Cybersecurity Attacks Archives - Page 9 of 41

Russian authorities round up 14 REvil ransomware gang members

Cybersecurity Attacks, Malware / Frank Crast / January 15, 2022 / FBI, FSB, Ransomware, REvil, Russia

Russian authorities have arrested 14 members of the infamous REvil ransomware gang and dismantled the network after a raid across Russian cities Moscow, St. Petersburg and Lipetsk.

Russian authorities round up 14 REvil ransomware gang members Read More »

Threat hunters discover Aquatic Panda Log4Shell exploit attempts

Cybersecurity Attacks, Vulnerabilities & Exploits / Frank Crast / January 2, 2022 / Apache, APT, Aquatic Panda, CVE-2021-44228, Log4j, log4Shell

Threat hunters from CrowdStrike have discovered Aquatic Panda cyber gang using Log4Shell exploit tools in recent intrusion attempts against a customer.

Threat hunters discover Aquatic Panda Log4Shell exploit attempts Read More »

NotLegit: 4-year old Microsoft Azure App Service 0-day vulnerability affects source code repositories

Application Security, Cybersecurity Attacks, Vulnerabilities & Exploits / Frank Crast / December 29, 2021 / 0-day, App Service, Azure, GitHub, IIS, Local Git, Microsoft, Node, PHP, Python, Ruby, Windows

A four-year old Microsoft Azure App Service 0-day vulnerability dubbed “NotLegit” affects hundreds of source code repositories.

NotLegit: 4-year old Microsoft Azure App Service 0-day vulnerability affects source code repositories Read More »

Shutterfly targeted with ransomware attack

Cybersecurity Attacks, Malware / Frank Crast / December 27, 2021 / Conti, Cyberattack, malware, Ransomware

California-based photography and image sharing company Shutterfly LLC has been targeted in a ransomware attack.

Shutterfly targeted with ransomware attack Read More »

Google adds OSS-Fuzz open source fuzzer capability to discover Log4Shell vulnerability

Cybersecurity Attacks, Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / December 17, 2021 / Apache, fuzzer, Log4j, log4Shell, Open Source, OSS-Fuzz

As the catastrophic Log4j vulnerability continues to cause havoc on the internet and organizations, Google in collaboration with security firm Code Intelligence has released an update to open source fuzzer (OSS-Fuzz) that can detect the Log4Shell vulnerability.

Google adds OSS-Fuzz open source fuzzer capability to discover Log4Shell vulnerability Read More »

FBI: Cuba ransomware compromised 49 critical infrastructure entities

Cybersecurity Attacks, Malware / Frank Crast / December 4, 2021 / CobaltStrike, Cuba, Cyberattack, FBI, PowerSHell, PsExec, Ransomware, RDP

The Federal Bureau of Investigation (FBI) has issued a cybersecurity alert for ransomware attacks that have compromised 49 entities in five critical infrastructure sectors, such as financial, government, healthcare, manufacturing, and information technology.

FBI: Cuba ransomware compromised 49 critical infrastructure entities Read More »

CISA and FBI alert: Attackers actively exploiting vulnerability in Zoho ManageEngine ServiceDesk Plus

Cybersecurity Attacks, Vulnerabilities & Exploits / Frank Crast / December 3, 2021 / APT, CISA, CVE-2021-44077, FBI, ServiceDesk, Zoho

The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) issued a joint advisory warning attackers are actively exploiting a vulnerability CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus.

CISA and FBI alert: Attackers actively exploiting vulnerability in Zoho ManageEngine ServiceDesk Plus Read More »