Ειδοποιήσεις

A cyberespionage group with suspected ties to the Kazakh and Lebanese governments has unleashed a new wave of attacks against a multitude of industries with a retooled version of a 13-year-old backdoor Trojan.

Check Point Research called out hackers affiliated with a group named Dark Caracal in a new report published yesterday for their efforts to deploy “dozens of digitally signed variants” of the Bandook Windows Trojan over the past year, thus once again “reigniting interest in this old malware family.”

The different verticals singled out by the threat actor include government, financial, energy, food industry, healthcare, education, IT, and legal institutions located in Chile, Cyprus, Germany, Indonesia, Italy, Singapore, Switzerland, Turkey, and the US.

Read more »

Νέα εκστρατεία ηλεκτρονικού ψαρέματος (phishing) κάνει κατάχρηση του νόμιμου ιστότοπου φιλοξενίας αρχείων WeTransfer για τη διαβίβαση κακόβουλων συνδέσμων μέσω φίλτρων ηλεκτρονικού ταχυδρομείου. Οι εισβολείς στέλνουν πραγματικές ειδοποιήσεις WeTransfer μέσω μηνυμάτων ηλεκτρονικού ταχυδρομείου, οι οποίες ενημερώνουν τους παραλήπτες ότι έχει διαμοιραστεί αρχείο μαζί τους, όπως φαίνεται στο παρακάτω στιγμιότυπο οθόνης:

Read more »

Πρόσφατα μία κρίσιμη υποδομή πληροφοριών στην Κύπρο, αποτέλεσε θύμα επίθεσης μέσω της μεθόδου spoofing όπου λογαριασμός ηλεκτρονικού ταχυδρομείου της υποδομής, είχε πλαστογραφηθεί με κακόβουλη πρόθεση.

Read more »

An adware and coin-miner botnet targeting Russia, Ukraine, Belarus, and Kazakhstan at least since 2012 has now set its sights on Linux servers to fly under the radar.

According to a new analysis published by Intezer today and shared with The Hacker News, the trojan masquerades as HTTPd, a commonly used program on Linux servers, and is a new version of the malware belonging to a threat actor tracked as Stantinko.

Read more »

VMware has released a workaround to address a critical zero-day in multiple VMware Workspace One components that allows attackers to execute commands on the host Linux and Windows operating systems using escalated privileges.

Zero-days are publicly disclosed vulnerabilities not yet patched by the vendor. In some cases, zero-days are also actively exploited in the wild or have publicly available proof-of-concept exploits.

Not all versions are vulnerable

The vulnerability tracked as CVE-2020-4006 is a command injection bug — with a 9.1/10 CVSSv3 severity rating — found in the administrative configurator of some releases of VMware Workspace ONE Access, Access Connector, Identity Manager, and Identity Manager Connector. Read more »