“Burton recently experienced a cyber incident, which is impacting some of our operations. We are working closely with third-party specialists to investigate the incident and determine the full nature and scope,” Burton said.
Just as LockBit 3.0 replaced Conti in 2022, newcomers such as BlackBasta, BianLian, and new-kid-on-the-block Royal are now all seriously vying for LockBit’s crown in 2023.
There’s a new malware threat to Microsoft Internet Information Services (IIS) servers dubbed Frebniss. Discovered by Symantec’s Threat Hunter Team, the malware abuse ‘Failed Request Event Buffering’ (FREB) feature of IIS that is responsible for collecting request metadata such as IP addresses, HTTP headers, and cookies. By abusing the FREB component, it becomes relatively easier […]
Researchers at Unit42 laid bare a Mirai botnet variant dubbed V3G4 that compromised hosts by abusing several vulnerabilities in products from DrayTek, Geutebruck, FreePBX, Atlassian, and others. The botnet infected exposed servers and networking devices running on Linux OS. Successful exploitation of the bugs could let hackers take full control of the hosts and make […]
Out of a total of seven security defects, five are described as deserialization of untrusted data issues that could be exploited to achieve command execution. Four of them have a CVSS score of 8.8.
About 50 WordPress blogs have been backdoored with a plugin called fuser-master. This plugin is being triggered via popunder traffic from a large ad network. The WordPress sites are loaded on a separate page underneath and display a number of ads.
CatB is a reasonably new entrant to the ransomware field, with samples only dating back to December 2022. The CatB threat actor does not offer a web portal (on TOR or otherwise) to name and shame victims.
Fortinet has released security updates for its FortiNAC and FortiWeb products, addressing two critical-severity vulnerabilities that may allow unauthenticated attackers to perform arbitrary code or command execution.
A majority of the victims are located in Taiwan, China, and Hong Kong, followed by Malaysia, Japan, the Philippines, Thailand, Singapore, Indonesia, and Myanmar. The attackers’ end goals are unclear as yet.
A number of experiments suggest ChatGPT could be useful to help defenders triage potential security incidents and find security vulnerabilities in code, even though it was not specifically trained for such activities, according to recent studies.