Qilin affiliates spear-phish MSP ScreenConnect admin, targeting customers downstream
Attack matches three-year long pattern of ScreenConnect attacks tracked by Sophos MDR as STAC4365.
Similar Posts
LockBit 5’s “new secure blog domain” infra leaked already
Bys sIt seems like only yesterday that LockBit 5.0 announced, with its usual hubris, a “new secure blog domain, with a multi-layered protection system against all-powerful FBI agents.” And it seems like only yesterday that Rakesh Krishnan revealed LockBit 5’s IP address and domain. In a post on X.com on December 5, @RakeshKrish12 wrote: Exposing……
Researchers Expose New Intel CPU Flaws Enabling Memory Leaks and Spectre v2 Attacks
Bys sResearchers at ETH Zürich have discovered yet another security flaw that they say impacts all modern Intel CPUs and causes them to leak sensitive data from memory, showing that the vulnerability known as Spectre continues to haunt computer systems after more than seven years. The vulnerability, referred to as Branch Privilege Injection (BPI), “can be…
GeoServer Exploits, PolarEdge, and Gayfemboy Push Cybercrime Beyond Traditional Botnets
Bys sCybersecurity researchers are calling attention to multiple campaigns that leverage known security vulnerabilities and expose Redis servers to various malicious activities, including leveraging the compromised devices as IoT botnets, residential proxies, or cryptocurrency mining infrastructure. The first set of attacks entails the exploitation of CVE-2024-36401 (CVSS score: 9.8), a critical
Hackers Exploiting SimpleHelp RMM Flaws for Persistent Access and Ransomware
Bys sThreat actors have been observed exploiting recently disclosed security flaws in SimpleHelp’s Remote Monitoring and Management (RMM) software as a precursor for what appears to be a ransomware attack. The intrusion leveraged the now-patched vulnerabilities to gain initial access and maintain persistent remote access to an unspecified target network, cybersecurity company Field Effect said in…
Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware
Bys sCybersecurity researchers have flagged a new malicious Microsoft Visual Studio Code (VS Code) extension for Moltbot (formerly Clawdbot) on the official Extension Marketplace that claims to be a free artificial intelligence (AI) coding assistant, but stealthily drops a malicious payload on compromised hosts. The extension, named “ClawdBot Agent – AI Coding Assistant” (“clawdbot.clawdbot-agent”)
Kazakhstan Considers Criminal Liability for Mass Leaks of Personal Data
Bys sDmitry Pokidaev reports: Kazakhstan is considering tightening legal responsibility for violations related to personal data protection. The Ministry of Artificial Intelligence and Digital Development has proposed introducing criminal liability for mass leaks of citizens’ personal data, along with a significant increase in administrative fines for failing to comply with information security requirements. The proposal was……