A spam campaign delivering spear-phishing emails aimed at South American organizations has retooled its techniques to include a wide range of commodity remote access trojans (RATs) and geolocation filtering to avoid detection, according to new research. Cybersecurity firm Trend Micro attributed the attacks to an advanced persistent threat (APT) tracked Continue Reading
attack
Malware Attack on Aviation Sector Uncovered After Going Unnoticed for 2 Years – Tempemail
A targeted phishing campaign aimed at the aviation industry for two years may be spearheaded by a threat actor operating out of Nigeria, highlighting how attackers can carry out small-scale cyber offensives for extended periods of time while staying under the radar. Cisco Talos dubbed the malware attacks “Operation Layover,” Continue Reading
Update Google Chrome to Patch 2 New Zero-Day Flaws Under Attack – Tempemail
Google on Monday released security updates for Chrome web browser to address a total of 11 security issues, two of which it says are actively exploited zero-days in the wild. Tracked as CVE-2021-30632 and CVE-2021-30633, the vulnerabilities concern an out of bounds write in V8 JavaScript engine and a use Continue Reading
New SpookJs Attack Bypasses Google Chrome’s Site Isolation Protection – Tempemail
A newly discovered side-channel attack demonstrated on modern processors can be weaponized to successfully overcome Site Isolation protections weaved into Google Chrome and Chromium browsers and leak sensitive data in a Spectre-style speculative execution attack. Dubbed “Spook.js” by academics from the University of Michigan, University of Adelaide, Georgia Institute of Continue Reading
Mēris Botnet Hit Russia’s Yandex With Massive 22 Million RPS DDoS Attack – Tempemail
Russian internet giant Yandex has been the target of a record-breaking distributed denial-of-service (DDoS) attack by a new botnet called Mēris. The botnet is believed to have pummeled the company’s web infrastructure with millions of HTTP requests, before hitting a peak of 21.8 million requests per second (RPS), dwarfing a Continue Reading
HAProxy Found Vulnerable to Critical HTTP Request Smuggling Attack – Tempemail
A critical security vulnerability has been disclosed in HAProxy, a widely used open-source load balancer and proxy server, that could be abused by an adversary to possibly smuggle HTTP requests, resulting in unauthorized access to sensitive data and execution of arbitrary commands, effectively opening the door to an array of Continue Reading
New 0-Day Attack Targeting Windows Users With Microsoft Office Documents – Tempemail
Microsoft on Tuesday warned of an actively exploited zero-day flaw impacting Internet Explorer that’s being used to hijack vulnerable Windows systems by leveraging weaponized Office documents. Tracked as CVE-2021-40444 (CVSS score: 8.8), the remote code execution flaw is rooted in MSHTML (aka Trident), a proprietary browser engine for the now-discontinued Continue Reading
Microsoft Says Chinese Hackers Were Behind SolarWinds Serv-U SSH 0-Day Attack – Tempemail
Microsoft has shared technical details about a now-fixed, actively exploited critical security vulnerability affecting SolarWinds Serv-U managed file transfer service that it has attributed with “high confidence” to a threat actor operating out of China. In mid-July, the Texas-based company remedied a remote code execution flaw (CVE-2021-35211) that was rooted Continue Reading
What is AS-REP Roasting attack, really? – Tempemail
Microsoft’s Active Directory is said to be used by 95% of Fortune 500. As a result, it is a prime target for attackers as they look to gain access to credentials in the organization, as compromised credentials provide one of the easiest ways for hackers to access your data. A Continue Reading
Microsoft Exchange Under Attack With ProxyShell Flaws; Over 1900 Servers Hacked! – Tempemail
The U.S. Cybersecurity and Infrastructure Security Agency is warning of active exploitation attempts that leverage the latest line of “ProxyShell” Microsoft Exchange vulnerabilities that were patched earlier this May, including deploying LockFile ransomware on compromised systems. Tracked as CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207, the vulnerabilities enable adversaries to bypass ACL controls, Continue Reading