State-Backed Hackers Exploit Microsoft ‘Follina’ Bug to Target Entities in Europe and U.S

State-Backed Hackers Exploit Microsoft ‘Follina’ Bug to Target Entities in Europe and U.S

,

A suspected state-aligned threat actor has been attributed to a new set of attacks exploiting the Microsoft Office « Follina » vulnerability to target government entities in Europe and the U.S.
Enterprise security firm Proofpoint said it blocked attempts at exploiting the remote code execution flaw, which is being tracked CVE-2022-30190 (CVSS score: 7.8). No less than 1,000 phishing messages

,

A suspected state-aligned threat actor has been attributed to a new set of attacks exploiting the Microsoft Office « Follina » vulnerability to target government entities in Europe and the U.S.
Enterprise security firm Proofpoint said it blocked attempts at exploiting the remote code execution flaw, which is being tracked CVE-2022-30190 (CVSS score: 7.8). No less than 1,000 phishing messages

, ,
https://thehackernews.com/2022/06/state-backed-hackers-exploit-microsoft.html

Atlassian Releases Patch for Confluence Zero-Day Flaw Exploited in the Wild

Atlassian Releases Patch for Confluence Zero-Day Flaw Exploited in the Wild,

Atlassian on Friday rolled out fixes to address a critical security flaw affecting its Confluence Server and Data Center products that have come under active exploitation by threat actors to achieve remote code execution.
Tracked as CVE-2022-26134, the issue is similar to CVE-2021-26084 — another security flaw the Australian software company patched in August 2021.
Both relate to a case of

,

Atlassian on Friday rolled out fixes to address a critical security flaw affecting its Confluence Server and Data Center products that have come under active exploitation by threat actors to achieve remote code execution.
Tracked as CVE-2022-26134, the issue is similar to CVE-2021-26084 — another security flaw the Australian software company patched in August 2021.
Both relate to a case of

, ,
https://thehackernews.com/2022/06/atlassian-releases-patch-for-confluence.html

GitLab Issues Security Patch for Critical Account Takeover Vulnerability

GitLab Issues Security Patch for Critical Account Takeover Vulnerability,

GitLab has moved to address a critical security flaw in its service that, if successfully exploited, could result in an account takeover.
Tracked as CVE-2022-1680, the issue has a CVSS severity score of 9.9 and was discovered internally by the company. The security flaw affects all versions of GitLab Enterprise Edition (EE) starting from 11.10 before 14.9.5, all versions starting from 14.10

,

GitLab has moved to address a critical security flaw in its service that, if successfully exploited, could result in an account takeover.
Tracked as CVE-2022-1680, the issue has a CVSS severity score of 9.9 and was discovered internally by the company. The security flaw affects all versions of GitLab Enterprise Edition (EE) starting from 11.10 before 14.9.5, all versions starting from 14.10

, ,
https://thehackernews.com/2022/06/gitlab-issues-security-patch-for.html

Chinese LuoYu Hackers Using Man-on-the-Side Attacks to Deploy WinDealer Backdoor

Chinese LuoYu Hackers Using Man-on-the-Side Attacks to Deploy WinDealer Backdoor,

An « extremely sophisticated » Chinese-speaking advanced persistent threat (APT) actor dubbed LuoYu has been observed using a malicious Windows tool called WinDealer that’s delivered by means of man-on-the-side attacks.
« This groundbreaking development allows the actor to modify network traffic in-transit to insert malicious payloads, » Russian cybersecurity company Kaspersky said in a new report.

,

An « extremely sophisticated » Chinese-speaking advanced persistent threat (APT) actor dubbed LuoYu has been observed using a malicious Windows tool called WinDealer that’s delivered by means of man-on-the-side attacks.
« This groundbreaking development allows the actor to modify network traffic in-transit to insert malicious payloads, » Russian cybersecurity company Kaspersky said in a new report.

, ,
https://thehackernews.com/2022/06/chinese-luoyu-hackers-using-man-on-side.html

Pourquoi des pirates russes sèment le chaos au Costa Rica

Pourquoi des pirates russes sèment le chaos au Costa Rica,

,

pirates russes chaos costa rica

Conti, un groupe de pirates russes proches de Moscou, déploie une vague de cyberattaques contre le Costa Rica. Les services publics du pays sont actuellement paralysés.

The post Pourquoi des pirates russes sèment le chaos au Costa Rica appeared first on 01net.com.

, ,
https://www.01net.com/actualites/pirates-russes-provoquent-chaos-costa-rica.html

Researchers Uncover Malware Controlling Thousands of Sites in Parrot TDS Network

Researchers Uncover Malware Controlling Thousands of Sites in Parrot TDS Network,

The Parrot traffic direction system (TDS) that came to light earlier this year has had a larger impact than previously thought, according to new research.
Sucuri, which has been tracking the same campaign since February 2019 under the name « NDSW/NDSX, » said that « the malware was one of the top infections » detected in 2021, accounting for more than 61,000 websites.
Parrot TDS was documented in

,

The Parrot traffic direction system (TDS) that came to light earlier this year has had a larger impact than previously thought, according to new research.
Sucuri, which has been tracking the same campaign since February 2019 under the name « NDSW/NDSX, » said that « the malware was one of the top infections » detected in 2021, accounting for more than 61,000 websites.
Parrot TDS was documented in

, ,
https://thehackernews.com/2022/06/researchers-uncover-malware-controlling.html

Microsoft Blocks Iran-linked Lebanese Hackers Targeting Israeli Companies

Microsoft Blocks Iran-linked Lebanese Hackers Targeting Israeli Companies,

Microsoft on Thursday said it took steps to disable malicious activity stemming from abuse of OneDrive by a previously undocumented threat actor it tracks under the chemical element-themed moniker Polonium.
In addition to removing the offending accounts created by the Lebanon-based activity group, the tech giant’s Threat Intelligence Center (MSTIC) said it suspended over 20 malicious OneDrive

,

Microsoft on Thursday said it took steps to disable malicious activity stemming from abuse of OneDrive by a previously undocumented threat actor it tracks under the chemical element-themed moniker Polonium.
In addition to removing the offending accounts created by the Lebanon-based activity group, the tech giant’s Threat Intelligence Center (MSTIC) said it suspended over 20 malicious OneDrive

, ,
https://thehackernews.com/2022/06/microsoft-blocks-iran-linked-lebanese.html

Hackers Exploiting Unpatched Critical Atlassian Confluence Zero-Day Vulnerability

Hackers Exploiting Unpatched Critical Atlassian Confluence Zero-Day Vulnerability,

Atlassian has warned of a critical unpatched remote code execution vulnerability impacting Confluence Server and Data Center products that it said is being actively exploited in the wild.
The Australian software company credited cybersecurity firm Volexity for identifying the flaw, which is being tracked as CVE-2022-26134.
« Atlassian has been made aware of current active exploitation of a

,

Atlassian has warned of a critical unpatched remote code execution vulnerability impacting Confluence Server and Data Center products that it said is being actively exploited in the wild.
The Australian software company credited cybersecurity firm Volexity for identifying the flaw, which is being tracked as CVE-2022-26134.
« Atlassian has been made aware of current active exploitation of a

, ,
https://thehackernews.com/2022/06/hackers-exploiting-unpatched-critical.html

Threat Detection Software: A Deep Dive

Threat Detection Software: A Deep Dive,

As the threat landscape evolves and multiplies with more advanced attacks than ever, defending against these modern cyber threats is a monumental challenge for almost any organization. 
Threat detection is about an organization’s ability to accurately identify threats, be it to the network, an endpoint, another asset or an application – including cloud infrastructure and assets. At scale, threat

,

As the threat landscape evolves and multiplies with more advanced attacks than ever, defending against these modern cyber threats is a monumental challenge for almost any organization. 
Threat detection is about an organization’s ability to accurately identify threats, be it to the network, an endpoint, another asset or an application – including cloud infrastructure and assets. At scale, threat

, ,
https://thehackernews.com/2022/06/threat-detection-software-deep-dive.html

Conti Leaks Reveal Ransomware Gang’s Interest in Firmware-based Attacks

Conti Leaks Reveal Ransomware Gang’s Interest in Firmware-based Attacks

,

An analysis of leaked chats from the notorious Conti ransomware group earlier this year has revealed that the syndicate has been working on a set of firmware attack techniques that could offer a path to accessing privileged code on compromised devices.
« Control over firmware gives attackers virtually unmatched powers both to directly cause damage and to enable other long-term strategic goals, »

,

An analysis of leaked chats from the notorious Conti ransomware group earlier this year has revealed that the syndicate has been working on a set of firmware attack techniques that could offer a path to accessing privileged code on compromised devices.
« Control over firmware gives attackers virtually unmatched powers both to directly cause damage and to enable other long-term strategic goals, »

, ,
https://thehackernews.com/2022/06/conti-leaks-reveal-ransomware-gangs.html