eSecurity Planet

FEBRUARY 23, 2022

How can an industrial recycler safely secure its $400,000 hard drive recertification rack with control software that only runs on Windows XP? Although the number of hospitals applying solutions such as network segmentation continues to grow, researchers estimated less than half of the hospitals in the United States had begun the process.

Risk 120

Risk Security IoT Communications 120

Security Affairs

JANUARY 14, 2022

Microsoft Defender allows users to exclude locations on their machines that should be excluded from scanning by the security solution. The issue seems to affect Windows 10 21H1 and Windows 10 21H2 since at least eight years, but it does not affect Windows 11. exclusions on servers and local machines via group policies.

Access 140

Access Security IT Information Security 140

eSecurity Planet

FEBRUARY 19, 2024

February 13, 2024 Zoom Fixes Critical Vulnerability in Windows Products Type of vulnerability: Improper input validation. The problem: Zoom recently patched a flaw that affected three of its Windows-facing software products: Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows.

Ransomware 92

Ransomware Cybersecurity Access Passwords 92

Security Affairs

JUNE 22, 2021

DirtyMoe is a Windows botnet that is rapidly growing, it passed from 10,000 infected systems in 2020 to more than 100,000 in the first half of 2021. The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. ” continues the report.

Mining 128

Mining Passwords Communications IT 128

Security Affairs

SEPTEMBER 1, 2023

The Key Group ransomware deletes volume shadow copies using living-off-the-land binaries (LOLBINs) and backups made with the Windows Server Backup tool. The ransomware also disables updates from multiple anti-malware solutions (i.e Avast, ESET, and Kaspersky) by modifying the hosts file inside the Windows OS.

Ransomware 112

Ransomware Encryption Access Security 112

eSecurity Planet

AUGUST 10, 2022

The company put its zero trust solutions to the test by simulating attacks based on real threat actors’ tactics, techniques, and procedures. See the Best Zero Trust Security Solutions. To assess Illumio ZTS, Bishop Fox’s assessment team chose an infrastructure-as-code solution. server running a Splunk server.

Ransomware 116

Ransomware Digital transformation Access Cybersecurity 116

eSecurity Planet

AUGUST 28, 2023

But that’s not all — last week also brought yet another Windows vulnerability: Deep Instinct reported tactics for exploiting the Windows Filtering Platform, so add that to the list of Windows vulnerabilities to mitigate. Threat actors can use WFP to escalate their privileges on Windows.

Authentication 81

Authentication Ransomware Passwords Cybersecurity 81

Security Affairs

SEPTEMBER 17, 2021

Security researchers spotted a new malware that uses Windows Subsystem for Linux (WSL) to evade detection in attacks against Windows machines. Security researchers from Lumen’s Black Lotus Labs have discovered several malicious Linux binaries developed to target the Windows Subsystem for Linux (WSL). 137:1338/stagers/l5l.py.

Libraries 122

Libraries Communications Security IT 122

Security Affairs

JANUARY 23, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds VMware vCenter Server Out-of-Bounds Write bug to its Known Exploited Vulnerabilities catalog. vCenter Server is a critical component in VMware virtualization and cloud computing software suite. “As reads the report published by Mandiant.

IT 113

IT Cybersecurity Cloud Risk 113

Security Affairs

SEPTEMBER 11, 2023

“HijackLoader utilizes syscalls to evade monitoring from security solutions, detects specific processes based on an embedded blocklist, and delays code execution at different stages.” The loader determines if the final payload has been embedded in the binary or if it has to download it from an external server. mozilla.org).

Security 128

Security Access IT Information Security 128

Security Affairs

MARCH 10, 2020

Today Microsoft accidentally leaked info about a new wormable vulnerability (CVE-2020-0796) in the Microsoft Server Message Block (SMB) protocol. Today Microsoft accidentally leaked info on a security update for a wormable vulnerability in the Microsoft Server Message Block (SMB) protocol. sys file that it can be done by.

Communications 144

Communications Security IT 144

Security Affairs

JULY 20, 2022

Kaspersky researchers discovered a new ransomware family written in Rust, named Luna, that targets Windows, Linux, and ESXi systems. Researchers from Kaspersky Lab detailed a new ransomware family named Luna, which is written in Rust and is able to target Windows, Linux, and ESXi systems. ” concludes the report.

Ransomware 130

Ransomware Encryption IT Security 130

Krebs on Security

JUNE 15, 2022

Microsoft on Tuesday released software updates to fix 60 security vulnerabilities in its Windows operating systems and other software, including a zero-day flaw in all supported Microsoft Office versions on all flavors of Windows that’s seen active exploitation for at least two months now. that earned a CVSS score of 9.8 (10

Cloud 224

Cloud Security IT Cybersecurity 224

Security Affairs

FEBRUARY 26, 2022

SockDetour serves as a backup fileless Windows backdoor in case the primary one is removed. The analysis of one of the command and control (C2) servers used by TiltedTemple operators revealed the presence of other miscellaneous tools, including memory dumping tool and several webshells.

Education 92

Education Encryption Ransomware Cybersecurity 92

eSecurity Planet

MARCH 19, 2024

The two critical vulnerabilities affect Windows Hyper-V. Microsoft Compressed Folder CVE-2024-26185 : Only applies to Windows 11 where attackers could use specially crafted files or links to tamper with compressed folders. Windows Kubernetes Clusters Vulnerable to Command Injection Type of vulnerability: Command injection attack.

Authentication 96

Authentication Cybersecurity Ransomware Security 96

Security Affairs

JANUARY 11, 2022

AvosLocker is the latest ransomware that implemented the capability to encrypt Linux systems including VMware ESXi servers. AvosLocker expands its targets by implementing the support for encrypting Linux systems, specifically VMware ESXi servers, Bleeping computed reported. ” reported BleepingComputer. Pierluigi Paganini.

Ransomware 118

Ransomware Encryption Government Security 118

Security Affairs

AUGUST 1, 2021

GhostEmperor used a loading scheme that relies on a component of the Cheat Engine open-source project, which allows it to bypass the Windows Driver Signature Enforcement mechanism. “The group stands out because it uses a formerly unknown Windows kernel-mode rootkit. Follow me on Twitter: @securityaffairs and Facebook.

Government 114

Government Access Security IT 114

eSecurity Planet

OCTOBER 11, 2023

CVE-2023-44487 , an HTTP/2 rapid reset attack with recommended workarounds HTTP/2 Flaw Leads to Record DDoS Attacks The HTTP/2 protocol flaw made headlines before the Patch Tuesday list was released, as Google, AWS and Cloudflare jointly announced that the flaw affected almost all web servers and has led to record-shattering DDoS attacks.

Authentication 95

Authentication Phishing Cybersecurity Access 95

Security Affairs

MAY 31, 2021

A security researcher discovered a bug in PatchGuard Windows security feature that can allow loading unsigned malicious code into the Windows kernel. Japanese researcher Kento Oki has discovered a bug in PatchGuard that could be exploited by an attacker to load unsigned malicious code into the Windows operating system kernel.

Security 134

Security IT Cybersecurity Information Security 134

Security Affairs

AUGUST 21, 2022

The Donot Team threat actor, aka APT-C-35 , has added new capabilities to its Jaca Windows malware framework. “Morphisec Labs has identified a new DoNot infection chain that introduces new modules to the Windows framework. This is because popular security solutions such as NGAV, EDR, EPP, XDR etc.

IT 95

IT Phishing Military Encryption 95

eSecurity Planet

SEPTEMBER 5, 2023

And a rather ingenious application of the Windows Container Isolation Framework demonstrates the potential vulnerability of endpoint security measures. Unpatched devices can give attackers privileged access to networks, particularly those set up as VPN virtual servers, ICA proxies, RDP proxies, or AAA servers. are affected.

Ransomware 91

Ransomware Authentication Cybersecurity Access 91

Security Affairs

JUNE 14, 2023

The technique was used by malware authors to achieve administrative access within VMware ESXi Hypervisors and take over vCenter servers and virtual machines for Windows and Linux. The CVE-2023-20867 flaw is exclusively exploitable by an attacker with root access to the ESXi server. ” concludes the report.

Cleanup 88

Cleanup Authentication Access Communications 88

eSecurity Planet

APRIL 15, 2024

Threats range from severe weaknesses in Ivanti’s VPN appliances to zero-day exploits in popular software such as Palo Alto Networks’ PAN-OS and Telegram’s Windows client. April 9, 2024 Critical Windows Command Injection Vulnerability in Rust Standard Library Type of vulnerability: Command injection. are vulnerable.

Libraries 93

Libraries Risk Cybersecurity Honeypots 93

Security Affairs

DECEMBER 14, 2022

The botnet was named GoTrim because it was written in Go and uses “:::trim::: ” to split data sent and received from the C2 server. “GoTrim only reports credentials to the C2 server after a successful brute force attempt.” The malware uses a bot network to perform distributed brute force attacks against target websites.

CMS 130

CMS Encryption Risk Passwords 130

eSecurity Planet

AUGUST 28, 2023

But that’s not all — last week also brought yet another Windows vulnerability: Deep Instinct reported tactics for exploiting the Windows Filtering Platform, so add that to the list of Windows vulnerabilities to mitigate. Threat actors can use WFP to escalate their privileges on Windows.

Authentication 65

Authentication Ransomware Passwords Cybersecurity 65

Security Affairs

DECEMBER 16, 2020

HPE has disclosed a zero-day vulnerability in the latest versions of its HPE Systems Insight Manager (SIM) software for both Windows and Linux. Hewlett Packard Enterprise (HPE) has disclosed a zero-day remote code execution flaw that affects the latest versions of its HPE Systems Insight Manager (SIM) software for Windows and Linux.

CMS 131

CMS Security IT Access 131

eSecurity Planet

JULY 1, 2022

The goal is to pivot from the router to workstations in the targeted network, where other RATs will be deployed to establish persistent and undetected communication channels (C2 servers). C2 servers that interact with the Windows RATs were hosted on internet services from China-based organizations such as Alibaba’s Yuque and Tencent.

File names 113

File names Access Communications Security 113

Krebs on Security

MARCH 9, 2023

Typically installed by booby-trapped Microsoft Office documents and distributed via email, NetWire is a multi-platform threat that is capable of targeting not only Microsoft Windows machines but also Android , Linux and Mac systems. In October 2012, the WorldWiredLabs domain moved to another dedicated server at the Internet address 198.91.90.7,

Access 234

Access Passwords Sales Retail 234

Thales Cloud Protection & Licensing

JANUARY 20, 2022

Due to growing mobility and remote working, more and more users need to access enterprise resources from multiple types of devices, owned - or not - by the company: mobile phones, tablets, Windows or Mac or Chromebooks. Users who need to access IT resources from a legacy Windows laptop, a Chromebook or a Mac.

Authentication 143

Authentication Data breaches Access Retail 143

Security Affairs

AUGUST 2, 2022

RaaS operation has been abusing the Windows Defender command-line tool to deploy Cobalt Strike payloads. ransomware-as-a-service (RaaS) operation abusing the Windows Defender command line tool MpCmdRun.exe to decrypt and load Cobalt Strike payloads. affiliate sideloads Cobalt Strike through Windows Defender? Pierluigi Paganini.

Ransomware 98

Ransomware Security Information Security IT 98

Security Affairs

SEPTEMBER 28, 2021

Trend Micro has addressed a critical authentication bypass vulnerability, tracked as CVE-2021-36745, affecting the ServerProtect solution. Trend Micro Server Protect offers comprehensive real-time protection for enterprise infrastructure, preventing them from being targeted by viruses, spyware, and other Web threats. . .

Authentication 80

Authentication IT Access Security 80

Security Affairs

NOVEMBER 23, 2023

The installer is hosted on legitimate update infrastructure owned by software firm CyberLink and includes checks to limit the time window for execution and evade detection by security products. The attackers connect the malicious code to previously compromised C2 servers. ” reads the report published by Microsoft.

Security 107

Security IT Information Security 107

eSecurity Planet

FEBRUARY 26, 2024

Critical vulnerabilities have been discovered across multiple systems, including Microsoft Exchange Servers, the Bricks Builder Theme for WordPress, VMware, ScreenConnect, Joomla, and Apple Shortcuts. Up to 97,000 servers are exposed, potentially allowing unwanted access to sensitive data and exploitation for subsequent network intrusions.

Risk 106

Risk Authentication Systems administration Ransomware 106

Security Affairs

NOVEMBER 11, 2022

The IAB claims to have access to around 21000 machines in the bank’s network, most of which are Windows systems. It also claims that the compromised machines were protected with a Symantec EDR solution. FTP , Shells , root , SQL-inj, DB, Servers. Also internal network filters TCP,UDP,HTTP & HTTPS.

Access 93

Access Sales Communications Insurance 93

Security Affairs

MARCH 9, 2023

. “Between January and February 2023, FortiGuard Labs observed a payload targeting an exploitable Oracle Weblogic Server in a specific URI.” It already has an updated version, and the seller’s webpage (Figure 1) guarantees that it can bypass Windows Defender and provide anti-debug and some bypass functions.”

Mining 90

Mining Encryption Sales Security 90

Security Affairs

MARCH 15, 2022

Veeam has released security patches to fix two critical vulnerabilities, tracked as CVE-2022-26500 and CVE-2022-26501 (CVSS score of 9.8), impacting the Backup & Replication solution for virtual environments.

Authentication 91

Authentication Access Security IT 91

Security Affairs

MAY 25, 2021

“Buffer Overflow in Windows File Resource Profiles in 9.X “The solution for this vulnerability is to upgrade the Pulse Connect Secure server software version to the 9.1R.11.5. “The solution for this vulnerability is to upgrade the Pulse Connect Secure server software version to the 9.1R.11.5.

Security 99

Security Authentication Libraries Access 99