Over three thousand internet-exposed Apache ActiveMQ servers are vulnerable to a recently disclosed critical remote code execution (RCE) vulnerability. Apache ActiveMQ is a scalable open-source message broker that fosters communication between clients and servers, supporting Java and various cross-language clients and many protocols, including AMQP, MQTT, OpenWire, and STOMP. READ MORE...
As the national library of the UK, the British Library has a collection of more than 150 million items, including books, films, and manuscripts. But the library is struggling with major outages affecting its website and services after a late October cyberattack. The library reported that some on-site services such as Wi-Fi were affected, however, its buildings remain open and certain on-site services are still available. READ MORE...
Cybercriminals are once again abusing macro-enabled Excel add-in (XLL) files in malware attacks at a vastly increased rate, according to new research. HP Wolf Security revealed that .xlam files are now the seventh most commonly abused file extension in Q3 2023, rising 35 places from 42nd on the list in Q2. XLL attacks aren't new and researchers observed a lull in exploits at the start of 2023, but a surge in attention has been given to them in the past few months. READ MORE...
An Iranian espionage group has been caught using a new malware framework in a recent spate of cyberattacks, according to a warning from researchers at Check Point. Tracked as Scarred Manticore and linked to the OilRig threat actor, the nation-state hacking group has been active since at least 2019, targeting high-profile organizations in the Middle East. In its most recent campaign, Scarred Manticore has been observed using LionTail, which does not show code overlaps with known malware families READ MORE...
In August 2023, the notorious Mozi botnet, infamous for exploiting vulnerabilities in hundreds of thousands of IoT devices each year, experienced a sudden and unanticipated nosedive in activity. First observed in India on August 8th, 2023 and a week later in China on August 16th, this mysterious disappearance stripped Mozi bots of most of their functionality. Our investigation into this event led us to the discovery of a kill switch on September 27th, 2023. READ MORE...
VMware Carbon Black's Threat Analysis Unit (TAU) has identified dozens of previously unknown vulnerable kernel drivers that could be exploited by attackers to alter firmware or escalate privileges. It's not uncommon for threat actors, including cybercriminals and state-sponsored groups, to abuse kernel drivers in their operations. Such drivers can allow malicious hackers to manipulate system processes, maintain persistence on a system, and evade security products. READ MORE...
Microsoft's move to include support in Microsoft 365 for the SketchUp 3D Library in June 2022 appears to have introduced numerous vulnerabilities in the company's suite of cloud-based productivity and collaboration tools. The latest evidence of that is a report this week from ZScaler's ThreatLabz on the security vendor's discovery of as many as 117 unique vulnerabilities in Microsoft 365 via SketchUp within just a three-month period of poking at the technology. READ MORE...