Author Archives: Ravie Lakshmanan

Days after F5 released patches for a critical remote code execution vulnerability affecting its BIG-IP family of products, security researchers are warning that they were able to create an exploit for the shortcoming.
Tracked CVE-2022-1388 (CVSS score… Continue reading Researchers Develop RCE Exploit for the Latest F5 BIG-IP Vulnerability→

The U.S. State Department has announced rewards of up to $10 million for any information leading to the identification of key individuals who are part of the infamous Conti cybercrime gang.
Additionally, it’s offering another $5 million for intelligen… Continue reading U.S. Offering $10 Million Reward for Information on Conti Ransomware Hackers→

The U.S. Treasury Department on Friday moved to sanction virtual currency mixer Blender.io, marking the first time a mixing service has been subjected to economic blockades.
The move signals continued efforts on the part of the government to prevent N… Continue reading U.S. Sanctions Cryptocurrency Mixer Blender for Helping North Korea Launder Millions→

A new malicious campaign has been spotted taking advantage of Windows event logs to stash chunks of shellcode for the first time in the wild.
“It allows the ‘fileless’ last stage trojan to be hidden from plain sight in the file system,” Kaspersky rese… Continue reading This New Fileless Malware Hides Shellcode in Windows Event Logs→

QNAP, Taiwanese maker of network-attached storage (NAS) devices, on Friday released security updates to patch nine security weaknesses, including a critical issue that could be exploited to take over an affected system.
“A vulnerability has been repor… Continue reading QNAP Releases Firmware Patches for 9 New Flaws Affecting NAS Devices→

A pay-per-install (PPI) malware service known as PrivateLoader has been spotted distributing a “fairly sophisticated” framework called NetDooka, granting attackers complete control over the infected devices.
“The framework is distributed via a pay-per… Continue reading Hackers Using PrivateLoader PPI Service to Distribute New NetDooka Malware→

Cybersecurity researchers have discovered a new Windows malware with worm-like capabilities and is propagated by means of removable USB devices.
Attributing the malware to a cluster named “Raspberry Robin,” Red Canary researchers noted that the worm “… Continue reading Researchers Warn of ‘Raspberry Robin’ Malware Spreading via External Drives→

The China-based threat actor known as Mustang Panda has been observed refining and retooling its tactics and malware to strike entities located in Asia, the European Union, Russia, and the U.S.
“Mustang Panda is a highly motivated APT group relying pr… Continue reading Experts Uncover New Espionage Attacks by Chinese ‘Mustang Panda’ Hackers→

Google has released monthly security patches for Android with fixes for 37 flaws across different components, one of which is a fix for an actively exploited Linux kernel vulnerability that came to light earlier this year.
Tracked as CVE-2021-22600 (C… Continue reading Google Releases Android Update to Patch Actively Exploited Vulnerability→

Google today announced plans to implement support for passwordless logins in Android and the Chrome web browser to allow users to seamlessly and securely sign in across different devices and websites irrespective of the platform.
“This will simplify s… Continue reading Google to Add Passwordless Authentication Support to Android and Chrome→