news

Atlassian Confluence Vulnerability CVE-2022-26134 Abused For Cryptocurrency Mining, Other Malware

Posted on September 21, 2022September 21, 2022 by Admin

Atlassian Confluence Vulnerability CVE-2022-26134 Abused For Cryptocurrency Mining, Other Malware Exploits & Vulnerabilities Users are advised to patch immediately: We found exploit samples abusing the Atlassian Confluence vulnerability (CVE-2022-26134) in the wild for malicious cryptocurrency mining. By: Sunil Bharti September 21, 2022 Read time: ( words) We observed the active exploitation of CVE-2022-26134, an unauthenticated remote code execution (RCE) vulnerability with a critical rating of 9.8 in the collaboration tool Atlassian Confluence. The gap is…

Security Risks in Logistics APIs Used by E-Commerce Platforms

Posted on September 20, 2022September 20, 2022 by Admin

Security Risks in Logistics APIs Used by E-Commerce Platforms Our research examines the security flaws that we found in the logistics API implementation of e-commerce platforms that can potentially expose the consumers’ personal information. We discuss the security risks that such flaws present for software engineers, e-commerce platform providers, and consumers. By: Ryan Flores, Charles Perine, Lord Alfred Remorin, Roel Reyes September 20, 2022 Read time: ( words) The connectivity that we’ve experienced of late…

The Risk of Ransomware Supply Chain Attacks

Posted on September 20, 2022September 22, 2022 by Admin

Ransomware has been a major threat to cybersecurity throughout the years, dominating boardroom discussions. It is a type of malware that prevents or limits users from accessing their systems. Malicious actors lock the system’s screen or user files until a hefty ransom is paid. First seen in Russia between 2005 and 2006, ransomware’s popularity as a business model spread across the globe. By 2012, Trend Micro has observed a continuous spread of infections across Europe…

A Post-exploitation Look at Coinminers Abusing WebLogic Vulnerabilities

Posted on September 14, 2022September 14, 2022 by Admin

Using Workload Security to detect WebLogic vulnerability exploitation Workload Security’s correlation of telemetry and detections provided the initial security context in this campaign, which allowed security teams and analysts to track and monitor the malicious actor’s activities. The following Workload Security modules worked to detect the exploitation of CVE-2020-14882 on vulnerable systems: Intrusion prevention system module Workload Security’s intrusion prevention system module can tap into incoming traffic and effectively block and detect malicious network traffic….

Security Breaks: TeamTNT’s DockerHub Credentials Leak

Posted on September 12, 2022September 12, 2022 by Admin

We constantly deploy and study our honeypots to get a view of actively exploited vulnerabilities and misconfigurations on platforms and services that pose cloud security risks. One of these honeypots is based on exposed Docker REST API for analysis from cloud services providers’ and users’ perspectives. Upon analyzing the samples, we realized and were able to understand the threat actors’ use of container registry features for Docker malware and tactics, techniques, and procedures (TTPs). Our…

Play Ransomware Attack Playbook Similar to that of Hive, Nokoyawa

Posted on September 6, 2022September 6, 2022 by Admin

Initial Access Play’s ransomware actors commonly gain initial access through valid accounts that have been reused across multiple platforms, have previously been exposed, or were obtained through illegal means. This includes Virtual Private Network (VPN) accounts, not just domain and local accounts. Exposed RDP servers are also abused to establish a foothold. Another technique Play ransomware uses is the exploitation of the FortiOS vulnerabilities CVE-2018-13379 and CVE-2020-12812. CVE-2018-13379 is a path traversal vulnerability in the…

BumbleBee a New Modular Backdoor Evolved From BookWorm

Posted on September 2, 2022September 2, 2022 by Admin

BumbleBee a New Modular Backdoor Evolved From BookWorm Malware In March 2021, we investigated a backdoor with a unique modular architecture and called it BumbleBee due to a string embedded in the malware. However, in our recent investigations, we have discovered a controller application that expands its capabilities. By: Vickie Su, Ted Lee, Nick Dai September 02, 2022 Read time: ( words) In March 2021, we investigated a backdoor with a unique modular architecture and…

« 1 … 9 10 11 12 13 … 27 »

Atlassian Confluence Vulnerability CVE-2022-26134 Abused For Cryptocurrency Mining, Other Malware

The Risk of Ransomware Supply Chain Attacks

A Post-exploitation Look at Coinminers Abusing WebLogic Vulnerabilities

Play Ransomware Attack Playbook Similar to that of Hive, Nokoyawa

BumbleBee a New Modular Backdoor Evolved From BookWorm

VMWARE

Helping Public Sector Organisations Define Cloud Strategy

How to change the VLAN ID of the Service Console in ESX from the command line/console

Cisco UCS and Vmware Interfaces (Vnics) HA Design Considerations

Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi(2020669)

vSphere Client Parameters

Configuration Templates

CUE Licenses

Trouble shooting Unity Express with Call Manager Integeration & Operational Issues

CME Configuration Example: SIP Trunks to Viatalk and VoIP.ms

SIP Phone registration – CME Configuration

CUE Voicemail + VPIM networking (CUE to unity)