#backdoor

The sophisticated and ever-evolving threat known as LodeInfo is being deployed against media, diplomatic, government, public sector, and think-tank targets.

Categories: News Categories: Ransomware Tags: Raspberry Robin Tags: FakeUpdates Tags: LockBit Tags: Clop Tags: ransomware Microsoft warns that the Raspberry Robin worm has triggered payload alerts on devices of almost 1,000 organizations in the past 30 days and is used to introduce ransomware. (Read more...) The post Raspberry Robin worm used as ransomware prelude appeared first on Malwarebytes Labs.

The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including 1.24.0 due to insufficient validation of URLs supplied via the 'url' parameter found via the /v1/hotlink/proxy REST API Endpoint. This made it possible for authenticated users to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

The Log HTTP Requests plugin for WordPress is vulnerable to Stored Cross-Site Scripting via logged HTTP requests in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers who can trick a site's administrator into performing an action like clicking on a link, or an authenticated user with access to a page that sends a request using user-supplied data via the server, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

The Bricks theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the bricks_save_post AJAX action in versions 1.0 to 1.5.3. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to edit any page, post, or template on the vulnerable WordPress website.

The threat actor uses commands from legitimate IIS logs to communicate with custom tools in a savvy bid to hide traces of its activity on victim machines.

A recently discovered hacking group known for targeting employees dealing with corporate transactions has been linked to a new backdoor called Danfuan. This hitherto undocumented malware is delivered via another dropper called Geppei, researchers from Symantec, by Broadcom Software, said in a report shared with The Hacker News. The dropper "is being used to install a new backdoor and other tools

Categories: Exploits and vulnerabilities Categories: News Tags: PoC Tags: PoCs Tags: Leiden Tags: GitHub Tags: VirusTotal Tags: AbuseIPDB Researchers from Leiden University analyzed many thousands of Proof-of-Concepts and found that 10 percent of those they found on GitHub are malicious (Read more...) The post Fake Proof-of-Concepts used to lure security professionals appeared first on Malwarebytes Labs.

Cybercriminal groups are targeting misconfigured Docker and Kubernetes clusters — or just automating the sign-up process for free trial accounts — to build infrastructure for cryptomining.

Setting priorities for internal security measures and outsourcing complex practices help protect small and midsize businesses.