT and Rekoobe, Trend Micro security researcher Hara Hiroaki clarified, “this backdoor Continue reading Newly Discovered ‘Noodle RAT’ Malware Targets Windows and Linux Systems
WooCommerce has issued an advisory about an XSS vulnerability, while Wordfence simultaneously flagged a critical flaw in the Dokan Pro WooCommerce plugin. This vulnerability, identified as a SQL Injection issue, enables unauthenticated attackers to extract sensitive information from a website’s Continue reading Vulnerabilities Discovered in WooCommerce and Dokan Pro Plugins
A ransomware gang known as TellYouThePass has swiftly exploited a critical vulnerability in Windows installations of the PHP web scripting language. This vulnerability, tracked as CVE-2024-4577, was targeted by the group just hours after researchers released a proof-of-concept script. via Continue reading Ransomware Gang TellYouThePass Exploits PHP Vulnerability
Threat actors are impersonating GitHub’s security and recruitment teams in phishing attacks designed to hijack repositories through malicious OAuth apps. This ongoing extortion campaign has been wiping compromised repositories. Since February, dozens of developers have received deceptive job offers or Continue reading Gitloker Attacks Exploit GitHub Notifications to Push Malicious OAuth Apps
Cybersecurity researchers have uncovered a new vulnerability in PHP that could allow attackers to execute malicious code remotely. Tracked as CVE-2024-4577, this CGI argument injection vulnerability affects all versions of PHP on Windows operating systems. It was inadvertently introduced while Continue reading PHP Vulnerability Exposes Windows Servers to Remote Attacks
A critical remote code execution (RCE) vulnerability has been discovered in PHP for Windows, affecting version 5.x and earlier, potentially impacting millions of servers globally. Researchers at cybersecurity firm DEVCORE identified the flaw, tracked as CVE-2024-4577. via GIPHY This vulnerability Continue reading PHP Addresses Critical RCE Flaw Potentially Impacting Millions of Servers
Cybersecurity researchers have revealed new details about the threat actor Sticky Werewolf, which has recently expanded its cyber attack campaigns to include entities in Russia and Belarus. Recent phishing attacks targeted a pharmaceutical company, a Russian microbiology and vaccine research Continue reading Sticky Werewolf Expands Cyber Attack Targets in Russia and Belarus
The Muhstik botnet, known for its distributed denial-of-service (DDoS) attacks, is exploiting a recently patched security vulnerability in Apache RocketMQ to commandeer vulnerable servers and expand its reach. via GIPHY Aqua, a cloud security firm, reported that Muhstik is Continue reading Muhstik Botnet Exploits Apache RocketMQ Flaw to Amplify DDoS Attacks
If you haven’t upgraded to version 1.3.0 of Apache HugeGraph, now is the time. At least two proof-of-concept (POC) exploits for a CVSS 9.8-rated remote command execution (RCE) vulnerability in the open-source graph database have been made public. Apache HugeGraph Continue reading POC Exploit Code Published for Critical Apache HugeGraph RCE Vulnerability
A cyberattack targeting customers of cloud storage provider Snowflake is rapidly escalating and may become one of the largest data breaches ever recorded. Last week, Snowflake, which facilitates massive dataset storage for companies, revealed that hackers have been attempting to Continue reading The Snowflake Attack Could Become One of the Largest Data Breaches in History
Cybersecurity researchers have discovered a harmful Python package on the Python Package Index (PyPI) repository, designed to deploy an information-stealing malware known as Lumma (also referred to as LummaC2). via GIPHY The malicious package, named crytic-compilers, is a typosquatted version Continue reading Fake “Crytic-Compilers” Target Python Developers on PyPI
Snowflake, the cloud computing and analytics giant, has raised an alarm about a credential theft campaign hitting a “limited number” of its customers. In a joint statement with cybersecurity firms CrowdStrike and Google-owned Mandiant, Snowflake reassured users: “We have not Continue reading Snowflake Compromised: Hackers Exploit Stolen Credentials
In 2023, Mandiant observed a significant uptick in ransomware activity, particularly noting a sharp rise in data theft and public data leak site use. The cybersecurity firm reported these findings in a blog post, highlighting an overall increase in ransomware Continue reading Mandiant Reports 20% Surge in Ransomware Investigations for 2023