Conti Ransomware Exploits Log4j
Conti ransomware gang leverages Log4Shell exploit to compromise VMware vCenter Server installs. The ransomware group used the exploit to target internal devices that are not protected. Conti operators run a private…
VMware Fixes Critical SSRF Flaw in Workspace One
VMware has addressed a critical SSRF vulnerability, tracked as CVE-2021-22054, in Workspace ONE UEM console. An attacker with network access to UEM could exploit the vulnerability to access sensitive data in…
Spiderman No Way Home with a Scam
Fraudsters are leveraging the latest Spider-Man movie to spread malicious files and phishing pages. The latest of the super hero franchise, No Way Home, came out earlier this week to…
PseudoManucrypt ICS Spyware
Infinite number of devices around the world, including many industrial control systems (ICS) and government computers, have been targeted in what appears to be an espionage campaign that involves a…
Phorpiex Botnet into Cryptomining
Researchers have observed a new variant of the Phorpiex botnet targeting cryptocurrency users and stealing funds through a "cryptocurrency clipping." Primarily conducted crypto jacking, ransomware, cryptocurrency clipping, and sextortion spam…
Log4j Patching A Real World Challenge
Security teams around the world working tirelessly to mitigate their organizations' exposure to the Log4j vulnerability have plenty of challenges to overcome. They include scoping the full extent of exposure,…
Privilege Escalation Haunts Lenovo Laptops
A privilege elevation issues in Lenovo laptops, including ThinkPad and Yoga families, are affected by that resides in the ImControllerService service allowing attackers to execute commands with admin privileges. the vulnerabilities,…
DarkWatchman RAT
A new JavaScript based RAT dubbed DarkWatchman propagated via a social engineering campaign has been observed employing sneaky "fileless" techniques as part of its detection evasion methods to elude discovery…