Threats
Stay informed on the latest cybersecurity threats and news to better protect your data, networks, applications, and devices. Our coverage includes emerging vulnerabilities, evolving attack techniques, and the latest security breaches to help you understand and mitigate risks.
-
Russia-linked Hackers Launch DDoS Attacks on U.S. Airport Websites
A series of distributed denial of service (DDoS) attacks today briefly took down the websites of over a dozen U.S. airports, including those for Atlanta and Los Angeles International Airports. The attacks followed a recent Telegram post by the pro-Kremlin hacker group Killnet listing 46 websites to be targeted. Still, as NBC News noted, some…
-
New MSSQL Backdoor ‘Maggie’ Infects Hundreds of Servers Worldwide
DCSO CyTec researchers Johann Aydinbas and Axel Wauer are warning of new backdoor malware they’re calling “Maggie,” which targets Microsoft SQL servers. Maggie, the researchers say, has already affected at least 285 servers in 42 countries, with a particular focus on South Korea, India, Vietnam, China, and Taiwan. The malware offers a wide range of…
-
Microsoft’s Fix Fails to Patch ProxyNotShell RCE Flaws
After Microsoft published guidance on mitigating the two remote code execution flaws uncovered last week by Vietnamese security firm GTSC, it seems the mitigations Microsoft suggested weren’t as effective as the company had hoped. Over the weekend, Vietnamese security researcher Jang warned, “The URL pattern to detect/prevent the Exchange 0day provided in MSRC’s blog post…
-
Symantec, GTSC Warn of Active Microsoft Exploits
Vietnamese security firm GTSC published a blog post this week warning of a new zero-day remote code execution (RCE) flaw in Microsoft Exchange Server, which it said has been actively exploited at least since early August. GTSC submitted the vulnerability to the Zero Day Initiative, which verified two flaws on September 8 and 9: ZDI-CAN-18333…
-
Unpatched Python Library Affects More Than 300,000 Open Source Projects
Trellix security researchers have revealed a major vulnerability in the Python tarfile library that could be exploited in software supply chain attacks. The researchers believe it could be used against organizations at scale, which could lead to attacks as serious as the one that hit SolarWinds two years ago. Perhaps more troubling is that the…
-
Ransomware Groups Turn to Intermittent Encryption to Speed Attack Times
During a cyberattack, time is of the essence for both attackers and defenders. To accelerate the ransomware encryption process and make it harder to detect, cybercriminal groups have begun using a new technique: intermittent encryption. Intermittent encryption allows the ransomware encryption malware to encrypt files partially or only encrypt parts of the files. The features…
-
Threat Group TeamTNT Returns with New Cloud Attacks
A retired threat actor has returned with new attacks aimed at the cloud, containers – and encryption keys. The Aqua Nautilus research team observed three attacks that appeared very similar to those performed by TeamTNT, a threat actor specializing in cloud platforms and online instances such as Kubernetes clusters, Redis servers, and Docker APIs. These…
-
New Linux Malware Shikitega Can Take Full Control of Devices
AT&T Alien Labs has discovered a new Linux malware that can be used for highly evasive attacks, as the infection has been designed for persistence and runs on practically all kinds of Linux devices. The identity and goals of the authors are as yet unknown, but the technical details have been disclosed. The malware seems…
