Some router models have identified a security vulnerability that allows attackers to bypass authentication. To exploit this vulnerability, an attacker must know the WiFi password or have an Ethernet connection to a device on the victim’s network.  Firmware updates that address this vulnerability are available for the following routers: RAX35 (version 1.0.6.106), RAX38 (version 1.0.6.106), and RAX40 (version 1.0.6.106). It is strongly recommended that users download and install the latest firmware update as soon as possible.  Is Your Network Under Attack? - Read CISO’s Guide to Avoidi ..read more

Hackers often target CrushFTP servers as they contain sensitive data and are used for file sharing and storage. This makes them attractive targets for data theft and ransomware attacks for the threat actors.  Besides this, the vulnerabilities in CrushFTP servers can be exploited to gain unauthorized access to networks or distribute malware to connected systems. Silent Push researchers recently identified that on April 19th, CrushFTP disclosed a critical zero-day vulnerability tracked as CVE-2024-4040 with a CVSS score of 9.8 in versions before 10.7.1/11.1.0.  Is Your Network Under At ..read more

DDoS attacks are a significant and growing risk that can overpower websites, crash servers, and block out authorized users with never-ending waves of offensive traffic. More than 13 million DDoS attacks were recorded in 2023 alone, which reveals the real danger of unmitigated attacks.  NetScout researchers recently discovered that threat actors executed 13,142,840 DDoS attacks targeted at organizations around the globe. Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide Technical Analysis The outcomes are not limited to inconveniences ..read more

Hackers have leveraged an old Microsoft Office vulnerability, CVE-2017-8570, to deploy the notorious Cobalt Strike Beacon, targeting systems in Ukraine. It has been closely monitoring the situation and has successfully detected all stages of the attack. CVE-2017-8570: The Initial Vector The attack begins with the exploitation of CVE-2017-8570, a vulnerability first identified in 2017. This vulnerability allows attackers to execute arbitrary code via specially crafted files, making it a potent tool for initial access. Campaign overview Is Your Network Under Attack? - Read CISO’s Guide to Avoidi ..read more

The telecom company AeroNet Wireless announced the launch of its new 10Gbps speed Internet plan, marking an important landmark for the telecommunications sector in Puerto Rico. “We have invested millions to expand and strengthen our network, demonstrating our commitment to launching Puerto Rico to the next level of connectivity and Internet services. Our new 10Gbps plan is the first of its kind on the island, and we are confident that it will position AeroNet and Puerto Rico’s telecommunications industry as a force to be reckoned with nationwide,” said AeroNet’s President and Founder, Gino Vil ..read more

In a historic move, Microsoft has made the source code for MS-DOS 4.0, one of the most influential operating systems of all time, publicly available on GitHub. This decision marks a significant milestone in the company’s commitment to open-source software and preserving computing history. “Today, we are thrilled to release the source code for MS-DOS 4.0 under the MIT license, fostering a spirit of open innovation,” said a Microsoft spokesperson. “This operating system’s 8086 assembly code, written over 45 years ago, is a remarkable testament to the ingenuity and dedication of our predecessors ..read more

A new attack campaign has been discovered to be employed by the FROZEN#SHADOW, which utilized SSLoad malware for its operations and Cobalt Strike Implants to pivot and take over the entire network. In addition, the threat actors also used Remote Monitoring and management) software like ScreenConnect RMM for further control. SSLoad is a well-designed malware that can stealthily infiltrate the systems, gather sensitive information, and exfiltrate the collected information back to the malware operators. Moreover, the malware also leverages multiple backdoors and payloads to evade detection and ma ..read more

Hackers exploit PowerShell, a built-in scripting tool on Windows (and sometimes Linux), to launch various attacks. PowerShell scripts can download malware, bypass antivirus, steal data, and grant remote access.   The scripts are attractive to attackers because they are easy to write, difficult to detect due to obfuscation techniques (like partial name matching), and leverage legitimate system resources for malicious actions (“living off the land”) but some tools can analyze these PowerShell scripts for safe detonation and step-by-step tracing.  PowerShell scripts are a type of a ..read more

A new cybersecurity threat has emerged as a zero-click remote code execution (RCE) exploit targeting Apple’s iMessage service is reportedly being circulated on various hacker forums. This exploit, which allows hackers to take control of an iPhone without any interaction from the user, poses a significant risk to millions of iMessage users worldwide. Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide A zero-click exploit is a cybersecurity threat that does not require the victim to click on a link, download a file, or take any action to trig ..read more

Hackers exploit LOCKBIT Builder due to its versatility in creating customized ransomware payloads which enable them to tailor attacks to specific targets and evade detection by security measures. DragonForce Ransomware emerged in November 2023, employing double extortion tactics – data theft followed by encryption, with victims’ data leaked if the ransom is unpaid.  Though sharing the name with a Malaysian hacktivist group, the origins of the DragonForce Ransomware are unclear.  Cyble’s cybersecurity researchers’ analysis recently revealed that the DragonForce’s binary is based on th ..read more