article thumbnail

PoC exploit for critical RCE flaw in Fortra FileCatalyst transfer tool released

Security Affairs

Upload a command shell with a pseudo-randomly generated file name. With previously disclosed flaws in Fortra GoAnywhere managed file transfer (MFT) coming under heavy exploitation last year by threat actors like Cl0p, it’s recommended that users have applied the necessary updates to mitigate potential threats.

article thumbnail

A new Linux Botnet abuses IaC Tools to spread and other emerging techniques

Security Affairs

A new Linux botnet uses Tor through a network of proxies using the Socks5 protocol, abuses legitimate DevOps tools, and other emerging techniques. Experts highlighted that this Linux botnet downloads all the files it needs from the Tor network, including legitimate binaries like ss , ps , and curl. for spreading. Pierluigi Paganini.

Mining 92
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Emsisoft released a new free decryption tool for the Avest ransomware

Security Affairs

Emsisoft security firm has released a new free decryption tool for the Avest ransomware, a few days after the release of WannaCryFake decryptor. Emsisoft security firm has released a new free decryption tool for the Avest ransomware, a few days ago the researchers also released a free decryptor for the WannaCryFake ransomware.

article thumbnail

“gitgub” malware campaign targets Github users with RisePro info-stealer

Security Affairs

The experts noticed that this campaign was named “gitgub” by its operators. The experts created a threat-hunting tool that allowed them to identify the repositories involved in this campaign. “We identified at least 13 such repositories belonging to a RisePro stealer campaign that was named “gitgub” by the threat actors. .”

Passwords 104
article thumbnail

Sofacy APT group used a new tool in latest attacks, the Cannon

Security Affairs

The novelty in the last attacks is represented by the use of a tool that has not been seen before, attackers also used an uncommon technique to deliver the malware and to avoid running in a sandbox. Hackers used weaponized files named ‘crash list (Lion Air Boeing 737).docx’ docx’ for their campaigns.

article thumbnail

Vietnamese threat actors linked to DarkGate malware campaign

Security Affairs

“The overlap of tools and campaigns is very likely due to the effects of a cybercrime marketplace and ecosystem described in the WithSecure Professionalization of Cybercrime report. WithSecure speculates that these groups are a closely related cluster of operators/groups. ” reads the report published by WithSecure.

article thumbnail

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs

The Federal Bureau of Investigation (FBI) issued an alert to warn that the Mamba ransomware is abusing the DiskCryptor open source tool to encrypt entire drives. Mamba ransomware is one of the first malware that encrypted hard drives rather than files that was detected in public attacks. ” reads the alert published by the FBI.