exploits

New COSMICENERGY Malware Exploits ICS Protocol to Sabotage Power Grids

May 26, 2023 by iHash Leave a Comment

May 26, 2023Ravie LakshmananICS/SCADA Security A new strain of malicious software that's engineered to penetrate and disrupt critical systems in industrial environments has been unearthed. Google-owned threat intelligence firm Mandiant dubbed the malware COSMICENERGY, adding it was uploaded to a public malware scanning utility in December 2021 by a submitter in Russia. There … [Read more...] about New COSMICENERGY Malware Exploits ICS Protocol to Sabotage Power Grids

XWorm Malware Exploits Follina Vulnerability in New Wave of Attacks

May 12, 2023 by iHash Leave a Comment

May 12, 2023Ravie LakshmananCyber Threat / Malware Cybersecurity researchers have discovered an ongoing phishing campaign that makes use of a unique attack chain to deliver the XWorm malware on targeted systems. Securonix, which is tracking the activity cluster under the name MEME#4CHAN, said some of the attacks have primarily targeted manufacturing firms and healthcare … [Read more...] about XWorm Malware Exploits Follina Vulnerability in New Wave of Attacks

NSO Group Used 3 Zero-Click iPhone Exploits Against Human Rights Defenders

Apr 20, 2023 by iHash Leave a Comment

Israeli spyware maker NSO Group deployed at least three novel "zero-click" exploits against iPhones in 2022 to infiltrate defenses erected by Apple and deploy Pegasus, according to the latest findings from Citizen Lab. "NSO Group customers widely deployed at least three iOS 15 and iOS 16 zero-click exploit chains against civil society targets around the world," the … [Read more...] about NSO Group Used 3 Zero-Click iPhone Exploits Against Human Rights Defenders

Cytrox’s Predator Spyware Targeted Android Users with Zero-Day Exploits

May 20, 2022 by iHash Leave a Comment

Google's Threat Analysis Group (TAG) on Thursday pointed fingers at a North Macedonian spyware developer named Cytrox for developing exploits against five zero-day (aka 0-day) flaws, four in Chrome and one in Android, to target Android users. "The 0-day exploits were used alongside n-day exploits as the developers took advantage of the time difference between when some critical … [Read more...] about Cytrox’s Predator Spyware Targeted Android Users with Zero-Day Exploits

Google Project Zero Detects a Record Number of Zero-Day Exploits in 2021

Apr 20, 2022 by iHash Leave a Comment

Google Project Zero called 2021 a "record year for in-the-wild 0-days," as 58 security vulnerabilities were detected and disclosed during the course of the year. The development marks more than a two-fold jump from the previous maximum when 28 0-day exploits were tracked in 2015. In contrast, only 25 0-day exploits were detected in 2020. "The large uptick in in-the-wild 0-days … [Read more...] about Google Project Zero Detects a Record Number of Zero-Day Exploits in 2021

New “B1txor20” Linux Botnet Uses DNS Tunnel and Exploits Log4J Flaw

Mar 16, 2022 by iHash Leave a Comment

A previously undocumented backdoor has been observed targeting Linux systems with the goal of corralling the machines into a botnet and acting as a conduit for downloading and installing rootkits. Qihoo 360's Netlab security team called it B1txor20 "based on its propagation using the file name 'b1t,' the XOR encryption algorithm, and the RC4 algorithm key length of 20 … [Read more...] about New “B1txor20” Linux Botnet Uses DNS Tunnel and Exploits Log4J Flaw

PROPHET SPIDER Exploits Citrix ShareFile

Mar 8, 2022 by iHash Leave a Comment

At the start of 2022, CrowdStrike Intelligence and CrowdStrike Services investigated an incident in which PROPHET SPIDER exploited CVE-2021-22941 — a remote code execution (RCE) vulnerability impacting Citrix ShareFile Storage Zones Controller — to compromise a Microsoft Internet Information Services (IIS) web server. The adversary exploited the vulnerability to deploy a … [Read more...] about PROPHET SPIDER Exploits Citrix ShareFile

Investigate Log4Shell exploits with Elastic Security and Observability

Jan 16, 2022 by iHash Leave a Comment

OverviewFollowing the discovery of Log4Shell, a vulnerability in Log4J2, Elastic released a blog post describing how users of our platform can leverage Elastic Security to help defend their networks. We also released an advisory detailing how Elastic products and users are impacted.In this blog, we expand on these initial posts and highlight how the combination of security and … [Read more...] about Investigate Log4Shell exploits with Elastic Security and Observability

Defending Against Log4j Exploits with Cisco Secure Endpoint

Dec 21, 2021 by iHash Leave a Comment

The Apache Log4j vulnerability (CVE-2021-44228) is on the mind of nearly every cybersecurity and IT team right now because of its widespread usage, ease of exploitation, and broad attack surface. This blog provides an overview of how Cisco Secure Endpoint helps protect your environment from attackers exploiting this vulnerability. What You Need to Know About Log4j On Thursday, … [Read more...] about Defending Against Log4j Exploits with Cisco Secure Endpoint

1-Click iPhone and Android Exploits Target Tibetan Users via WhatsApp

Sep 24, 2019 by iHash Leave a Comment

A team of Canadian cybersecurity researchers has uncovered a sophisticated and targeted mobile hacking campaign that is targeting high-profile members of various Tibetan groups with one-click exploits for iOS and Android devices.Dubbed Poison Carp by University of Toronto's Citizen Lab, the hacking group behind this campaign sent tailored malicious web links to its targets over … [Read more...] about 1-Click iPhone and Android Exploits Target Tibetan Users via WhatsApp

SurFast Video Downloader: Lifetime Subscription for $19

Wewatch V70 Pro 1080p 500 Lumen Projector for $169

The Rosetta Stone + Microsoft Office for Mac Lifetime Bundle for $199

The 24-Hour Chatbot for $12

The 2024 Complete Presentation & Public Speaking Bundle for $24