Trend Micro researchers identified a sophisticated malware campaign that aims at Middle East organizations. The campaign tricks victims into infecting their devices by pretending to be a real Palo Alto GlobalProtect VPN client. The attack begins with the distribution of a malicious file named “setup.exe,” which masquerades as a legitimate …

Akamai’s Security Intelligence Response Team (SIRT) found a large Mirai botnet campaign that is using a new zero-day vulnerability (CVE-2024-7029) in AVTECH IP cameras. The vulnerability, which allows for remote code execution, has been leveraged to propagate a Mirai variant dubbed “Corona,” raising significant concerns about critical infrastructure security. CVE-2024-7029 …

The BlackByte ransomware group is suspected of using a recently fixed security issue in VMware ESXi hypervisors. They are also taking advantage of weak drivers to bypass security measures. A vulnerability named CVE-2024-37085 lets attackers bypass authentication on VMware ESXi systems connected to an Active Directory domain. By using this …

A Google Cloud Storage bucket linked to Alice’s Table, a Shark Tank contestant offering virtual floral arrangement classes, has leaked personal data of over 83,000 customers. Cybernews and Cyble researchers found a misconfigured cloud bucket while investigating. Researchers found that the Google bucket belonged to Alice’s Table, a company founded …

CISA issued a warning about a security flaw in Apache OFBiz, an ERP system. The vulnerability is being actively exploited and has been added to CISA’s Known Exploited Vulnerabilities catalog as CVE-2024-38856. CVE-2024-38856 is a serious security flaw in Apache OFBiz. It allows attackers to run code on a remote …

Lumen Technologies’ malware hunters have discovered Chinese APT group Volt Typhoon using a new zero-day exploit in Versa Director servers. They used this exploit to steal credentials and gain unauthorized access to the networks of downstream customers. CVE-2024-39717 is a serious vulnerability that CISA added to their must-patch list after …

SonicWall released security updates to fix a critical flaw in its firewalls. If exploited, this flaw could give unauthorized access to malicious actors. The vulnerability is known as CVE-2024-40766 and has a CVSS score of 9.3. It is an access control issue. “An improper access control vulnerability has been identified …

NSA has released Best Practices for Event Logging and Threat Detection to make sure important systems keep working. These practices apply to cloud services, enterprise networks, mobile devices, and operational technology networks. The Cybersecurity Information Sheet (CSI) was created with international co-authors, including the Australian Signals Directorate’s Australian Cyber Security …

The Malware newsletter from Infosecbulletin features the top articles and research on malware from around the world. The “Mad Liberator” ransomware group leverages social-engineering moves to watch out for Best Laid Plans: TA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackSmith Malware Toolset TodoSwift Disguises Malware Download Behind …

Dell Technologies identified a security vulnerability in Dell Power Manager (DPM), in versions 3.15.0 and older. The vulnerability, named CVE-2024-39576, allows a low-privileged attacker with local access to execute code and gain higher privileges. Vulnerability Details: Lefteris Panos from LRQA Nettitude found the vulnerability in Dell Power Manager. This vulnerability …