Mallox Ransomware Exploits Weak MS-SQL Servers to Breach Networks
Mallox ransomware activities in 2023 have witnessed a 174% increase when compared to the previous year, new findings from Palo Alto Networks Unit 42 reveal.
“Mallox ransomware, like many other ransomware threat actors, follows the double extortion tren…
Critical Flaws in AMI MegaRAC BMC Software Expose Servers to Remote Attacks
Two more security flaws have been disclosed in AMI MegaRAC Baseboard Management Controller (BMC) software that, if successfully exploited, could allow threat actors to remotely commandeer vulnerable servers and deploy malware.
“These new vulnerabilitie…
Apache OpenMeetings Web Conferencing Tool Exposed to Critical Vulnerabilities
Multiple security flaws have been disclosed in Apache OpenMeetings, a web conferencing solution, that could be potentially exploited by malicious actors to seize control of admin accounts and run malicious code on susceptible servers.
“Attackers can br…
North Korean State-Sponsored Hackers Suspected in JumpCloud Supply Chain Attack
An analysis of the indicators of compromise (IoCs) associated with the JumpCloud hack has uncovered evidence pointing to the involvement of North Korean state-sponsored groups, in a style that’s reminiscent of the supply chain attack targeting 3CX.
The…
A Few More Reasons Why RDP is Insecure (Surprise!)
If it seems like Remote Desktop Protocol (RDP) has been around forever, it’s because it has (at least compared to the many technologies that rise and fall within just a few years.) The initial version, known as “Remote Desktop Protocol 4.0,” was releas…
CryptoKey with IndexedDB to secure stateless authentication
Stateless authentication using e.g. JWT can be dangerous as they are non-revocable and can leak giving full access. But they are really flexible.
I’m considering a scenario where the issued JWT is bound to some asymmetric key pair. It coul…
Turla’s New DeliveryCheck Backdoor Breaches Ukrainian Defense Sector
The defense sector in Ukraine and Eastern Europe has been targeted by a novel .NET-based backdoor called DeliveryCheck (aka CAPIBAR or GAMEDAY) that’s capable of delivering next-stage payloads.
The Microsoft threat intelligence team, in collaboration w…
New P2PInfect Worm Targeting Redis Servers on Linux and Windows Systems
Cybersecurity researchers have uncovered a new cloud targeting, peer-to-peer (P2P) worm called P2PInfect that targets vulnerable Redis instances for follow-on exploitation.
“P2PInfect exploits Redis servers running on both Linux and Windows Operating S…