Critical RCE Bug Reported in dotCMS Content Management Software

Critical RCE Bug Reported in dotCMS Content Management Software,

A pre-authenticated remote code execution vulnerability has been disclosed in dotCMS, an open-source content management system written in Java and « used by over 10,000 clients in over 70 countries around the globe, from Fortune 500 brands and mid-sized businesses. »
The critical flaw, tracked as CVE-2022-26352, stems from a directory traversal attack when performing file uploads, enabling an

,

A pre-authenticated remote code execution vulnerability has been disclosed in dotCMS, an open-source content management system written in Java and « used by over 10,000 clients in over 70 countries around the globe, from Fortune 500 brands and mid-sized businesses. »
The critical flaw, tracked as CVE-2022-26352, stems from a directory traversal attack when performing file uploads, enabling an

, ,
https://thehackernews.com/2022/05/critical-rce-bug-reported-in-dotcms.html

Ukraine War Themed Files Become the Lure of Choice for a Wide Range of Hackers

Ukraine War Themed Files Become the Lure of Choice for a Wide Range of Hackers,

A growing number of threat actors are using the ongoing Russo-Ukrainian war as a lure in various phishing and malware campaigns, even as critical infrastructure entities continue to be heavily targeted.
« Government-backed actors from China, Iran, North Korea and Russia, as well as various unattributed groups, have used various Ukraine war-related themes in an effort to get targets to open

,

A growing number of threat actors are using the ongoing Russo-Ukrainian war as a lure in various phishing and malware campaigns, even as critical infrastructure entities continue to be heavily targeted.
« Government-backed actors from China, Iran, North Korea and Russia, as well as various unattributed groups, have used various Ukraine war-related themes in an effort to get targets to open

, ,
https://thehackernews.com/2022/05/ukraine-war-themed-files-become-lure-of.html

Critical TLStorm 2.0 Bugs Affect Widely-Used Aruba and Avaya Network Switches

Critical TLStorm 2.0 Bugs Affect Widely-Used Aruba and Avaya Network Switches,

Cybersecurity researchers have detailed as many as five severe security flaws in the implementation of TLS protocol in several models of Aruba and Avaya network switches that could be abused to gain remote access to enterprise networks and steal valuable information.
The findings follow the March disclosure of TLStorm, a set of three critical flaws in APC Smart-UPS devices that could permit an

,

Cybersecurity researchers have detailed as many as five severe security flaws in the implementation of TLS protocol in several models of Aruba and Avaya network switches that could be abused to gain remote access to enterprise networks and steal valuable information.
The findings follow the March disclosure of TLStorm, a set of three critical flaws in APC Smart-UPS devices that could permit an

, ,
https://thehackernews.com/2022/05/critical-tlstorm-20-bugs-affect-widely.html

Experts Analyze Conti and Hive Ransomware Gangs’ Chats With Their Victims

Experts Analyze Conti and Hive Ransomware Gangs’ Chats With Their Victims

,

An analysis of four months of chat logs spanning more than 40 conversations between the operators of Conti and Hive ransomware and their victims has offered an insight into the groups’ inner workings and their negotiation techniques.
In one exchange, the Conti Team is said to have significantly reduced the ransom demand from a staggering $50 million to $1 million, a 98% drop, suggesting a

,

An analysis of four months of chat logs spanning more than 40 conversations between the operators of Conti and Hive ransomware and their victims has offered an insight into the groups’ inner workings and their negotiation techniques.
In one exchange, the Conti Team is said to have significantly reduced the ransom demand from a staggering $50 million to $1 million, a 98% drop, suggesting a

, ,
https://thehackernews.com/2022/05/experts-analyze-conti-and-hive.html

AvosLocker Ransomware Variant Using New Trick to Disable Antivirus Protection

AvosLocker Ransomware Variant Using New Trick to Disable Antivirus Protection,

Cybersecurity researchers have disclosed a new variant of the AvosLocker ransomware that disables antivirus solutions to evade detection after breaching target networks by taking advantage of unpatched security flaws. 
« This is the first sample we observed from the U.S. with the capability to disable a defense solution using a legitimate Avast Anti-Rootkit Driver file (asWarPot.sys), » Trend

,

Cybersecurity researchers have disclosed a new variant of the AvosLocker ransomware that disables antivirus solutions to evade detection after breaching target networks by taking advantage of unpatched security flaws. 
« This is the first sample we observed from the U.S. with the capability to disable a defense solution using a legitimate Avast Anti-Rootkit Driver file (asWarPot.sys), » Trend

, ,
https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html

Chinese Hackers Caught Exploiting Popular Antivirus Products to Target Telecom Sector

Chinese Hackers Caught Exploiting Popular Antivirus Products to Target Telecom Sector,

A Chinese-aligned cyberespionage group has been observed striking the telecommunication sector in Central Asia with versions of malware such as ShadowPad and PlugX.
Cybersecurity firm SentinelOne tied the intrusions to an actor it tracks under the name « Moshen Dragon, » with tactical overlaps between the collective and another threat group referred to as Nomad Panda (aka RedFoxtrot).
« PlugX and

,

A Chinese-aligned cyberespionage group has been observed striking the telecommunication sector in Central Asia with versions of malware such as ShadowPad and PlugX.
Cybersecurity firm SentinelOne tied the intrusions to an actor it tracks under the name « Moshen Dragon, » with tactical overlaps between the collective and another threat group referred to as Nomad Panda (aka RedFoxtrot).
« PlugX and

, ,
https://thehackernews.com/2022/05/chinese-hackers-caught-exploiting.html

Unpatched DNS Related Vulnerability Affects a Wide Range of IoT Devices

Unpatched DNS Related Vulnerability Affects a Wide Range of IoT Devices,

Cybersecurity researchers have disclosed an unpatched security vulnerability that could pose a serious risk to IoT products.
The issue, which was originally reported in September 2021, affects the Domain Name System (DNS) implementation of two popular C libraries called uClibc and uClibc-ng that are used for developing embedded Linux systems.
<!–adsense–>
uClibc is known to be used by major

,

Cybersecurity researchers have disclosed an unpatched security vulnerability that could pose a serious risk to IoT products.
The issue, which was originally reported in September 2021, affects the Domain Name System (DNS) implementation of two popular C libraries called uClibc and uClibc-ng that are used for developing embedded Linux systems.
<!–adsense–>
uClibc is known to be used by major

, ,
https://thehackernews.com/2022/05/unpatched-dns-related-vulnerability.html

New Hacker Group Pursuing Corporate Employees Focused on Mergers and Acquisitions

New Hacker Group Pursuing Corporate Employees Focused on Mergers and Acquisitions,

A newly discovered suspected espionage threat actor has been targeting employees focusing on mergers and acquisitions as well as large corporate transactions to facilitate bulk email collection from victim environments.
Mandiant is tracking the activity cluster under the uncategorized moniker UNC3524, citing a lack of evidence linking it to an existing group. However, some of the intrusions are

,

A newly discovered suspected espionage threat actor has been targeting employees focusing on mergers and acquisitions as well as large corporate transactions to facilitate bulk email collection from victim environments.
Mandiant is tracking the activity cluster under the uncategorized moniker UNC3524, citing a lack of evidence linking it to an existing group. However, some of the intrusions are

, ,
https://thehackernews.com/2022/05/new-hacker-group-pursuing-corporate.html

GitHub Says Recent Attack Involving Stolen OAuth Tokens Was « Highly Targeted »

GitHub Says Recent Attack Involving Stolen OAuth Tokens Was « Highly Targeted »

,

Cloud-based code hosting platform GitHub described the recent attack campaign involving the abuse of OAuth access tokens issued to Heroku and Travis-CI as « highly targeted » in nature.
« This pattern of behavior suggests the attacker was only listing organizations in order to identify accounts to selectively target for listing and downloading private repositories, » GitHub’s Mike Hanley said in an

,

Cloud-based code hosting platform GitHub described the recent attack campaign involving the abuse of OAuth access tokens issued to Heroku and Travis-CI as « highly targeted » in nature.
« This pattern of behavior suggests the attacker was only listing organizations in order to identify accounts to selectively target for listing and downloading private repositories, » GitHub’s Mike Hanley said in an

, ,
https://thehackernews.com/2022/05/github-says-recent-attack-involving.html

Chinese « Override Panda » Hackers Resurface With New Espionage Attacks

Chinese « Override Panda » Hackers Resurface With New Espionage Attacks

,

A Chinese state-sponsored espionage group known as Override Panda has resurfaced in recent weeks with a new phishing attack with the goal of stealing sensitive information.
« The Chinese APT used a spear-phishing email to deliver a beacon of a Red Team framework known as ‘Viper,' » Cluster25 said in a report published last week.
« The target of this attack is currently unknown but with high

,

A Chinese state-sponsored espionage group known as Override Panda has resurfaced in recent weeks with a new phishing attack with the goal of stealing sensitive information.
« The Chinese APT used a spear-phishing email to deliver a beacon of a Red Team framework known as ‘Viper,' » Cluster25 said in a report published last week.
« The target of this attack is currently unknown but with high

, ,
https://thehackernews.com/2022/05/chinese-override-panda-hackers.html