Security
Headlines
HeadlinesLatestCVEs

Tag

#botnet

Threat Round up for December 2 to December 9

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Dec. 2 and Dec. 9. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key

TALOS
Open in Source
#sql#vulnerability#web#mac#windows#google#microsoft#amazon#js#intel#pdf#botnet#firefox
New Truebot Malware Variant Leveraging Netwrix Auditor Bug and Raspberry Robin Worm

Cybersecurity researchers have reported an increase in TrueBot infections, primarily targeting Mexico, Brazil, Pakistan, and the U.S. Cisco Talos said the attackers behind the operation have moved from using malicious emails to alternative delivery methods such as the exploitation of a now-patched remote code execution (RCE) flaw in Netwrix auditor as well as the Raspberry Robin worm. "

3 Ways Attackers Bypass Cloud Security

At Black Hat Europe, a security researcher details the main evasion techniques attackers are currently using in the cloud.

Breaking the silence - Recent Truebot activity

Since August 2022, we have seen an increase in infections of Truebot (aka Silence.Downloader) malware. Truebot was first identified in 2017 and researchers have linked it to a threat actor called Silence Group that is responsible for several high-impact attacks on financial institutions in several countries around the world.

3 xIoT Attacks Companies Aren't Prepared For

A world of increasingly connected devices has created a vast attack surface for sophisticated adversaries.

Zerobot Weaponizes Numerous Flaws in Slew of IoT Devices

The botnet exploits flaws in various routers, firewalls, network-attached storage, webcams, and other products and allows attackers to take over affected systems.

New Go-based Zerobot Botnet Exploiting Dozen of IoT Vulnerabilities to Expand its Network

A novel Go-based botnet called Zerobot has been observed in the wild proliferating by taking advantage of nearly two dozen security vulnerabilities in the internet of things (IoT) devices and other software. The botnet "contains several modules, including self-replication, attacks for different protocols, and self-propagation," Fortinet FortiGuard Labs researcher Cara Lin said. "It also

Russian Actors Use Compromised Healthcare Networks Against Ukrainian Orgs

Victims include at least 15 healthcare organizations, one Fortune 500 company, and other organizations in multiple countries, security vendor says.

NETGEAR Router Vulnerability Allowed Access to Restricted Services

By Deeba Ahmed According to Tenable research, NETGEAR had to release last-minute patches for their devices that were a part of the Pwn2Own event. This is a post from HackRead.com Read the original post: NETGEAR Router Vulnerability Allowed Access to Restricted Services

CVE-2022-45990: CVE-nu11secur1ty/vendors/winston-dsouza/ecommerce-website at main · nu11secur1ty/CVE-nu11secur1ty

A cross-site scripting (XSS) vulnerability in the component /signup_script.php of Ecommerce-Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the eMail parameter.