Attackers made more than 30,000 attempts to scan and leverage exploits found in the critical Log4Shell vulnerability in January, according to security firm Kaspersky. Log4Shell, a flaw found in the Apache Software Foundation Log4j library logging tool, was first disclosed to the public in December and continues to be a challenge.
Critical Vulnerability Enables Malicious Actors to Control Applications
Russian President Putin held his promised news conference yesterday, the New York Times reports. The crisis over Ukraine, he said, is a provocation entirely made in America. “[The Americans'] most important task is to contain Russia’s development. Ukraine is just an instrument of achieving this goal. It can be done in different ways, such as pulling us into some armed conflict and then forcing their allies in Europe to enact those harsh sanctions against us that are being discussed today in the United States.”
Critical firmware bugs found in products from major IT manufacturers, another WordPress plugin vulnerability found, and this is Identity Theft Awareness Week.
The SolarMarker information stealer and backdoor operators have been discovered using sneaky Windows Registry methods to create long-term persistence on compromised devices, hinting that threat actors are consistently changing tactics and updating their defensive tools. Despite the operation’s drop in November 2021, the remote access implants are still found on targeted networks, according to cybersecurity company Sophos, which spotted the new behavior.
Yesterday's UN Security Council meeting over the Russian threat to Ukraine was marked by acrimony and small progress toward any resolution (the Washington Post describes the sharp exchanges) but negotiations over the crisis continue today on a bilateral basis as US Secretary of State Blinken talks with Russian Foreign Minister Lavrov.
In a sign that threat actors continuously shift tactics and update their defensive measures, the operators of the SolarMarker information stealer and backdoor have been found leveraging stealthy Windows Registry tricks to establish long-term persistence on compromised systems.
Russian cyberattacks continue to afflict targets in Ukraine even as Russian conventional forces remain poised in assembly areas. US Secretary of Defense Austin and Chairman of the Joint Chiefs of Staff Milley said late last week that, while intentions remained "opaque," Russia's capabilities were up to a damaging invasion of Ukraine.
Threat actors are using a customized public exploit for the Log4Shell vulnerability to attack and take over Ubiquiti network appliances running the UniFi software, security firm Morphisec said in a report last week.
According to a post from Morphisec researchers, a phishing campaign active in the wild is infecting victims with AsyncRAT malware.
Experienced Marketing Leader Joins Cybersecurity Vendor to Drive Market Share and Brand Awareness BE’ER SHEVA, ISRAEL AND ...
VP of Product at Morphisec recognized at the prestigious Black Unicorn Awards BE’ER SHEVA, ISRAEL & BOSTON --AUGUST 02, ...
Morphisec CTO & Head of Threat Research recognized at the prestigious Black Unicorn Awards BE’ER SHEVA, ISRAEL, AND BOSTON ...