Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks

Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks,

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw in Zyxel gear to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
Tracked as CVE-2023-28771 (CVSS score: 9.8), the issue relates to a command injection flaw impacting different firewall models that could enable an unauthenticated attacker

,

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw in Zyxel gear to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
Tracked as CVE-2023-28771 (CVSS score: 9.8), the issue relates to a command injection flaw impacting different firewall models that could enable an unauthenticated attacker

, ,
https://thehackernews.com/2023/06/active-mirai-botnet-variant-exploiting.html

Urgent WordPress Update Fixes Critical Flaw in Jetpack Plugin on Million of Sites

Urgent WordPress Update Fixes Critical Flaw in Jetpack Plugin on Million of Sites,

WordPress has issued an automatic update to address a critical flaw in the Jetpack plugin that’s installed on over five million sites.
The vulnerability, which was unearthed during an internal security audit, resides in an API present in the plugin since version 2.0, which was released in November 2012.
“This vulnerability could be used by authors on a site to manipulate any files in the

,

WordPress has issued an automatic update to address a critical flaw in the Jetpack plugin that’s installed on over five million sites.
The vulnerability, which was unearthed during an internal security audit, resides in an API present in the plugin since version 2.0, which was released in November 2012.
“This vulnerability could be used by authors on a site to manipulate any files in the

, ,
https://thehackernews.com/2023/06/urgent-wordpress-update-fixes-critical.html

Cybercriminals Targeting Apache NiFi Instances for Cryptocurrency Mining

Cybercriminals Targeting Apache NiFi Instances for Cryptocurrency Mining,

A financially motivated threat actor is actively scouring the internet for unprotected Apache NiFi instances to covertly install a cryptocurrency miner and facilitate lateral movement.
The findings come from the SANS Internet Storm Center (ISC), which detected a spike in HTTP requests for “/nifi” on May 19, 2023.
“Persistence is achieved via timed processors or entries to cron,” said Dr.

,

A financially motivated threat actor is actively scouring the internet for unprotected Apache NiFi instances to covertly install a cryptocurrency miner and facilitate lateral movement.
The findings come from the SANS Internet Storm Center (ISC), which detected a spike in HTTP requests for “/nifi” on May 19, 2023.
“Persistence is achieved via timed processors or entries to cron,” said Dr.

, ,
https://thehackernews.com/2023/05/cybercriminals-targeting-apache-nifi.html

Critical Firmware Vulnerability in Gigabyte Systems Exposes ~7 Million Devices

Critical Firmware Vulnerability in Gigabyte Systems Exposes ~7 Million Devices,

Cybersecurity researchers have found « backdoor-like behavior » within Gigabyte systems, which they say enables the UEFI firmware of the devices to drop a Windows executable and retrieve updates in an unsecure format.
Firmware security firm Eclypsium said it first detected the anomaly in April 2023. Gigabyte has since acknowledged and addressed the issue.
« Most Gigabyte firmware includes a Windows

,

Cybersecurity researchers have found « backdoor-like behavior » within Gigabyte systems, which they say enables the UEFI firmware of the devices to drop a Windows executable and retrieve updates in an unsecure format.
Firmware security firm Eclypsium said it first detected the anomaly in April 2023. Gigabyte has since acknowledged and addressed the issue.
« Most Gigabyte firmware includes a Windows

, ,
https://thehackernews.com/2023/05/critical-firmware-vulnerability-in.html

Beware of Ghost Sites: Silent Threat Lurking in Your Salesforce Communities

Beware of Ghost Sites: Silent Threat Lurking in Your Salesforce Communities,

Improperly deactivated and abandoned Salesforce Sites and Communities (aka Experience Cloud) could pose severe risks to organizations, leading to unauthorized access to sensitive data.
Data security firm Varonis dubbed the abandoned, unprotected, and unmonitored resources “ghost sites.”
“When these Communities are no longer needed, though, they are often set aside but not deactivated,” Varonis

,

Improperly deactivated and abandoned Salesforce Sites and Communities (aka Experience Cloud) could pose severe risks to organizations, leading to unauthorized access to sensitive data.
Data security firm Varonis dubbed the abandoned, unprotected, and unmonitored resources “ghost sites.”
“When these Communities are no longer needed, though, they are often set aside but not deactivated,” Varonis

, ,
https://thehackernews.com/2023/05/beware-of-ghost-sites-silent-threat.html

Microsoft Details Critical Apple macOS Vulnerability Allowing SIP Protection Bypass

Microsoft Details Critical Apple macOS Vulnerability Allowing SIP Protection Bypass,

Microsoft has shared details of a now-patched flaw in Apple macOS that could be abused by threat actors with root access to bypass security enforcements and perform arbitrary actions on affected devices.
Specifically, the flaw – dubbed Migraine and tracked as CVE-2023-32369 – could be abused to get around a key security measure called System Integrity Protection (SIP), or “rootless,” which

,

Microsoft has shared details of a now-patched flaw in Apple macOS that could be abused by threat actors with root access to bypass security enforcements and perform arbitrary actions on affected devices.
Specifically, the flaw – dubbed Migraine and tracked as CVE-2023-32369 – could be abused to get around a key security measure called System Integrity Protection (SIP), or “rootless,” which

, ,
https://thehackernews.com/2023/05/microsoft-details-critical-apple-macos.html

6 Steps to Effectively Threat Hunting: Safeguard Critical Assets and Fight Cybercrime

6 Steps to Effectively Threat Hunting: Safeguard Critical Assets and Fight Cybercrime,

Finding threat actors before they find you is key to beefing up your cyber defenses. How to do that efficiently and effectively is no small task – but with a small investment of time, you can master threat hunting and save your organization millions of dollars.
Consider this staggering statistic. Cybersecurity Ventures estimates that cybercrime will take a $10.5 trillion toll on the global

,

Finding threat actors before they find you is key to beefing up your cyber defenses. How to do that efficiently and effectively is no small task – but with a small investment of time, you can master threat hunting and save your organization millions of dollars.
Consider this staggering statistic. Cybersecurity Ventures estimates that cybercrime will take a $10.5 trillion toll on the global

, ,
https://thehackernews.com/2023/05/6-steps-to-effective-threat-hunting.html

Dark Pink APT Group Leverages TelePowerBot and KamiKakaBot in Sophisticated Attacks

Dark Pink APT Group Leverages TelePowerBot and KamiKakaBot in Sophisticated Attacks,

The threat actor known as Dark Pink has been linked to five new attacks aimed at various entities in Belgium, Brunei, Indonesia, Thailand, and Vietnam between February 2022 and April 2023.
This includes educational entities, government agencies, military bodies, and non-profit organizations, indicating the adversarial crew’s continued focus on high-value targets.
Dark Pink, also called Saaiwc

,

The threat actor known as Dark Pink has been linked to five new attacks aimed at various entities in Belgium, Brunei, Indonesia, Thailand, and Vietnam between February 2022 and April 2023.
This includes educational entities, government agencies, military bodies, and non-profit organizations, indicating the adversarial crew’s continued focus on high-value targets.
Dark Pink, also called Saaiwc

, ,
https://thehackernews.com/2023/05/dark-pink-apt-group-leverages.html

RomCom RAT Using Deceptive Web of Rogue Software Sites for Covert Attacks

RomCom RAT Using Deceptive Web of Rogue Software Sites for Covert Attacks,

The threat actors behind RomCom RAT are leveraging a network of fake websites advertising rogue versions of popular software at least since July 2022 to infiltrate targets.
Cybersecurity firm Trend Micro is tracking the activity cluster under the name Void Rabisu, which is also known as Tropical Scorpius (Unit 42) and UNC2596 (Mandiant).
« These lure sites are most likely only meant for a small

,

The threat actors behind RomCom RAT are leveraging a network of fake websites advertising rogue versions of popular software at least since July 2022 to infiltrate targets.
Cybersecurity firm Trend Micro is tracking the activity cluster under the name Void Rabisu, which is also known as Tropical Scorpius (Unit 42) and UNC2596 (Mandiant).
« These lure sites are most likely only meant for a small

, ,
https://thehackernews.com/2023/05/romcom-rat-using-deceptive-web-of-rogue.html

Alert: Hackers Exploit Barracuda Email Security Gateway 0-Day Flaw for 7 Months

Alert: Hackers Exploit Barracuda Email Security Gateway 0-Day Flaw for 7 Months,

Enterprise security firm Barracuda on Tuesday disclosed that a recently patched zero-day flaw in its Email Security Gateway (ESG) appliances had been abused by threat actors since October 2022 to backdoor the devices.
The latest findings show that the critical vulnerability, tracked as CVE-2023-2868 (CVSS score: N/A), has been actively exploited for at least seven months prior to its discovery.

,

Enterprise security firm Barracuda on Tuesday disclosed that a recently patched zero-day flaw in its Email Security Gateway (ESG) appliances had been abused by threat actors since October 2022 to backdoor the devices.
The latest findings show that the critical vulnerability, tracked as CVE-2023-2868 (CVSS score: N/A), has been actively exploited for at least seven months prior to its discovery.

, ,
https://thehackernews.com/2023/05/alert-hackers-exploit-barracuda-email.html