-
CISA Warns of Active Exploitation of ZK Java Framework RCE Vulnerability
A dangerous flaw allows a hacker to steal sensitive data and take control of systems on a server.The US Cybersecurity and Infrastructure Protection Agency (CISA) added the CVE-2022-36537 vulnerability to its Catalog of Known Exploited Vulnerabilities after hackers began to actively use this flaw for remote code execution (RCE) in attacks.CVE-2022-36537 (CVSS v3.1:7.5) affects ZK Framework AuUploader servlets versions 9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2, 8.6.4.1 and allows attackers to gain access to sensitive information by sending a specially crafted POST request to the AuUploader component.The defect was discovered last year by Markus Wulftanj and fixed by...
-
Meet the first UEFI bootkit that bypasses Secure Boot in Windows 11
For the bootkit to work, attackers use an old vulnerability, which, nevertheless, is still relevant on many computers.A hidden bootkit called BlackLotus was the first widely known malware to be able to bypass Secure Boot protection in UEFI, making it a serious threat in cyberspace."This bootkit can run even on fully updated Windows 11 systems with UEFI Secure Boot enabled," ESET said in a report.UEFI bootkits are deployed in the motherboard firmware and provide full control over the operating system boot process, allowing you to disable OS-level security mechanisms and deploy arbitrary payloads with high...
-
An unknown hacker stole the data of Coinbase employees
Cryptocurrency platform Coinbase reported that an unknown attacker stole the credentials of one of the employees in an attempt to gain remote access to the company's systems.The cybercriminal obtained the contact information of several Coinbase employees (names, phone numbers, email addresses), but the funds and customer data were not affected.Coinbase said cybersecurity controls prevented a hacker from gaining direct access to the system and prevented any loss of funds or compromise of customer information. Only a limited amount of data from the Coinbase corporate directory has been exposed.Coinbase shared the results of its investigation to...
-
Hackers use new Frebniis malware to hack into Microsoft IIS servers
Hackers inject new malware called "Frebniss" into Microsoft Internet Information Services (IIS). The program secretly executes commands sent via web requests.Frebniis was discovered by the Symantec Threat Hunter Team, who reported that unknown attackers are currently using the malware against a number of Taiwanese targets.In the attacks seen by Symantec, the hackers used an IIS feature called Failed Request Event Buffering (FREB) that collects request metadata (IP address, HTTP headers, cookies). Its purpose is to help server administrators troubleshoot unexpected HTTP status codes or request processing issues.The malware injects malicious code into a specific function...
-
Enterprising hackers from Blind Eagle attacked South American institutions in a rather interesting way
The phishing attack scheme is striking in its simplicity and genius.The BlackBerry Research Group reported on Feb. 27 that a hacker group known as Blind Eagle or APT-C-36 recently managed to impersonate the state tax agency of Colombia and Ecuador in order to steal information from government, financial and many other institutions in these countries.Blind Eagle was previously covered by CheckPoint, who said the group had developed a "more advanced set of tools" for spreading phishing emails. The malicious links in these emails eventually led victims to install a remote access trojan (RAT), which gave...
-
An unknown attacker published data of Activision employees on a cybercrime forum
Almost 20 thousand unique records are now in the public domain.Yesterday, a user on the Breached hacker forum reported that he had at his disposal a database of employees allegedly stolen from the American game publisher Activision in December 2022. The attacker emphasized the value of this data for phishing attacks.The leak consists of 19,444 unique records containing the full names, phone numbers, titles, locations, and email addresses of alleged Activision employees. It is rather strange that the forum user did not sell this data. The dump in the form of a text file was...
-
Does ecstasy cure cancer?
Ecstasy (MDMA) is a semi-synthetic drug derived from amphetamine. It simultaneously has several pronounced effects on the human central nervous system: stimulating and hallucinogenic.It is these properties of ecstasy that make it one of the most popular drugs among young people, but recently it turned out that MDMA is actually capable of destroying cancer cells in the body - this is the conclusion of scientists at the University of Birmingham.This experiment began back in 2006, and during this time it was found out that the “club drug” has the right to claim the title of...
-
A number of Microsoft Exchange vulnerabilities were used in a new malicious campaign ProxyShellMiner
The new malware, dubbed "ProxyShellMiner", exploits Microsoft Exchange ProxyShell vulnerabilities to deploy cryptocurrency miners and profit from attackers.ProxyShell is the common name for three Microsoft Exchange vulnerabilities discovered and fixed back in 2021. Together, the vulnerabilities allow remote code to execute without authentication, giving attackers full control over a specific Exchange server, as well as the ability to connect to other servers in the organization.In the attacks seen by Morphisec, attackers use the ProxyShell vulnerabilities tracked as CVE-2021-34473 and CVE-2021-34523 and CVE-2021-31207 to gain initial access to an organization's network.The attackers then drop the .NET...
-
Nearly 50% of cybersecurity leaders will change jobs by 2025
The Gartner report showed what factors will affect the decline in the number of qualified employees.According to a new report from Gartner, by 2025, nearly 50% of cybersecurity executives will change jobs, with 25% moving to other roles solely because of multiple job-related stressors.“Cybersecurity professionals face an unacceptable level of stress,” said Deepti Gopal, chief analyst at Gartner. “CEOs in information security are constantly on the defensive with the only possible outcome – either their company gets hacked or it doesn’t. The psychological impact of this directly affects the quality of decisions and the effectiveness...
-
ChromeLoader adware is delivered to target systems via fake installers of hacked games
Fans of pirated gaming are punished by hackers by forced viewing of ads in the browser.Security researchers at Ahnlab Security (ASEC) recently discovered that operators of the ChromeLoader malware ad campaign are now using ".vhd" files named after popular games to distribute. Previously, such campaigns were based on the distribution of similar ".iso" images.Malicious files were discovered by one of the ASEC specialists through the results of a Google search for free downloads of popular games.Google search results with links to sites with malwareAmong the games used to distribute the above software are: Elden Ring,...
