Hackers Deploy “SUBMARINE” Backdoor in Barracuda Email Security Gateway Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday disclosed details of a “novel persistent backdoor” called SUBMARINE deployed by threat actors in connection with the hack on Barracuda Email Security Gateway (ESG) appliances. “SUBMARINE comprises multiple artifacts — including a SQL trigger, shell scripts, and a loaded library for a Linux daemon — that together […]
Zimbra issues awaited patch for actively exploited vulnerability
Two weeks ago, we urged readers to apply a workaround for an actively exploited vulnerability in Zimbra Collaboration Suite (ZCS) email servers. Zimbra has released ZCS 10.0.2 that fixes two security issues, including the known bug that could lead to exposure of internal JSP and XML files. Zimbra is an open source webmail application used for messaging […]
N. Korean Lazarus Group Suspected in $37.3M CoinsPaid Crypto Heist
By Habiba Rashid CoinsPaid’s internal systems were compromised, prompting the firm to temporarily halt operations for four days. This is a post from HackRead.com Read the original post: N. Korean Lazarus Group Suspected in $37.3M CoinsPaid Crypto Heist
Mobile Device Management: Securing the modern workplace
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. More mobile devices, more problems. The business landscape has shifted dramatically, as more endpoints connect to corporate networks from a wider variety of […]
Malvertising Attack Drops BlackCat Ransomware via Fake Search Results
By Waqas Happeneing through Google Search, hackers use a malicious ISO archive to distribute files that direct users to fake download pages of popular business applications. This is a post from HackRead.com Read the original post: Malvertising Attack Drops BlackCat Ransomware via Fake Search Results
IcedID Malware Adapts and Expands Threat with Updated BackConnect Module
The threat actors linked to the malware loader known as IcedID have made updates to the BackConnect (BC) module that’s used for post-compromise activity on hacked systems, new findings from Team Cymru reveal. IcedID, also called BokBot, is a strain of malware similar to Emotet and QakBot that started off as a banking trojan in 2017, before switching to […]
STARK#MULE Targets Koreans with U.S. Military-themed Document Lures
An ongoing cyber attack campaign has set its sights on Korean-speaking individuals by employing U.S. Military-themed document lures to trick them into running malware on compromised systems. Cybersecurity firm Securonix is tracking the activity under the name STARK#MULE. “Based on the source and likely targets, these types of attacks are on par with past attacks stemming […]
A Data Exfiltration Attack Scenario: The Porsche Experience
As part of Checkmarx’s mission to help organizations develop and deploy secure software, the Security Research team started looking at the security posture of major car manufacturers. Porsche has a well-established Vulnerability Reporting Policy (Disclosure Policy)[1], it was considered in scope for our research, so we decided to start there, and see what we could find. What […]
Data Leak Exposes 572 GB of Student, Faculty Info from Accreditation Org
By Habiba Rashid The data leak originated from a database owned by the Southern Association of Independent Schools, Inc. (SAIS). This is a post from HackRead.com Read the original post: Data Leak Exposes 572 GB of Student, Faculty Info from Accreditation Org
Hackers Abusing Windows Search Feature to Install Remote Access Trojans
A legitimate Windows search feature is being exploited by malicious actors to download arbitrary payloads from remote servers and compromise targeted systems with remote access trojans such as AsyncRAT and Remcos RAT. The novel attack technique, per Trellix, takes advantage of the “search-ms:” URI protocol handler, which offers the ability for applications and HTML links […]