From securityaffairs.com
FortiGuard Labs researchers observed an ongoing hacking campaign targeting Cacti (CVE-2022-46169) and Realtek (CVE-2021-35394) vulnerabilities to spread ShellBot and Moobot malware.
The ShellBot, also known as PerlBot, is a Perl-based DDoS bot that uses IRC protocol for C2 communications. The ShellBot performs SSH bruteforce attacks on servers that have port 22 open, it uses a dictionary containing a list of known SSH credentials.
From blog.qualys.com
Recent insights from IDC’s recent report, Worldwide Device Vulnerability Management Forecast, 2023–2027: Evolving Beyond Scanning (Feb. 2023), provide a sobering look at the future of what cybersecurity stacks may look like in a few years.
As the name suggests, this report took a deep dive into the Vulnerability Management (VM) space – but it did not stop there. Since VM is such a cornerstone of any modern enterprise cybersecurity stack, the insights, and data apply to nearly every other adjacent cybersecurity solution. From XDR, SIEM, UEBA, Patch Management, Asset Management, and – you guessed it – Cyber Asset Attack Surface Management (CAASM), VM plays a central role.
From blog.elcomsoft.com
Elcomsoft iOS Forensic Toolkit 8.20 for Mac and 7.80 for Windows now includes a new mechanism for low-level access, which enables the extraction of certain parts of the file system from the latest Apple devices. This partial extraction raises questions regarding what data can and cannot be extracted and how missing information can be accessed. Learn about the partial file system extraction, its benefits and limitations.
From malwarebytes.com
This morning I decided to write some ransomware.
I’ve never done it before, and I can’t code in C, the language ransomware is mostly commonly written in, but I have a reasonably good idea of what ransomware does. Previously, this lack of technical skills would have served as something of a barrier to my “criminal” ambitions. I’d have been left with little choice but to hang out on dodgy Internet forums or to sidle up to people wearing hoodies in the hope they’re prepared to trade their morals for money. Not anymore though.
From bleepingcomputer.com
Microsoft Defender is mistakenly flagging legitimate links as malicious, and some customers have already received dozens of alert emails since the issues began over five hours ago.
As the company confirmed earlier today on Twitter, its engineers are investigating this service incident as a false positive.
“We’re investigating an issue where legitimate URL links are being incorrectly marked as malicious by the Microsoft Defender service. Additionally, some of the alerts are not showing content as expected,” Microsoft said.
From kaspersky.co.uk
Outdated and completely unsupported versions of Exchange Servers pose an undeniable danger to corporate infrastructure and to mail flow. However, many administrators still believe in the proverb “if it ain’t broke — don’t fix it”, and prefer not to update Exchange unless absolutely necessary. And this appears to be why Microsoft decided to develop its transport-based enforcement System for Exchange Online.
The main purpose of this system is to notify administrators that they’re working with outdated and possibly unsafe software, and that, if they don’t subsequently update in a timely fashion, mail delivery from vulnerable servers will be gradually throttled and eventually blocked. It’s hoped that this system will serve as a convincing reason for administrators to finally upgrade or update Exchange Servers.
From news.sophos.com
Sophos X-Ops is tracking an attack against the 3CX Desktop application, possibly undertaken by a nation-state-related group.
The affected software is 3CX – a legitimate software-based PBX phone system available on Windows, Linux, Android, and iOS. The application has been abused by the threat actor to add an installer that communicates with various command-and-control (C2) servers.
A list of IOCs for this attack is published on our GitHub.