Wind River Systems is warning of a 'security incident' after one or more files was downloaded from its network. Wind River Systems, which develops embedded system software, on Friday warned of a "security incident" that had exposed personnel records. One or more files were downloaded from the company's network on or around September 29, it said. Affected data included information maintained within the company's personnel records. READ MORE...
Enhanced Explosive RAT and Caterpillar tools are at the forefront of a global espionage campaign. Advanced persistent threat (APT) group Lebanese Cedar has compromised at least 250 public-facing servers since early 2020, researchers said, with its latest malware. The group has added new features to its custom "Caterpillar" webshell and the "Explosive RAT" remote access trojan (RAT), both of which researchers at ClearSky Security said they linked to the compromise of the public servers. READ MORE...
The FBI has discovered that the National Finance Center (NFC), a U.S. Department of Agriculture (USDA) federal payroll agency, was compromised by exploiting a SolarWinds Orion software flaw, according to a Reuters report. NFC provides human resources and payroll services to roughly 170 federal agencies and over 650,000 federal employees since 1973. The software vulnerability used to break into NFC's systems is different than the one used by suspected Russian nation-state hackers. READ MORE...
In a series of posts on Twitter, Microsoft on Tuesday warned of an uptick in gift card-themed business email compromise (BEC) attacks targeting K-12 school teachers by impersonating their colleagues. "We detected a recent spike in business email compromise (BEC) attacks soliciting gift cards primarily targeting K-12 school teachers. Attackers impersonate colleagues or school officials to ask recipients to purchase various gift cards," Microsoft Security Intelligence warned. READ MORE...
The Trickbot malware has been upgraded with a network reconnaissance module designed to survey local networks after infecting a victim's computer. This new module, dubbed masrv, uses the open-source masscan tool, a mass port scanner with its own TCP/IP stack and capable of scanning large swaths of the Internet in a matter of minutes. Trickbot uses the network scanner module to map the victims' networks and send home information on any devices with open ports. READ MORE...
A new version of the remote access Trojan targets Microsoft Anti-Malware Software Interface to bypass endpoint detection. The newest versions of the Agent Tesla malware target more applications for credential theft, use updated communication tactics, and pack new techniques for bypassing endpoint defense. Sophos researchers today published a report on updates to Agent Tesla, a family of remote access Trojan (RAT) malware that has grown more popular in recent months. READ MORE...
The Babyk ransomware operation has launched a new data leak site used to publish victim's stolen data as part of a double extortion strategy. Included is a list of targets they wont attack with some exclusions that definitely stand out. In 2019, the Maze ransomware operation introduced a new double-extortion strategy of stealing unencrypted files and then threatening to publicly release them on data leak sites if a ransom is not paid. READ MORE...
A report on Android apps that do location tracking identified 450 apps that use tracker SDKs, many of which use an SDK called X-Mode, which Apple and Google have banned, but are still in Google's Play Store. X-Mode, based in Reston, Virginia in the US, is a broker for location data. The pitch to developers is that by embedding the X-Mode libraries in their apps, they get a revenue stream that is not dependent on showing ads. READ MORE...
Cybersecurity firm Trustwave on Wednesday reported that one of its researchers recently discovered several potentially serious vulnerabilities in products made by Texas-based IT management solutions provider SolarWinds. SolarWinds was recently targeted in a sophisticated supply chain attack that resulted in thousands of organizations receiving malicious updates for the company's Orion monitoring product, and a few hundred - ones that presented an interest to the attackers . READ MORE...
Back in the fall of 2020 threat actors started to massively exploit a vulnerability in the no-longer maintained Magento 1 software branch. As a result, thousands of e-commerce shops were compromised and many of them injected with credit card skimming code. While monitoring activities tied to this Magento 1 campaign, we identified an e-commerce shop that had been targeted twice by skimmers. This in itself is not unusual, multiple infections on the same site are common. READ MORE...
A newly disclosed vulnerability in Adobe ColdFusion could be exploited by unprivileged users for the execution of arbitrary code with SYSTEM privileges. The popular commercial web-application development platform uses the CFML scripting language and is mainly used for the creation of data-driven websites. This week, Will Dormann, a security researcher with Carnegie Mellon University's CERT Coordination Center (CERT/CC). READ MORE...