Malicious actors have pounced on a pair of critical vulnerabilities found in SaltStack’s open-source, event-based IT automation and configuration management tool Salt. In a series of quick strikes over the weekend, one or more attackers exploited the flaws — disclosed and patched just days earlier — to compromise the “Salt master” servers of several prominent users,…
A recently discovered malvertising campaign is hosting the Fallout exploit kit on attacker-controlled websites featuring domain names that falsely imply they provide useful information about the novel coronavirus. The ultimate goal is to infect victims with KPOT v2.0, an information and password stealer, according to a new blog post from the Avast Threat Intelligence team,…
Software vulnerability brokers are reportedly in possession of two zero-day Zoom video conferencing app exploits – one affecting Windows clients and the other impacting OS X clients – and they are looking to sell. The Zoom for Windows vulnerability is a remote code execution bug that the hackers are offering for a hefty sum of…
Iranian APT actors have engaged in a long-running cyber espionage and data theft campaign that has victimized dozens of companies around the world, typically compromising them via virtual private network and Remote Desktop Protocol services, according to a new research report. Vulnerable VPNs have been such a favorite attack vector of choice among these actors…
Citrix over the last six days has been releasing firmware updates to fix CVE-2019-19781, a critical remote code execution vulnerability in its Citrix Application Delivery Controller, Citrix Gateway and SD-WAN WANOP products, which cybercriminals have actively exploited in an attempt to deliver ransomware, backdoors and coin miners. The Fort Lauderdale, Fla.-based software company has now…
Beleaguered foreign currency exchange company Travelex confirmed on Friday that the first of its U.K.-based customer-facing systems were back up and running after the New Year’s Eve discovery of Sodinokibi ransomware on its network prompted a shutdown of key systems. Meanwhile, a worrisome report revealed that dozens of major U.S. organizations and businesses have also failed…
The FBI this month reportedly issued an alert to its private industry partners, warning that a probable nation-state hacking group had recently compromised the networks of two U.S. municipalities via unpatched, vulnerable Microsoft SharePoint servers. According to the report, from ZDNet, the flaw the hackers reportedly abused was CVE-2019-0604, a remote code execution bug caused by…
Attackers have been actively exploiting an Android vulnerability that allows malicious apps to display dangerous permission requests and phishing overlays under the guise of a legitimate app. Dubbed StrandHogg (an old Norse Viking term), the flaw resides in Android’s taskAffinity control setting, and can be successfully abused without having to first gain root access, according…
The new Capesand exploit kit, possibly derived from an older EK, has been found being used to take advantage of Internet Explorer and Adobe Flash vulnerabilities. Trend Micro’s Elliot Cao, Joseph C. Chen and William Gamazo Sanchez came across Capesand while tracking a campaign that was using the Rig EK to DarkRAT and njRAT malware.…
Almost nearly six months of warnings that Microsoft Windows users must patch the critical Remote Desktop Protocol vulnerability known as BlueKeep, researchers finally have detected the first known attempt at a large-scale attack aimed at exploiting his remote code execution flaw. Since last May, security experts have expressed concern that a BlueKeep exploit attack could…
