Security researchers discovered a new ransomware family that targets Linux systems. Called Cheerscrypt, the ransomware targets VMware ESXi servers. It is noteworthy that last year two vulnerabilities in the VMWare ESXi product were included in the attacks of at least…
![Malicious Python Package [pymafka] Drops Cobalt Strike on macOS, Windows and Linux](https://cdn.sensorstechforum.com/wp-content/uploads/2022/03/advanced-persistent-threat-malware-backdoor-sensorstechforum-1024x585.jpg "Malicious Python Package [pymafka] Drops Cobalt Strike on macOS, Windows and Linux")
Security researchers detected a “mysterious” malicious Python package that downloads the Cobalt Strike malware on Windows, Linux, and macOS systems. Called “pymafka,” the package masquerades as the legitimate popular library PyKafka, a programmer-friendly Kafka client for Python. According to Sonatype…
Mozilla released a new version of its Firefox browser (100.0.2) fixing a set of two critical security vulnerabilities. The patches make this minor update quite significant in importance. Affected versions include Firefox, Firefox ESR, Firefox for Android, and Thunderbird (Firefox…
CVE-2021-22573 is a vulnerability in Google’s OAuth client for Java, with a severity score of 8.7 out of 10 on the CVSS scale. What Causes the CVE-2021-22573 Vulnerability? The vulnerability stems from the fact that “IDToken verifier does not verify…
UpdateAgent is a malware dropper with a well-built infrastructure targeting macOS systems, and it seems that it has been updated once again. According to Jamf Threat Labs, changes were implemented to the dropper, primarily focused on new executables written in…
macOS is generally believed to be bulletproof against malware attacks. Unfortunately, statistics reveal a different picture where Apple’s operating system is often found vulnerable. For instance, in 2017 security researchers detected an increase of 28.83 percent of total reported security…
A new report sheds some light on an extensive fake Android app campaign that distributes the Facestealer spyware. New Campaign of Fake Android Apps Delivers Facestealer Spyware First documented in July 2021, the malware is designed to steal logins and…
A zero-day vulnerability in Macs and Apple watches has been fixed. The vulnerability, assigned the CVE-2022-22675 number, could have been exploited in the wild, Apple said. The flaw was most probably used in targeted attacks. However, applying the update immediately…
Eternity Project is the name of a malware toolkit which is currently in active development and is being sold as malware-as-a-service. Researchers are still unaware of the threat actor selling the malware that enables amateur hackers to get hold of…
Security researchers have identified a malicious campaign against WordPress sites. The campaign uses known vulnerabilities in WordPress themes and plugins, and has affected thousands of websites. Malicious Campaign Compromises WordPress Sites: the Details According to data shared by PublicWWW, at…
HP has fixed two high-severity BIOS vulnerabilities in many of its PC and notebook products. The vulnerabilities, tracked as CVE-2021-3808 and CVE-2021-3809, could allow threat actors to run code with kernel privileges. This type of attack can be described as…
Security researchers say that the notorious ransomware REvil, also known as Sodinokibi, has returned after laying low for six months. The Return of REvil/Sodinokibi Ransowmare Gang According to Secureworks Counter Threat Unit (CTU) researchers, analysis of some recently uploaded to…
CVE-2022-29972 is a security vulnerability in Azure Synapse and Azure Data Factory pipelines that could let threat actors execute remote commands in the Integration Runtime Infrastructure (IR). Microsoft explains that the IR is a compute infrastructure utilized by Azure Data…
CVE-2022-1388 is a critical remote code execution vulnerability that affects F5 BIG-IP multi-purpose networking devices and modules. There are now warnings about in-the-wild exploit attempts weaponizing the vulnerability, in addition to an available PoC (proof of concept) developed by security…
Cisco patched three security vulnerabilities affecting its Enterprise NFV Infrastructure Software. The flaws could allow an attacker to obtain full control of the exposed hosts. It is important to note that the vulnerabilities, tracked as CVE-2022-20777, CVE-2022-20779, and CVE-2022-20780, are…
Black Basta is a new ransomware first detected in the middle of April 2022. According to Minerva researchers, the ransomware “has already caused substantial damage to over ten organizations.” Two of its recent victims include Deutsche Windtechnik and the American…
A security researcher known by the moniker h3perlinx discovered vulnerabilities in some of the most common ransomware families, including Conti, REvil, LockBit, AvosLocker, and the recently discovered Black Basta. Security Researcher Discovers Weaknesses in Popular Malware The discovered weaknesses could…
A new phishing attack leveraging Google’s SMTP relay service has been detected delivering phishing emails to users. The attack has been observed by Avanan security researchers. Google’s SMTP Service Abused What is SMTP? This type of service helps businesses send…
Bumblebee is the name of a new malware downloader used by multiple threat actors that previously delivered BazaLoader and IcedID. In other words, these threat actors have replaced the two malware pieces with the newer Bumblebee. BazaLoader, in particular, hasn’t…
Which were the most routinely exploited security vulnerabilities in 2021? A new report released by CISA in cooperation with the authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom revealed an advisory containing the most exploited…
