breaking news

Critical Confluence flaw exploited in ransomware attacks

GlobalDefenseBot
2 minutes

Experts warn threat actors that started exploiting a recent critical flaw CVE-2023-22518 in Confluence Data Center and Confluence Server. Over the weekend threat actors started exploiting a recently disclosed vulnerability (CVE-2023-22518) in all versions of Atlassian Confluence Data Center and Confluence Server. Atlassian last week warned of the CVE-2023-22518 (CVSS score 9.1), the issue is an […]

The post Critical Confluence flaw exploited in ransomware attacks appeared first on Security Affairs.

breaking news

Attackers use Google Calendar RAT to abuse Calendar service as C2 infrastructure

GlobalDefenseBot
2 minutes

Google warns of multiple threat actors that are leveraging its Calendar service as a command-and-control (C2) infrastructure. Google warns of multiple threat actors sharing a public proof-of-concept (PoC) exploit, named Google Calendar RAT, that relies on Calendar service to host command-and-control (C2) infrastructure. Google Calendar RAT is a PoC of Command&Control (C2) over Google Calendar Events, it […]

The post Attackers use Google Calendar RAT to abuse Calendar service as C2 infrastructure appeared first on Security Affairs.

SideCopy’s Multi-platform Onslaught: Leveraging WinRAR Zero-Day and Linux Variant of Ares RAT

CySecBot
18 minutes

SEQRITE Labs APT-Team has discovered multiple campaigns of APT SideCopy, targeting Indian government and defense entities in the past few months. The threat group is now exploiting the recent WinRAR vulnerability CVE-2023-38831 (See our advisory for more details) to deploy AllaKore RAT, DRat and additional payloads. The compromised domains, used to host payloads by SideCopy, […]

The post SideCopy’s Multi-platform Onslaught: Leveraging WinRAR Zero-Day and Linux Variant of Ares RAT appeared first on Blogs on Information Technology, Network & Cybersecurity | Seqrite.

breaking news

Socks5Systemz proxy service delivered via PrivateLoader and Amadey

GlobalDefenseBot
4 minutes

Threat actors infected more than 10,000 devices worldwide with the ‘PrivateLoader’ and ‘Amadey’ loaders to recruit them into the proxy botnet ‘Socks5Systemz.’ Bitsight researchers uncovered a proxy botnet delivered, tracked as Socks5Systemz, which was delivered by PrivateLoader and Amadey loaders. The name Socks5Systemz comes from the name of the unique login panel consistently present in […]

The post Socks5Systemz proxy service delivered via PrivateLoader and Amadey appeared first on Security Affairs.

Arid Viper Steals Sensitive Data From Android’s & Deploy Other Malware

CySecBot
4 minutes

According to recent reports, Arabic-speaking Android users have been targeted with spyware by the “Arid Viper” threat actor, also known as APT-C-23, Desert Falcon, or TAG-63). This threat actor has been using counterfeit dating apps designed to exfiltrate data from compromised devices. Arid Viper is a cyber espionage group that has been active since 2017. […]

The post Arid Viper Steals Sensitive Data From Android’s & Deploy Other Malware appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

breaking news

Security Affairs newsletter Round 444 by Pierluigi Paganini – INTERNATIONAL EDITION

GlobalDefenseBot
4 minutes

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Kinsing threat actors probed the Looney Tunables flaws in recent attacks ZDI discloses four zero-day flaws […]

The post Security Affairs newsletter Round 444 by Pierluigi Paganini – INTERNATIONAL EDITION appeared first on Security Affairs.

breaking news

Lazarus targets blockchain engineers with new KandyKorn macOS Malware

GlobalDefenseBot
3 minutes

North Korea-linked Lazarus group is using new KandyKorn macOS Malware in attacks against blockchain engineers. North Korea-linked Lazarus APT group were spotted using new KandyKorn macOS malware in attacks against blockchain engineers, reported Elastic Security Labs. “KandyKorn is an advanced implant with a variety of capabilities to monitor, interact with, and avoid detection. It utilizes […]

The post Lazarus targets blockchain engineers with new KandyKorn macOS Malware appeared first on Security Affairs.