Security Bulletin
29 Aug 2024
Biztonsági szemle
Microchip Technology attack admitted by Play ransomware gang
While Microchip has not provided any comment regarding the claims, Play's admission a full week after the company's breach disclosure to the Securities and Exchange Commission reveals an extension from the 72-hour deadline given for a ransom payment.
29 Aug 2024
Biztonsági szemle
More advanced, stealthy LummaC2 malware variant emerges
After being downloaded through an obfuscated PowerShell command, the new LummaC2 variant facilitates the execution of an AES-encrypted second-stage payload, which would enable malicious code injection into a Windows process to establish command-and...
29 Aug 2024
Biztonsági szemle
EDR-killing capabilities added to PoorTry Windows driver
Despite being initially developed to disable security systems, PoorTry — also known as BurntCigar — has since been updated to allow the removal of security software's crucial dynamic link libraries and executable files in a RansomHub attack last...
29 Aug 2024
Biztonsági szemle
Mirai variant deployed via AVTECH security camera exploit
Such a flaw targets a security issue known since 2019 and could be leveraged to facilitate code injection.
29 Aug 2024
Biztonsági szemle
Internet-exposed Versa Director servers persist amid Volt Typhoon attacks
Internet-exposed Versa Director instances were from the U.S., Philippines, India, and Shanghai.
29 Aug 2024
Biztonsági szemle
WPS Office flaw exploited for SpyGlace backdoor delivery
Such a flaw, which could be leveraged for remote code execution, was concealed by APT-C-60 in a trojanized spreadsheet file that included a link, which would prompt the deployment of SpyGlace alongside a file stealing, command executing, and plugin...
29 Aug 2024
Biztonsági szemle
New Tickler malware leveraged by APT33 in US-, UAE-targeted attack campaign
APT33 leveraged now-disrupted Microsoft Azure subscriptions to commence password spraying attacks against the targeted entities, while using compromised education sector accounts to obtain additional infrastructure that was then utilized for...
29 Aug 2024
Biztonsági szemle
How Telecom Vulnerabilities Can Be a Threat to Cybersecurity Posture
Telecom-based attacks such as SMS toll fraud and 2FA hijacking have evolved into a mainstream concern for CISOs.
29 Aug 2024
Biztonsági szemle
State-backed attackers and commercial surveillance vendors repeatedly use the same exploits
We’re sharing an update on suspected state-backed attacker APT29 and the use of exploits identical to those used by Intellexa and NSO.
29 Aug 2024
Biztonsági szemle
SC Awards 2024: Celebrating the Finalists
Congratulations to the 2024 SC Awards finalists and a big 'Thank You' to the 50-plus judges and their careful considerations.
29 Aug 2024
Biztonsági szemle
Dragos Expands Asset Visibility in Latest Platform Update
The latest release of the Dragos Platform provide industrial and critical infrastructure organizations with complete and enriched view of their OT environment.
29 Aug 2024
Biztonsági szemle
2024 SC Awards Finalists: Best Managed Detection and Response Service
Managed detection and response services equip users with remote security operations center features.