eSecurity Planet

FEBRUARY 19, 2024

February 13, 2024 Zoom Fixes Critical Vulnerability in Windows Products Type of vulnerability: Improper input validation. The problem: Zoom recently patched a flaw that affected three of its Windows-facing software products: Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows.

Ransomware 111

Ransomware Cybersecurity Access Passwords 111

eSecurity Planet

AUGUST 28, 2023

But that’s not all — last week also brought yet another Windows vulnerability: Deep Instinct reported tactics for exploiting the Windows Filtering Platform, so add that to the list of Windows vulnerabilities to mitigate. Threat actors can use WFP to escalate their privileges on Windows.

Authentication 97

Authentication Ransomware Passwords Cybersecurity 97

eSecurity Planet

AUGUST 10, 2022

The company put its zero trust solutions to the test by simulating attacks based on real threat actors’ tactics, techniques, and procedures. See the Best Zero Trust Security Solutions. To assess Illumio ZTS, Bishop Fox’s assessment team chose an infrastructure-as-code solution. server running a Splunk server.

Ransomware 132

Ransomware Digital transformation Access Cybersecurity 132

eSecurity Planet

MARCH 19, 2024

The two critical vulnerabilities affect Windows Hyper-V. Microsoft Compressed Folder CVE-2024-26185 : Only applies to Windows 11 where attackers could use specially crafted files or links to tamper with compressed folders. Windows Kubernetes Clusters Vulnerable to Command Injection Type of vulnerability: Command injection attack.

Authentication 116

Authentication Cybersecurity Ransomware Security 116

Security Affairs

NOVEMBER 25, 2023

Following that, the threat actors illicitly accessed an internet-side server from a network-connected PC by exploiting a system vulnerability. The attackers abused the data synchronization function of the network-linked system to spread the malicious code to the business-side server. ” continues the report.

Authentication 106

Authentication Encryption Access Security 106

Security Affairs

JANUARY 14, 2022

Microsoft Defender allows users to exclude locations on their machines that should be excluded from scanning by the security solution. The issue seems to affect Windows 10 21H1 and Windows 10 21H2 since at least eight years, but it does not affect Windows 11. exclusions on servers and local machines via group policies.

Access 139

Access Security IT Information Security 139

eSecurity Planet

AUGUST 28, 2023

But that’s not all — last week also brought yet another Windows vulnerability: Deep Instinct reported tactics for exploiting the Windows Filtering Platform, so add that to the list of Windows vulnerabilities to mitigate. Threat actors can use WFP to escalate their privileges on Windows.

Authentication 84

Authentication Ransomware Passwords Cybersecurity 84

eSecurity Planet

OCTOBER 11, 2023

CVE-2023-44487 , an HTTP/2 rapid reset attack with recommended workarounds HTTP/2 Flaw Leads to Record DDoS Attacks The HTTP/2 protocol flaw made headlines before the Patch Tuesday list was released, as Google, AWS and Cloudflare jointly announced that the flaw affected almost all web servers and has led to record-shattering DDoS attacks.

Authentication 109

Authentication Phishing Cybersecurity Access 109

Security Affairs

SEPTEMBER 1, 2023

The Key Group ransomware deletes volume shadow copies using living-off-the-land binaries (LOLBINs) and backups made with the Windows Server Backup tool. The ransomware also disables updates from multiple anti-malware solutions (i.e Avast, ESET, and Kaspersky) by modifying the hosts file inside the Windows OS.

Ransomware 111

Ransomware Encryption Access Security 111

Security Affairs

SEPTEMBER 17, 2021

Security researchers spotted a new malware that uses Windows Subsystem for Linux (WSL) to evade detection in attacks against Windows machines. Security researchers from Lumen’s Black Lotus Labs have discovered several malicious Linux binaries developed to target the Windows Subsystem for Linux (WSL). 137:1338/stagers/l5l.py.

Libraries 121

Libraries Communications Security IT 121

Security Affairs

JUNE 22, 2021

DirtyMoe is a Windows botnet that is rapidly growing, it passed from 10,000 infected systems in 2020 to more than 100,000 in the first half of 2021. The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. ” continues the report.

Mining 127

Mining Passwords Communications IT 127

eSecurity Planet

APRIL 29, 2024

An old Microsoft Windows spooler flaw is added to the CISA KEV list, and the Cactus Ransomware gang currently pursues unfixed Qlik Sense servers with a vulnerability patched in September 2023. April 22, 2024 CISA Adds 2022 Windows Print Spooler Vulnerability to KEV Catalog Type of vulnerability: Elevation of privilege.

Cybersecurity 67

Cybersecurity Ransomware Access Insurance 67

eSecurity Planet

SEPTEMBER 5, 2023

And a rather ingenious application of the Windows Container Isolation Framework demonstrates the potential vulnerability of endpoint security measures. Unpatched devices can give attackers privileged access to networks, particularly those set up as VPN virtual servers, ICA proxies, RDP proxies, or AAA servers. are affected.

Ransomware 104

Ransomware Authentication Cybersecurity Access 104

Security Affairs

SEPTEMBER 11, 2023

“HijackLoader utilizes syscalls to evade monitoring from security solutions, detects specific processes based on an embedded blocklist, and delays code execution at different stages.” The loader determines if the final payload has been embedded in the binary or if it has to download it from an external server. mozilla.org).

Security 128

Security Access IT Information Security 128

Krebs on Security

JUNE 15, 2022

Microsoft on Tuesday released software updates to fix 60 security vulnerabilities in its Windows operating systems and other software, including a zero-day flaw in all supported Microsoft Office versions on all flavors of Windows that’s seen active exploitation for at least two months now. that earned a CVSS score of 9.8 (10

Cloud 230

Cloud Security IT Cybersecurity 230

Security Affairs

JULY 20, 2022

Kaspersky researchers discovered a new ransomware family written in Rust, named Luna, that targets Windows, Linux, and ESXi systems. Researchers from Kaspersky Lab detailed a new ransomware family named Luna, which is written in Rust and is able to target Windows, Linux, and ESXi systems. ” concludes the report.

Ransomware 130

Ransomware Encryption IT Security 130

Security Affairs

MARCH 10, 2020

Today Microsoft accidentally leaked info about a new wormable vulnerability (CVE-2020-0796) in the Microsoft Server Message Block (SMB) protocol. Today Microsoft accidentally leaked info on a security update for a wormable vulnerability in the Microsoft Server Message Block (SMB) protocol. sys file that it can be done by.

Communications 144

Communications Security IT 144

eSecurity Planet

APRIL 15, 2024

Threats range from severe weaknesses in Ivanti’s VPN appliances to zero-day exploits in popular software such as Palo Alto Networks’ PAN-OS and Telegram’s Windows client. April 9, 2024 Critical Windows Command Injection Vulnerability in Rust Standard Library Type of vulnerability: Command injection. are vulnerable.

Libraries 108

Libraries Risk Cybersecurity Honeypots 108

Security Affairs

JANUARY 23, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds VMware vCenter Server Out-of-Bounds Write bug to its Known Exploited Vulnerabilities catalog. vCenter Server is a critical component in VMware virtualization and cloud computing software suite. “As reads the report published by Mandiant.

IT 112

IT Cybersecurity Cloud Risk 112

Security Affairs

AUGUST 1, 2021

GhostEmperor used a loading scheme that relies on a component of the Cheat Engine open-source project, which allows it to bypass the Windows Driver Signature Enforcement mechanism. “The group stands out because it uses a formerly unknown Windows kernel-mode rootkit. Follow me on Twitter: @securityaffairs and Facebook.

Government 115

Government Access Security IT 115

Security Affairs

JANUARY 11, 2022

AvosLocker is the latest ransomware that implemented the capability to encrypt Linux systems including VMware ESXi servers. AvosLocker expands its targets by implementing the support for encrypting Linux systems, specifically VMware ESXi servers, Bleeping computed reported. ” reported BleepingComputer. Pierluigi Paganini.

Ransomware 118

Ransomware Encryption Government Security 118

Security Affairs

FEBRUARY 26, 2022

SockDetour serves as a backup fileless Windows backdoor in case the primary one is removed. The analysis of one of the command and control (C2) servers used by TiltedTemple operators revealed the presence of other miscellaneous tools, including memory dumping tool and several webshells.

Education 91

Education Encryption Ransomware Cybersecurity 91

Security Affairs

MAY 31, 2021

A security researcher discovered a bug in PatchGuard Windows security feature that can allow loading unsigned malicious code into the Windows kernel. Japanese researcher Kento Oki has discovered a bug in PatchGuard that could be exploited by an attacker to load unsigned malicious code into the Windows operating system kernel.

Security 134

Security IT Cybersecurity Information Security 134

eSecurity Planet

JULY 1, 2022

The goal is to pivot from the router to workstations in the targeted network, where other RATs will be deployed to establish persistent and undetected communication channels (C2 servers). C2 servers that interact with the Windows RATs were hosted on internet services from China-based organizations such as Alibaba’s Yuque and Tencent.

File names 117

File names Access Communications Security 117

Security Affairs

AUGUST 21, 2022

The Donot Team threat actor, aka APT-C-35 , has added new capabilities to its Jaca Windows malware framework. “Morphisec Labs has identified a new DoNot infection chain that introduces new modules to the Windows framework. This is because popular security solutions such as NGAV, EDR, EPP, XDR etc.

IT 94

IT Phishing Military Encryption 94

Security Affairs

DECEMBER 14, 2022

The botnet was named GoTrim because it was written in Go and uses “:::trim::: ” to split data sent and received from the C2 server. “GoTrim only reports credentials to the C2 server after a successful brute force attempt.” The malware uses a bot network to perform distributed brute force attacks against target websites.

CMS 130

CMS Encryption Risk Passwords 130

Krebs on Security

MARCH 9, 2023

Typically installed by booby-trapped Microsoft Office documents and distributed via email, NetWire is a multi-platform threat that is capable of targeting not only Microsoft Windows machines but also Android , Linux and Mac systems. In October 2012, the WorldWiredLabs domain moved to another dedicated server at the Internet address 198.91.90.7,

Access 240

Access Passwords Sales Retail 240

Security Affairs

DECEMBER 16, 2020

HPE has disclosed a zero-day vulnerability in the latest versions of its HPE Systems Insight Manager (SIM) software for both Windows and Linux. Hewlett Packard Enterprise (HPE) has disclosed a zero-day remote code execution flaw that affects the latest versions of its HPE Systems Insight Manager (SIM) software for Windows and Linux.

CMS 131

CMS Security IT Access 131

eSecurity Planet

FEBRUARY 26, 2024

Critical vulnerabilities have been discovered across multiple systems, including Microsoft Exchange Servers, the Bricks Builder Theme for WordPress, VMware, ScreenConnect, Joomla, and Apple Shortcuts. Up to 97,000 servers are exposed, potentially allowing unwanted access to sensitive data and exploitation for subsequent network intrusions.

Risk 113

Risk Authentication Systems administration Ransomware 113

Thales Cloud Protection & Licensing

JANUARY 20, 2022

Due to growing mobility and remote working, more and more users need to access enterprise resources from multiple types of devices, owned - or not - by the company: mobile phones, tablets, Windows or Mac or Chromebooks. Users who need to access IT resources from a legacy Windows laptop, a Chromebook or a Mac.

Authentication 143

Authentication Data breaches Access Retail 143

eSecurity Planet

APRIL 14, 2023

This article will explore the product in depth and explore the features, pros, cons, pricing, and other key aspects of Ivanti’s NAC solution. To compare Ivanti Policy Secure against their competition, see the complete list of top network access control (NAC) solutions. Who Is Ivanti?

Security 97

Security IoT Access Authentication 97

Security Affairs

JUNE 14, 2023

The technique was used by malware authors to achieve administrative access within VMware ESXi Hypervisors and take over vCenter servers and virtual machines for Windows and Linux. The CVE-2023-20867 flaw is exclusively exploitable by an attacker with root access to the ESXi server. ” concludes the report.

Cleanup 87

Cleanup Authentication Access Communications 87

Security Affairs

AUGUST 2, 2022

RaaS operation has been abusing the Windows Defender command-line tool to deploy Cobalt Strike payloads. ransomware-as-a-service (RaaS) operation abusing the Windows Defender command line tool MpCmdRun.exe to decrypt and load Cobalt Strike payloads. affiliate sideloads Cobalt Strike through Windows Defender? Pierluigi Paganini.

Ransomware 98

Ransomware Security Information Security IT 98

eSecurity Planet

MARCH 21, 2022

Using misconfigured multi-factor authentication (MFA) and an unpatched Windows vulnerability, Russian state-sponsored hackers were able to breach a non-governmental organization (NGO) and escalate privileges, the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI revealed last week. Also read: Best Patch Management Software.

Authentication 116

Authentication Passwords Access Systems administration 116

eSecurity Planet

JUNE 2, 2022

It’s a concerning situation, as these vulnerabilities affect widely used (and critical) programs such as Teams, Outlook, Office, SQL Server and Windows and Windows Server. The malware loads itself from remote servers and bypasses Microsoft Defender, according to Nao Sec , a Japanese cybersecurity research team.

Cybersecurity 108

Cybersecurity Sales Security IT 108

Krebs on Security

MARCH 12, 2019

Microsoft on Tuesday pushed out software updates to fix more than five dozen security vulnerabilities in its Windows operating systems, Internet Explorer , Edge , Office and Sharepoint. A security alert from Google last week said attackers were chaining the Windows and Chrome vulnerabilities to drop malicious code onto vulnerable systems.

Security 168

Security Access IT 168

eSecurity Planet

JULY 8, 2022

Organizations require even more sophisticated protection, response, and recovery solutions than what was available even two years ago.”. Also see the Best Business Continuity Solutions. See the Best Backup Solutions for Ransomware Protection. DRaaS solutions can help ensure complete and reliable business continuity.

Ransomware 140

Ransomware Cloud Encryption Marketing 140