From Caribbean shores to your devices: analyzing Cuba ransomware
The article analyzes the malicious tactics, techniques and procedures (TTP) used by the operator of the Cuba ransomware, and details a Cuba attack incident.
Backdoor
Publicly available Evil_MinIO exploit used in attacks on MinIO Storage Systems
A threat actor was spotted exploiting MinIO storage system vulnerabilities to execute arbitrary code on affected servers. Security Joes researchers have observed an unknown threat actor using a publicly available exploit chain for vulnerabilities in the MinIO Object Storage system to achieve arbitrary code execution on vulnerable servers. Object Storage is a data storage architecture […]
The post Publicly available Evil_MinIO exploit used in attacks on MinIO Storage Systems appeared first on Security Affairs.
IT threat evolution in Q2 2023
Q2 2023 overview: targeted attacks such as Operation Triangulation, CloudWizard and Lazarus activity, Nokoyawa ransomware, and others.
(Re)check your patched NetScaler ADC and Gateway appliances for signs of compromise
Administrators of Citrix NetScaler ADC and Gateway appliances should check for evidence of installed webshells even if they implemented fixes for CVE-2023-3519 quickly: A recent internet scan by Fox-IT researchers has revealed over 1,800 backdoored Net…
Focus on DroxiDat/SystemBC
An unknown actor targeted an electric utility in southern Africa with Cobalt Strike beacons and DroxiDat, a new variant of the SystemBC payload. We speculate that this incident was in the initial stages of a ransomware attack.
Common TTPs of attacks against industrial organizations
In 2022 we investigated a series of attacks against industrial organizations in Eastern Europe. In the campaigns, the attackers aimed to establish a permanent channel for data exfiltration, including data stored on air-gapped systems.
Cryptomining and Malware Flourish on Misconfigured Kubernetes Clusters
By Habiba Rashid
Aquasec Investigation Exposes Alarming Rise in Kubernetes Misconfigurations Leading to Catastrophic Breaches.
This is a post from HackRead.com Read the original post: Cryptomining and Malware Flourish on Misconfigured Kubernetes Clusters
North Korean hackers breached Russian missile development firm
North Korean state-sponsored hackers have breached Russian missile maker NPO Mashinostroyeniya, according to SentinelLabs researchers. North Korean hackers discovered The researchers came across leaked email communication between NPO Mashinostroyeniya&…
North Korea compromised Russian missile engineering firm NPO Mashinostroyeniya
Two North Korea-linked APT groups compromised the infrastructure of the major Russian missile engineering firm NPO Mashinostroyeniya. Cybersecurity firm SentinelOne linked the compromise of the major Russian missile engineering firm NPO Mashinostroyeniya to two different North Korea-linked APT groups. NPO Mashinostroyeniya (JSC MIC Mashinostroyenia, NPO Mash) is a leading Russian manufacturer of missiles and military […]
The post North Korea compromised Russian missile engineering firm NPO Mashinostroyeniya appeared first on Security Affairs.
New persistent backdoor used in attacks on Barracuda ESG appliances
The Cybersecurity and Infrastructure Agency (CISA) has published an analysis report on the backdoors dropped by attackers exploiting CVE-2023-2868, a remote command injection vulnerability in Barracuda Email Security Gateway (ESG) appliances. Barracuda…