Malware - Securezoo

Cybercriminal group TeamTNT leaks DockerHub credentials

Authentication, Cybersecurity Attacks, Malware / By Frank Crast / September 12, 2022 September 12, 2022 / Container, Docker, DockerHub, TeamTNT

Researchers from Trend Micro have discovered cybercriminal group TeamTNT leaking credentials from two of their attacker-controlled accounts via exposed Docker REST APIs.

Mirai variant MooBot botnet targets multiple D-Link flaws

Cybersecurity Attacks, Malware, Network Security, Vulnerabilities & Exploits / By Frank Crast / September 11, 2022 September 11, 2022 / botnet, CVE-2015-2051, CVE-2018-6530, CVE-2022-26258, CVE-2022-28958, Cybersecurity Threat Center, D-Link, Mirai, MooBot

Security researchers from Palo Alto Networks Unit 42 have discovered a Mirai botnet variant dubbed “MooBot” that targets multiple D-Link flaws and exposed networking devices running Linux.

Report: Linux malware and cloud misconfigurations top cybersecurity threats

Cloud Security, Container Security, Cybersecurity Attacks, Malware / By Frank Crast / September 5, 2022 September 5, 2022 / BlackCat, Cheerscrypt, Cloud, Containers, Conti, ESXi, Linux, LockBit, LockBit 2.0, MaaS, malware, RaaS, Ransomware, Trend Micro

A new report published by Trend Micro revealed that Linux malware and cloud misconfigurations make up some of the top cybersecurity threats facing organizations over the first half of 2022.

Zeppelin Ransomware threatens wide range of businesses and critical infrastructure organizations

Cybersecurity Attacks, Malware, Ransomware / By Frank Crast / August 16, 2022 August 16, 2022 / #StopRansomware, CISA, FBI, Ransomware, Vega, Zeppelin

The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have issued a joint cybersecurity advisory on Zeppelin Ransomware.

PrestaShop websites vulnerable to major SQL Injection attacks

Cybersecurity Attacks, Malware, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / July 26, 2022 July 26, 2022 / CVE-2022-36408, Cybersecurity Threat Center, MySQL, PrestaShop, SQL injection, SQLi

PrestaShop websites are reported vulnerable to a major SQL Injection vulnerability (tracked as CVE-2022-36408) and have been exploited in the wild since July 2022.

Cyber actors continue to exploit Log4Shell vulnerability (CVE-2021-44228) in VMware Horizon Systems (updated)

Cybersecurity Attacks, Malware, Vulnerabilities & Exploits / By Frank Crast / July 20, 2022 July 20, 2022 / APT, Aquatic Panda, CGCYBER, CISA, CVE-2021-44228, Cybersecurity Threat Center, Deep Panda, Log4j, log4Shell, UAG

The Cybersecurity and Infrastructure Security Agency (CISA) warns cyber actors continue to exploit Log4Shell vulnerability (CVE-2021-44228) in VMware Horizon Systems.

H0lyGh0st ransomware actors target small and midsize businesses

Cybersecurity Attacks, Malware, Ransomware / By Frank Crast / July 17, 2022 July 17, 2022 / Andariel, BLTC.exe, BTLC_C.exe, C2, Cybersecurity Threat Center, DarkSeoul, DEV-0530, H0lyGh0st, HolyGhost, HolyLock.exe, HolyRS.exe, Microsoft, MSTIC, North Korea, Plutonium, Ransomware, SiennaBlue, SiennaPurple, Small Business, SMB

Security researchers from Microsoft warn threat actors from North Korea are using H0lyGh0st ransomware to target small and midsize businesses around the globe.

OrBit: New evasive and persistent Linux malware

Malware, Vulnerabilities & Exploits / By Frank Crast / July 9, 2022 July 9, 2022 / Cybersecurity Threat Center, Linux, malware, OrBit, payload

Researchers from Intezer have discovered a new evasive and persistent Linux malware dubbed OrBit.

ZuoRAT targets SOHO devices to launch sophisticated multi-stage cyber attacks

Cybersecurity Attacks, Malware, Network Security / By Frank Crast / July 8, 2022 July 8, 2022 / ASUS, Black Lotus Labs, Cisco, CVE-2020-26878, CVE-2020-26879, Cybersecurity Attack, Cybersecurity Threat Center, DrayTek, Lumen, NETGEAR, Python, Small Office, SOHO, ZuoRAT

Threat actors are using a multi-stage malware dubbed ZuoRAT to exploit small office/home office (SOHO) routers and launch sophisticated attacks against North American and European networks.

Maui ransomware targets entities in the Healthcare and Public Health sector

Cybersecurity Attacks, Malware / By Frank Crast / July 6, 2022 July 6, 2022 / CISA, Cybersecurity Threat Center, FBI, Health, healthcare, HPH, Maui, Public Health, Treasury

Cybersecurity experts warn North Korean State-Sponsored threat actors are using Maui ransomware to target entities in the Healthcare and Public Health (HPH) sector.