Critical Sophos Firewall RCE Vulnerability Under Active Exploitation

Critical Sophos Firewall RCE Vulnerability Under Active Exploitation,

Cybersecurity firm Sophos on Monday warned that a recently patched critical security vulnerability in its firewall product is being actively exploited in real-world attacks.
The flaw, tracked as CVE-2022-1040, is rated 9.8 out of 10 on the CVSS scoring system and impacts Sophos Firewall versions 18.5 MR3 (18.5.3) and older. It relates to an authentication bypass vulnerability in the User Portal

,

Cybersecurity firm Sophos on Monday warned that a recently patched critical security vulnerability in its firewall product is being actively exploited in real-world attacks.
The flaw, tracked as CVE-2022-1040, is rated 9.8 out of 10 on the CVSS scoring system and impacts Sophos Firewall versions 18.5 MR3 (18.5.3) and older. It relates to an authentication bypass vulnerability in the User Portal

, ,
https://thehackernews.com/2022/03/critical-sophos-firewall-rce.html

New Malware Loader ‘Verblecon’ Infects Hacked PCs with Cryptocurrency Miners

New Malware Loader ‘Verblecon’ Infects Hacked PCs with Cryptocurrency Miners

,

An unidentified threat actor has been observed employing a « complex and powerful » malware loader with the ultimate objective of deploying cryptocurrency miners on compromised systems and potentially facilitating the theft of Discord tokens.
« The evidence found on victim networks appears to indicate that the goal of the attacker was to install cryptocurrency mining software on victim machines, »

,

An unidentified threat actor has been observed employing a « complex and powerful » malware loader with the ultimate objective of deploying cryptocurrency miners on compromised systems and potentially facilitating the theft of Discord tokens.
« The evidence found on victim networks appears to indicate that the goal of the attacker was to install cryptocurrency mining software on victim machines, »

, ,
https://thehackernews.com/2022/03/new-malware-loader-verblecon-infects.html

Experts Detail Virtual Machine Used by Wslink Malware Loader for Obfuscation

Experts Detail Virtual Machine Used by Wslink Malware Loader for Obfuscation,

Cybersecurity researchers have shed more light on a malicious loader that runs as a server and executes received modules in memory, laying bare the structure of an « advanced multi-layered virtual machine » used by the malware to fly under the radar.
Wslink, as the malicious loader is called, was first documented by Slovak cybersecurity company ESET in October 2021, with very few telemetry hits

,

Cybersecurity researchers have shed more light on a malicious loader that runs as a server and executes received modules in memory, laying bare the structure of an « advanced multi-layered virtual machine » used by the malware to fly under the radar.
Wslink, as the malicious loader is called, was first documented by Slovak cybersecurity company ESET in October 2021, with very few telemetry hits

, ,
https://thehackernews.com/2022/03/experts-detail-virtual-machine-used-by.html

A Large-Scale Supply Chain Attack Distributed Over 800 Malicious NPM Packages

A Large-Scale Supply Chain Attack Distributed Over 800 Malicious NPM Packages,

A threat actor dubbed « RED-LILI » has been linked to an ongoing large-scale supply chain attack campaign targeting the NPM package repository by publishing nearly 800 malicious modules.
« Customarily, attackers use an anonymous disposable NPM account from which they launch their attacks, » Israeli security company Checkmarx said. « As it seems this time, the attacker has fully-automated the process

,

A threat actor dubbed « RED-LILI » has been linked to an ongoing large-scale supply chain attack campaign targeting the NPM package repository by publishing nearly 800 malicious modules.
« Customarily, attackers use an anonymous disposable NPM account from which they launch their attacks, » Israeli security company Checkmarx said. « As it seems this time, the attacker has fully-automated the process

, ,
https://thehackernews.com/2022/03/a-threat-actor-dubbed-red-lili-has-been.html

Hackers Hijack Email Reply Chains on Unpatched Exchange Servers to Spread Malware

Hackers Hijack Email Reply Chains on Unpatched Exchange Servers to Spread Malware,

A new email phishing campaign has been spotted leveraging the tactic of conversation hijacking to deliver the IcedID info-stealing malware onto infected machines by making use of unpatched and publicly-exposed Microsoft Exchange servers.
« The emails use a social engineering technique of conversation hijacking (also known as thread hijacking), » Israeli company Intezer said in a report shared with

,

A new email phishing campaign has been spotted leveraging the tactic of conversation hijacking to deliver the IcedID info-stealing malware onto infected machines by making use of unpatched and publicly-exposed Microsoft Exchange servers.
« The emails use a social engineering technique of conversation hijacking (also known as thread hijacking), » Israeli company Intezer said in a report shared with

, ,
https://thehackernews.com/2022/03/hackers-hijack-email-reply-chains-on.html

Of Cybercriminals and IP Addresses

Of Cybercriminals and IP Addresses,

You don’t like having the FBI knocking on your door at 6 am in the morning. Surprisingly, nor does your usual cybercriminal. That is why they hide (at least the good ones), for example, behind layers of proxies, VPNs, or TOR nodes.
Their IP address will never be exposed directly to the target’s machine. Cybercriminals will always use third-party IP addresses to deliver their attacks.
There are

,

You don’t like having the FBI knocking on your door at 6 am in the morning. Surprisingly, nor does your usual cybercriminal. That is why they hide (at least the good ones), for example, behind layers of proxies, VPNs, or TOR nodes.
Their IP address will never be exposed directly to the target’s machine. Cybercriminals will always use third-party IP addresses to deliver their attacks.
There are

, ,
https://thehackernews.com/2022/03/of-cybercriminals-and-ip-addresses.html

Google corrige en urgence une faille zero-day dans Chrome

Google corrige en urgence une faille zero-day dans Chrome,

Un bug dans le moteur JavaScript est exploité de manière active par des hackers. Il est recommandé de mettre immédiatement à jour le navigateur.

,

Un bug dans le moteur JavaScript est exploité de manière active par des hackers. Il est recommandé de mettre immédiatement à jour le navigateur.

, ,
https://www.01net.com/actualites/google-corrige-en-urgence-une-faille-zero-day-dans-chrome-2055675.html

‘Purple Fox’ Hackers Spotted Using New Variant of FatalRAT in Recent Malware Attacks

‘Purple Fox’ Hackers Spotted Using New Variant of FatalRAT in Recent Malware Attacks

,

The operators of the Purple Fox malware have retooled their malware arsenal with a new variant of a remote access trojan called FatalRAT, while also simultaneously upgrading their evasion mechanisms to bypass security software.
« Users’ machines are targeted via trojanized software packages masquerading as legitimate application installers, » Trend Micro researchers said in a report published on

,

The operators of the Purple Fox malware have retooled their malware arsenal with a new variant of a remote access trojan called FatalRAT, while also simultaneously upgrading their evasion mechanisms to bypass security software.
« Users’ machines are targeted via trojanized software packages masquerading as legitimate application installers, » Trend Micro researchers said in a report published on

, ,
https://thehackernews.com/2022/03/purple-fox-hackers-spotted-using-new.html

Muhstik Botnet Targeting Redis Servers Using Recently Disclosed Vulnerability

Muhstik Botnet Targeting Redis Servers Using Recently Disclosed Vulnerability,

Muhstik, a botnet infamous for propagating via web application exploits, has been observed targeting Redis servers using a recently disclosed vulnerability in the database system.
The vulnerability relates to CVE-2022-0543, a Lua sandbox escape flaw in the open-source, in-memory, key-value data store that could be abused to achieve remote code execution on the underlying machine. The

,

Muhstik, a botnet infamous for propagating via web application exploits, has been observed targeting Redis servers using a recently disclosed vulnerability in the database system.
The vulnerability relates to CVE-2022-0543, a Lua sandbox escape flaw in the open-source, in-memory, key-value data store that could be abused to achieve remote code execution on the underlying machine. The

, ,
https://thehackernews.com/2022/03/muhstik-botnet-targeting-redis-servers.html

Lapsus$ : sept membres présumés arrêtés en Grande-Bretagne

Lapsus$ : sept membres présumés arrêtés en Grande-Bretagne,

Les personnes arrêtées ont été remises en liberté, mais restent sous contrôle judiciaire. Sur Telegram, les utilisateurs sonnent déjà le glas de ce groupe qui a réussi à pirater plusieurs géants high tech.

,

Les personnes arrêtées ont été remises en liberté, mais restent sous contrôle judiciaire. Sur Telegram, les utilisateurs sonnent déjà le glas de ce groupe qui a réussi à pirater plusieurs géants high tech.

, ,
https://www.01net.com/actualites/lapsusdollar-sept-membres-presumes-arretes-en-grande-bretagne-2055654.html