ViperSoftX, a type of information-stealing software, has been primarily reported as focusing on cryptocurrencies, making headlines in 2022 for its execution technique of hiding malicious code inside log files.
The impacted product provides a data interface between remote field devices and the control center through a cellular network. According to CISA, the product is used worldwide in industries such as energy, transportation, and water and wastewater.
Across all industries, these vulnerabilities, composed of unprotected or compromised assets, data, and credentials, have proven to be an increasing challenge for organizations to detect and secure.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added three security flaws in MinIO, PaperCut, and Google Chrome, respectively, to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
“The attackers also deployed DaemonSets to take over and hijack resources of the K8s clusters they attack,” cloud security firm Aqua said in a report shared with The Hacker News.
While the Cyware team is thrilled with this significant opportunity, it also represents another step forward in its mission to enable Collective Defense across a wide range of communities.
An employee at the Consumer Financial Protection Bureau sent confidential data about hundreds of thousands of consumer accounts to their personal email, the agency told CNN on Thursday.
In most cases, the campaign goals include intelligence collection, operational disruptions, and leaking sensitive data through Telegram channels dedicated to causing information damage to Ukraine.
Infoblox discovered activity from the remote access trojan (RAT) Pupy active in multiple enterprise networks in early April 2023. This C2 communication went undiscovered since April 2022.
The attack against 3CX first came to light on March 29, 2023, when it emerged that Windows and macOS versions of its communication software were trojanized to deliver a C/C++-based data miner named ICONIC Stealer by means of a downloader, SUDDENICON.