Author Archives: Ravie Lakshmanan

WordPress security company Wordfence on Thursday said it started detecting exploitation attempts targeting the newly disclosed flaw in Apache Commons Text on October 18, 2022.
The vulnerability, tracked as CVE-2022-42889 aka Text4Shell, has been assig… Continue reading Hackers Started Exploiting Critical “Text4Shell” Apache Commons Text Vulnerability→

Microsoft this week confirmed that it inadvertently exposed information related to thousands of customers following a security lapse that left an endpoint publicly accessible over the internet sans any authentication.
“This misconfiguration resulted i… Continue reading Microsoft Confirms Server Misconfiguration Led to 65,000+ Companies’ Data Leak→

Google on Thursday announced that it’s seeking contributors to a new open source initiative called Graph for Understanding Artifact Composition, also known as GUAC, as part of its ongoing efforts to beef up the software supply chain.
“GUAC addresses a… Continue reading Google Launches GUAC Open Source Project to Secure Software Supply Chain→

A Russian-speaking ransomware group dubbed OldGremlin has been attributed to 16 malicious campaigns aimed at entities operating in the transcontinental Eurasian nation over the course of two and a half years.
“The group’s victims include companies in … Continue reading OldGremlin Ransomware Targeted Over a Dozen Russian Entities in Multi-Million Scheme→

The Iranian threat actor known as Domestic Kitten has been attributed to a new mobile campaign that masquerades as a translation app to distribute an updated variant of an Android malware known as FurBall.
“Since June 2021, it has been distributed as … Continue reading Hackers Using New Version of FurBall Android Malware to Spy on Iranian Citizens→

As many as 16 malicious apps with over 20 million cumulative downloads have been taken down from the Google Play Store after they were caught committing mobile ad fraud.
The Clicker malware masqueraded as seemingly harmless utilities like cameras, cur… Continue reading These 16 Clicker Malware Infected Android Apps Were Downloaded Over 20 Million Times→

The Ursnif malware has become the latest malware to shed its roots as a banking trojan to revamp itself into a generic backdoor capable of delivering next-stage payloads, joining the likes of Emotet, Qakbot, and TrickBot.
“This is a significant shift … Continue reading New Ursnif Variant Likely Shifting Focus to Ransomware and Data Theft→

The Federal Police of Brazil on Wednesday announced it had arrested an individual for purported links to the notorious LAPSUS$ extortionist gang.
The arrest was made as part of a new law enforcement effort, dubbed Operation Dark Cloud, that was launch… Continue reading Brazilian Police Arrest Suspected Member of Lapsus$ Hacking Group→

Cybersecurity researchers have shared more details about a now-patched security flaw in Azure Service Fabric Explorer (SFX) that could potentially enable an attacker to gain administrator privileges on the cluster.
The vulnerability, tracked as CVE-20… Continue reading Researchers Detail Azure SFX Flaw That Could’ve Allowed Attackers to Gain Admin Access→

An advanced persistent threat (APT) group of Chinese origin codenamed DiceyF has been linked to a string of attacks aimed at online casinos in Southeast Asia for years.
Russian cybersecurity company Kaspersky said the activity aligns with another set … Continue reading Chinese Hackers Targeting Online Casinos with GamePlayerFramework Malware→