Criminals are actively exploiting the high-severity Log4Shell vulnerability on servers running VMware Horizon in an attempt to install malware that allows them to gain full control of affected systems, the UK’s publicly funded healthcare system is warning.
Security researchers at Cluster25 uncovered a recent campaign carried out by the North Korea-linked Konni APT group aimed at Russian diplomatic entities that used new versions of malware implants.
The APT group carried out spear-phishing attacks using New Year’s Eve festivities as a lure. Upon opening the malicious email attachment, a multi-stage attack chain starts, the final payload is a new version of the Konni RAT family.
Apple has been taking its time fixing an iOS bug that makes it easy for miscreants to completely disable an iOS device unless the victim performs a factory restore and follows other cumbersome steps, a researcher said.
It can be hard to decide what to name smart home devices. Should an internet-connected lamp be called something utilitarian like "Kitchen Lamp" or be given a unique name like "The Bringer of Light to That Place We Make Food" to make it easier to identify? It may not seem like a critical decision, but a new vulnerability shows that HomeKit device names are pretty important.
Security researcher Trevor Spiniolas revealed this "doorLock" vulnerability on Jan. 1.
Microsoft has warned Windows and Azure customers to remain vigilant after observing state-sponsored and cyber-criminal attackers probing systems for the Log4j 'Log4Shell' flaw through December.
Disclosed by the Apache Software Foundation on December 9, Log4Shell will likely take years to remediate because of how widely the error-logging software component is used in applications and services.
Apple has addressed a macOS vulnerability that unsigned and unnotarized script-based apps could exploit to bypass all macOS security protection mechanisms even on fully patched systems.
If they circumvent automated notarization security checks (which scans for malicious components and code-signing issues), the applications are allowed to launch by Gatekeeper, a macOS security feature designed to verify if downloaded apps are notarized and developer-signed.
The Microsoft Azure App Service has a four-year-old vulnerability that could reveal the source code of web apps written in PHP, Python, Ruby or Node, researchers said, that were deployed using Local Git.
The bug has almost certainly been exploited in the wild as a zero-day, according to an analysis from Wiz. The firm dubbed the vulnerability “NotLegit,” and said it has existed since September 2017.
The Conti ransomware gang, which last week became the first professional crimeware outfit to adopt and weaponize the Log4Shell vulnerability, has now built up a holistic attack chain.
The sophisticated Russia-based Conti group – which Palo Alto Networks has called “one of the most ruthless” of dozens of ransomware groups currently known to be active – was in the right place at the right time with the right tools when Log4Shell hit the scene 10 days ago, security firm Advanced Intelligence (AdvIntel) said in a report shared with Threatpost on Thursday.
A threat group targeted an unnamed Asain airline with a previously unknown backdoor, which abused a feature in Slack to obfuscate operational communication, according to a new report. Researchers linked the activity to ITG17 (also known as MuddyWater), an Iran-linked nation-state group, known for targeting governments primarily in the Middle East and South Asia for espionage purposes.
Last Thursday, the world learned of an in-the-wild exploitation of a critical code-execution zero-day in Log4J, a logging utility used by just about every cloud service and enterprise network on the planet. Open source developers quickly released an update that patched the flaw and urged all users to install it immediately.
