RTM Locker’s First Linux Ransomware Strain Targeting NAS and ESXi Hosts

RTM Locker’s First Linux Ransomware Strain Targeting NAS and ESXi Hosts

,

The threat actors behind RTM Locker have developed a ransomware strain that’s capable of targeting Linux machines, marking the group’s first foray into the open source operating system.
« Its locker ransomware infects Linux, NAS, and ESXi hosts and appears to be inspired by Babuk ransomware’s leaked source code, » Uptycs said in a new report published Wednesday. « It uses a combination of ECDH on

,

The threat actors behind RTM Locker have developed a ransomware strain that’s capable of targeting Linux machines, marking the group’s first foray into the open source operating system.
« Its locker ransomware infects Linux, NAS, and ESXi hosts and appears to be inspired by Babuk ransomware’s leaked source code, » Uptycs said in a new report published Wednesday. « It uses a combination of ECDH on

, ,
https://thehackernews.com/2023/04/rtm-lockers-first-linux-ransomware.html

Microsoft Confirms PaperCut Servers Used to Deliver LockBit and Cl0p Ransomware

Microsoft Confirms PaperCut Servers Used to Deliver LockBit and Cl0p Ransomware,

Microsoft has confirmed that the active exploitation of PaperCut servers is linked to attacks that are designed to deliver Cl0p and LockBit ransomware families.
The tech giant’s threat intelligence team is attributing a subset of the intrusions to a financially motivated actor it tracks under the name Lace Tempest (formerly DEV-0950), which overlaps with other hacking groups like FIN11, TA505,

,

Microsoft has confirmed that the active exploitation of PaperCut servers is linked to attacks that are designed to deliver Cl0p and LockBit ransomware families.
The tech giant’s threat intelligence team is attributing a subset of the intrusions to a financially motivated actor it tracks under the name Lace Tempest (formerly DEV-0950), which overlaps with other hacking groups like FIN11, TA505,

, ,
https://thehackernews.com/2023/04/microsoft-confirms-papercut-servers.html

Chinese Hackers Spotted Using Linux Variant of PingPull in Targeted Cyberattacks

Chinese Hackers Spotted Using Linux Variant of PingPull in Targeted Cyberattacks,

The Chinese nation-state group dubbed Alloy Taurus is using a Linux variant of a backdoor called PingPull as well as a new undocumented tool codenamed Sword2033.
That’s according to findings from Palo Alto Networks Unit 42, which discovered recent malicious cyber activity carried out by the group targeting South Africa and Nepal.
Alloy Taurus is the constellation-themed moniker assigned to a

,

The Chinese nation-state group dubbed Alloy Taurus is using a Linux variant of a backdoor called PingPull as well as a new undocumented tool codenamed Sword2033.
That’s according to findings from Palo Alto Networks Unit 42, which discovered recent malicious cyber activity carried out by the group targeting South Africa and Nepal.
Alloy Taurus is the constellation-themed moniker assigned to a

, ,
https://thehackernews.com/2023/04/chinese-hackers-using-pingpull-linux.html

Charming Kitten’s New BellaCiao Malware Discovered in Multi-Country Attacks

Charming Kitten’s New BellaCiao Malware Discovered in Multi-Country Attacks

,

The prolific Iranian nation-state group known as Charming Kitten is actively targeting multiple victims in the U.S., Europe, the Middle East and India with a novel malware dubbed BellaCiao, adding to its ever-expanding list of custom tools.
Discovered by Bitdefender Labs, BellaCiao is a « personalized dropper » that’s capable of delivering other malware payloads onto a victim machine based on

,

The prolific Iranian nation-state group known as Charming Kitten is actively targeting multiple victims in the U.S., Europe, the Middle East and India with a novel malware dubbed BellaCiao, adding to its ever-expanding list of custom tools.
Discovered by Bitdefender Labs, BellaCiao is a « personalized dropper » that’s capable of delivering other malware payloads onto a victim machine based on

, ,
https://thehackernews.com/2023/04/charming-kittens-new-bellaciao-malware.html

Chinese Hackers Using MgBot Malware to Target International NGOs in Mainland China

Chinese Hackers Using MgBot Malware to Target International NGOs in Mainland China,

The advanced persistent threat (APT) group referred to as Evasive Panda has been observed targeting an international non-governmental organization (NGO) in Mainland China with malware delivered via update channels of legitimate applications like Tencent QQ.
The attack chains are designed to distribute a Windows installer for MgBot malware, ESET security researcher Facundo Muñoz said in a new

,

The advanced persistent threat (APT) group referred to as Evasive Panda has been observed targeting an international non-governmental organization (NGO) in Mainland China with malware delivered via update channels of legitimate applications like Tencent QQ.
The attack chains are designed to distribute a Windows installer for MgBot malware, ESET security researcher Facundo Muñoz said in a new

, ,
https://thehackernews.com/2023/04/chinese-hackers-using-mgbot-malware-to.html

Browser Security Survey: 87% of SaaS Adopters Exposed to Browser-borne Attacks

Browser Security Survey: 87% of SaaS Adopters Exposed to Browser-borne Attacks,

The browser serves as the primary interface between the on-premises environment, the cloud, and the web in the modern enterprise. Therefore, the browser is also exposed to multiple types of cyber threats and operational risks. 
In light of this significant challenge, how are CISOs responding?
LayerX, Browser Security platform provider, has polled more than 150 CISOs across multiple verticals and

,

The browser serves as the primary interface between the on-premises environment, the cloud, and the web in the modern enterprise. Therefore, the browser is also exposed to multiple types of cyber threats and operational risks. 
In light of this significant challenge, how are CISOs responding?
LayerX, Browser Security platform provider, has polled more than 150 CISOs across multiple verticals and

, ,
https://thehackernews.com/2023/04/browser-security-survey-87-of-saas.html

Apache Superset Vulnerability: Insecure Default Configuration Exposes Servers to RCE Attacks

Apache Superset Vulnerability: Insecure Default Configuration Exposes Servers to RCE Attacks,

The maintainers of the Apache Superset open source data visualization software have released fixes to plug an insecure default configuration that could lead to remote code execution.
The vulnerability, tracked as CVE-2023-27524 (CVSS score: 8.9), impacts versions up to and including 2.0.1 and relates to the use of a default SECRET_KEY that could be abused by attackers to authenticate and access

,

The maintainers of the Apache Superset open source data visualization software have released fixes to plug an insecure default configuration that could lead to remote code execution.
The vulnerability, tracked as CVE-2023-27524 (CVSS score: 8.9), impacts versions up to and including 2.0.1 and relates to the use of a default SECRET_KEY that could be abused by attackers to authenticate and access

, ,
https://thehackernews.com/2023/04/apache-superset-vulnerability-insecure.html

VMware Releases Critical Patches for Workstation and Fusion Software

VMware Releases Critical Patches for Workstation and Fusion Software,

VMware has released updates to resolve multiple security flaws impacting its Workstation and Fusion software, the most critical of which could allow a local attacker to achieve code execution.
The vulnerability, tracked as CVE-2023-20869 (CVSS score: 9.3), is described as a stack-based buffer-overflow vulnerability that resides in the functionality for sharing host Bluetooth devices with the

,

VMware has released updates to resolve multiple security flaws impacting its Workstation and Fusion software, the most critical of which could allow a local attacker to achieve code execution.
The vulnerability, tracked as CVE-2023-20869 (CVSS score: 9.3), is described as a stack-based buffer-overflow vulnerability that resides in the functionality for sharing host Bluetooth devices with the

, ,
https://thehackernews.com/2023/04/vmware-releases-critical-patches-for.html

New SLP Vulnerability Could Let Attackers Launch 2200x Powerful DDoS Attacks

New SLP Vulnerability Could Let Attackers Launch 2200x Powerful DDoS Attacks,

Details have emerged about a high-severity security vulnerability impacting Service Location Protocol (SLP) that could be weaponized to launch volumetric denial-of-service attacks against targets.
« Attackers exploiting this vulnerability could leverage vulnerable instances to launch massive Denial-of-Service (DoS) amplification attacks with a factor as high as 2200 times, potentially making it

,

Details have emerged about a high-severity security vulnerability impacting Service Location Protocol (SLP) that could be weaponized to launch volumetric denial-of-service attacks against targets.
« Attackers exploiting this vulnerability could leverage vulnerable instances to launch massive Denial-of-Service (DoS) amplification attacks with a factor as high as 2200 times, potentially making it

, ,
https://thehackernews.com/2023/04/new-slp-vulnerability-could-let.html

Iranian Hackers Launch Sophisticated Attacks Targeting Israel with PowerLess Backdoor

Iranian Hackers Launch Sophisticated Attacks Targeting Israel with PowerLess Backdoor,

An Iranian nation-state threat actor has been linked to a new wave of phishing attacks targeting Israel that’s designed to deploy an updated version of a backdoor called PowerLess.
Cybersecurity firm Check Point is tracking the activity cluster under its mythical creature handle Educated Manticore, which exhibits « strong overlaps » with a hacking crew known as APT35, Charming Kitten, Cobalt

,

An Iranian nation-state threat actor has been linked to a new wave of phishing attacks targeting Israel that’s designed to deploy an updated version of a backdoor called PowerLess.
Cybersecurity firm Check Point is tracking the activity cluster under its mythical creature handle Educated Manticore, which exhibits « strong overlaps » with a hacking crew known as APT35, Charming Kitten, Cobalt

, ,
https://thehackernews.com/2023/04/iranian-hackers-launch-sophisticated.html