Cyble uncovered a new C/C++ console-based ransomware operation by a group dubbed Lilith. It has leaked the proof of first victim on its leak site. Before the encryption process starts, Lilith creates and drops ransom notes on all the folders one by one. The note gives three days to contact attackers or else the data […]
Zscaler exposed new detection evasion attempts by Qakbot malware actors. It is now using ZIP file extensions, catchy file names with common formats, and Excel 4.0 macros to fool victims into downloading attachments containing the malware. To stay protected from such threats, organizations are recommended to train their employees on how to manage attachments and avoid […]
The US Department of Homeland Security (DHS) released the Cyber Safety Review Board’s (CSRB) first report on the December 2021 Log4j event, where a number of vulnerabilities were reported with this Java-based logging framework.
According to Cloudflare content distribution network, a botnet named Mantis is so powerful that it has launched the biggest ever DDoS attacks. The botnet has thus far targeted around 1,000 Cloudflare customers within the past few weeks.
According to the researchers at Dragos, a threat actor is infecting industrial control systems (ICS) to create a botnet through password “cracking” software for programmable logic controllers (PLCs).
A group of academics from the New Jersey Institute of Technology (NJIT) has warned of a novel technique that could be used to defeat anonymity protections and identify a unique website visitor.
Researchers at Unit 42 observed an operation that targets the Elastix system used in Digium phones. The attacker implants a web shell to exfiltrate data by downloading and executing additional payloads inside the target’s Digium phone software.
VMware has confirmed that all four vulnerabilities impact its ESXi hypervisor, and that patches are available for ESXi versions 7.0, 6.7, and 6.5, as well as for Cloud Foundation versions 4.x and 3.x.
Researchers at Defiant, the maker of the Wordfence security solution for WordPress, observed an average of almost half a million attack attempts per day against customer sites they protect.
According to a letter sent to customers, data stored by a subcontractor of Colorado Springs Utilities was “accessed by an unauthorized party” on June 15. The utility was notified of the incident on July 6, the letter states.