admin

admin

  • Joined: September 10, 2024
  • Articles: 4617

New BPFDoor Controller Facilitates Covert Lateral Movement in Linux Server Attacks

Apr 16, 2025
Cyber Espionage / Network Security

Cybersecurity researchers have discovered a new component linked to the BPFDoor backdoor, employed in cyber attacks targeting the telecommunications, finance, and retail sectors across South Korea, Hong Kong, Myanmar, Malaysia, and Egypt in 2024. “The controller can establish a reverse shell,” explained Trend Micro researcher Fernando Mercês in a technical report released earlier this week. “This capability permits lateral movement, enabling attackers to penetrate deeper into compromised networks and gain control over more systems or access sensitive data.” The campaign has been tentatively attributed to a threat group known as Earth Bluecrow, also referred to as DecisiveArchitect, Red Dev 18, and Red Menshen. The medium confidence level stems from the BPFDoor malware source code being leaked in 2022, suggesting it could have been adopted by other hacking entities. BPFDoor is a Linux backdoor that first emerged in…

New BPFDoor Controller Enhances Stealthy Lateral Movement in Linux Server Intrusions April 16, 2025 Recent findings by cybersecurity experts reveal the emergence of a new component linked to the BPFDoor backdoor, spotlighting a sophisticated wave of cyber attacks that targeted…

Russian Hackers Target Ukraine Aid Logistics Through Email and VPN Vulnerabilities

May 21, 2025
Cyber Espionage / Vulnerability

State-sponsored Russian cyber actors have been linked to a campaign focused on Western logistics and tech firms since 2022. This activity is attributed to APT28 (also known as BlueDelta, Fancy Bear, or Forest Blizzard), connected to the Russian GRU’s 85th Main Special Service Center, Military Unit 26165. Key targets include companies involved in the coordination and delivery of international aid to Ukraine, as highlighted in a joint advisory from agencies across Australia, Canada, Czechia, Denmark, Estonia, France, Germany, the Netherlands, Poland, the United Kingdom, and the United States. The bulletin notes that this cyber-espionage campaign employs a range of previously identified tactics and is likely linked to broader efforts aimed at IP cameras in Ukraine and neighboring NATO countries.

Russian Hackers Target Email and VPN Vulnerabilities to Monitor Ukraine Aid Operations May 21, 2025 Cyber Espionage / Vulnerability In a troubling development, Russian cyber threat actors have initiated a state-sponsored campaign aimed at infiltrating Western logistics and technology sectors,…

Urgent: Microsoft Releases Security Patches for 97 Vulnerabilities, Including Active Ransomware Threat

April 12, 2023
Patch Tuesday / Software Updates

On the second Tuesday of the month, Microsoft has issued security updates addressing a total of 97 vulnerabilities within its software. Notably, one of these flaws is currently being exploited in active ransomware attacks. Of the 97 issues, seven are classified as Critical and 90 as Important. The updates notably include 45 remote code execution flaws and 20 elevation of privilege vulnerabilities. This release follows previous fixes for 26 vulnerabilities found in the Edge browser over the past month. The actively exploited flaw is CVE-2023-28252 (CVSS score: 7.8), a privilege escalation vulnerability within the Windows Common Log File System (CLFS) Driver. According to Microsoft’s advisory, “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” with credit given to researchers Boris Larin, Genwei Jiang, and Quan Jin for their discovery. CVE-2023-28252 represents the fourth privilege escalation flaw recently identified…

Microsoft Releases Critical Patches for 97 Vulnerabilities, Addressing Active Ransomware Threat On April 12, 2023, Microsoft introduced a substantial set of security updates aimed at rectifying a total of 97 vulnerabilities across its software ecosystem. Among these, one particular flaw…

Citrix NetScaler Devices Targeted in New Wave of Attacks

Network Firewalls, Network Access Control, Security Operations Citrix Releases Patches Following Exploitation of Memory Overflow Vulnerability David Perera (@daveperera) • August 26, 2025 Image: Ken Wolter/Shutterstock Citrix’s NetScaler users are being urged to apply critical patches following the discovery of…

Navigating New Cyber Threats: The Shift from Third-Party Vendors to U.S. Tariffs in Supply Chain Security

Apr 16, 2025
Artificial Intelligence / Software Security

Introduction
Cyber threats aimed at supply chains are becoming increasingly concerning for businesses across various sectors. As companies deepen their reliance on third-party vendors, cloud services, and global logistics, cybercriminals are seizing opportunities to exploit vulnerabilities in these interconnected systems. By first targeting a third-party vendor with unnoticed security flaws, attackers can establish a foothold, using these weaknesses to penetrate the networks of primary business partners. This allows them to move laterally through vital systems, ultimately accessing sensitive data, financial assets, intellectual property, or even operational controls. Recent high-profile incidents, such as the 2024 ransomware attack on Change Healthcare—one of the largest health payment processing firms—illustrate how attackers can disrupt supply chain operations and compromise millions of patients’ protected health information (PHI), stealing up to 6TB of data.

New Cyber Threats Emerging in Supply Chains: From Third-Party Vendors to U.S. Tariffs April 16, 2025 Artificial Intelligence / Software Security As businesses increasingly rely on third-party vendors and cloud services, cyber threats targeting supply chains have surged to the…

Critical Flaws in Versa Concerto Allow Attackers to Escape Docker and Compromise Hosts

May 22, 2025
Vulnerability / Software Security

Cybersecurity researchers have identified several severe vulnerabilities within the Versa Concerto network security and SD-WAN orchestration platform. Exploitation of these flaws could potentially grant attackers control over vulnerable instances. Despite responsible disclosure on February 13, 2025, these issues remain unpatched, leading to a public announcement after the 90-day window expired. According to ProjectDiscovery researchers Harsh Jaiswal, Rahul Maini, and Parth Malhotra, “When combined, these vulnerabilities could enable an attacker to fully compromise both the application and the host system.” The vulnerabilities include:

  • CVE-2025-34025 (CVSS score: 8.6): A privilege escalation and Docker container escape vulnerability resulting from unsafe default mounting of host binary paths, potentially allowing code execution on the host system.

Critical Security Vulnerabilities in Versa Concerto Expose Hosts to Exploitation May 22, 2025 Vulnerability / Software Security Recent investigations by cybersecurity experts have illuminated serious security weaknesses within the Versa Concerto network security and SD-WAN orchestration platform. These critical vulnerabilities…

Lazarus Hacker Group Adapts Tactics, Tools, and Targets in DeathNote Campaign

The North Korean cyber threat group known as Lazarus has been observed changing its strategies and rapidly enhancing its tools within its ongoing DeathNote campaign. While historically focused on the cryptocurrency sector, recent attacks have also expanded to include the automotive, academic, and defense sectors in Eastern Europe and beyond. This shift is seen as a major change in approach. Kaspersky researcher Seongsu Park noted that the group has switched its decoy documents to job descriptions for defense contractors and diplomatic services, marking a strategic pivot that began in April 2020. This campaign is also identified by other names such as Operation Dream Job or NukeSped, with Google-owned Mandiant linking certain activities to this evolving threat.

Lazarus Hacker Group Adapts Strategies in Ongoing DeathNote Campaign April 13, 2023 Cyber Attack / Cyber Threat The Lazarus Group, a North Korean cyber threat actor, has been observed refining its strategies and expanding its targets in an ongoing campaign…