Atlassian Confluence Exploits Peak at 100K Daily
Since it was first identified on June 2, the Atlassian Confluence remote code-execution (RCE) vulnerability tracked as CVE-2022-26134 has attracted the repeated attention of threat actors. Now, after peaking...
China-Backed APT Pwns Building-Automation Systems with ProxyLogon
A previously unknown Chinese-speaking advanced persistent threat (APT) is exploiting the ProxyLogon Microsoft Exchange vulnerability to deploy the ShadowPad malware, researchers said — with the end goal of taking...
LockBit 3.0 Debuts with Ransomware Bug Bounty Program
The LockBit ransomware group just released its latest ransomware-as-a-service offering, LockBit 3.0, and along with it a first for the Dark Web: a bug-bounty program.
The bounty program offers up...
Without Conti on the Scene, LockBit 2.0 Leads Ransomware Attacks
A 18% drop in ransomware attacks in May is probably the result of Conti's shutdown, but the actors are regrouping under other brands, including KaraKurt, Black Byte, Hive, and...
APT Groups Swarming on VMware Servers with Log4Shell
Organizations with public-facing VMware Horizon and Unified Access Gateway (UAG) servers without appropriate Log4Shell mitigations have been under a barrage of attacks from a range of attackers, including state-sponsored...
Chinese APT Group Likely Using Ransomware Attacks as Cover for IP Theft
A China-based advanced persistent threat (APT) actor, active since early 2021, appears to be using ransomware and double-extortion attacks as camouflage for systematic, government-sponsored cyberespionage and intellectual property theft.
In...
MetaMask Crypto-Wallet Theft Skates Past Microsoft 365 Security
Researchers have uncovered an email-based credential-phishing attack targeting users of MetaMask, a cryptocurrency wallet used to interact with the Ethereum blockchain.
The campaign is directed at Microsoft 365 (formerly Microsoft...
Cyberattackers Abuse QuickBooks Cloud Service in ‘Double-Spear’ Campaign
Cyberattackers are hiding behind the QuickBooks brand to disguise their malicious activity, researchers are warning. The effort is a "double-spear" approach that packs a one-two punch: Stealing phone numbers...
Microsoft 365 Users in US Face Raging Spate of Attacks
Microsoft 365 and Outlook customers in the US are in the crosshairs of a successful credential-stealing campaign that uses voicemail-themed emails as phishing lures. The flood of malicious emails...
Fresh Magecart Skimmer Attack Infrastructure Flagged by Analysts
Although observed Magecart skimmer attacks have been less frequently reported in recent months, analysts have discovered fresh infrastructure they were able to trace to malicious domains behind an ongoing campaign.
The Malwarebytes Labs team...
