Earlier this year, a task force was headed by the U.S. FBI and Dutch police claimed to have taken down prolific malware and botnet operator Qakbot. The threat actors behind Qakbot are back, but in a surprising twist, it appears they never went away to begin with.
Qakbot has used a variety of infection vectors, including switching file names and formats and deploying several techniques to hide its operation. The return of Qakbot was discovered by researchers, and the threat actors behind Qakbot have been conducting a campaign since early August in which they have been distributing Ransom Knight ransomware and the Remcos backdoor via emails.
Researchers has identified an emerging Malware-as-a-Service (MaaS) threat known as BunnyLoader, available on underground forums. BunnyLoader, primarily written in C/C++, is a fileless loader that conducts malicious activities in memory, making detection more challenging for cybersecurity experts. It features a range of capabilities, including keylogging, clipboard monitoring to hijack cryptocurrency wallet addresses and remote command execution.
Since its initial release on September, 2023, BunnyLoader has witnessed several iterations, each bringing enhancements and fixes. These updates address bugs, introduce new functionalities, and adapt to thwart analysis attempts. The malware now offers options for payload and stub purchases at $250 and $350, respectively.
Atlassian, has fixed a privilege escalation vulnerability bug in Confluence Server and Datacenter editions.The vulnerability, tracked as CVE-2023-22515, attackers have already exploited this flaw in some publicly accessible Confluence instances, enabling them to craft unauthorized Confluence administrator accounts and infiltrate the instances.
Atlassian Cloud sites are safe since these sites remain unaffected if the confluence site accessed through an atlassian.net domain, rest easy your data remains uncompromised.
SUBSCRIBE TO OUR BLOG TODAY !
We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day
The notorious BlackCat ransomware gang boasted about the attack on their dark website, after which McLaren Healthcare confirmed the ransomware attack. McLaren Healthcare is one of the largest healthcare systems in Michigan. The BlackCat ransomware group claims to have access to sensitive data of McLaren’s 2.5 million patients and videos of hospital work, which is altogether 6TB of data.
The group did not initially name the company but added McLaren’s name hours later when the healthcare provider supposedly tried to hide the hack attack, and their spokesperson did not respond to the ransomware group’s demands.
The evolving cyber threat landscape requires organizations to strengthen their ability to identify, analyze, and evaluate cyber risks before they evolve into security incidents. Threat actors are exploiting the known unpatched vulnerabilities in order to intrude into Industrial Control Systems (ICS) environments and disrupt critical operations.
Patching is a fundamental security practice, but applying it in OT (Operational Technology) settings differs substantially from IT systems. In the OT world, assessing the benefits and risks of applying a patch before doing so is essential.
Qualcomm and Arm have been forced to release security updates to patch several zero-day vulnerabilities exploited in recent targeted attacks against their chips.
The four vulnerabilities are:
- CVE-2023-33106: A use-after-free vulnerability in the Adreno GPU driver
- CVE-2023-33107: A use-after-free vulnerability in the Compute DSP driver
- CVE-2022-22071: A possible use-after-free vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
- CVE-2023-33063: A buffer copy without checking the size of input vulnerability in the WLAN firmware.