GreyKeep Security Blog - Page 5 of 9

Chinese Hackers Continue Espionage Campaign Despite Barracuda Remediation

greykeep · August 31, 2023 ·

A suspected Chinese hacking group (tracked as UNC4841) continues to target compromised Barracuda appliances in government, high tech, and information technology sectors. The group originally targeted organizations worldwide by exploiting a zero-day vulnerability discovered in Barracuda Email Security Gateway (ESG). Mandiant initially detailed the 8-month-long espionage campaign in a blog post on June 15, 2023. The vulnerability, reported as CVE-2023-2868, allows for remote command execution on the target appliance while processing .tar files containing specially crafted file names.

[Read more…]

Cybersecurity Daily: August 30, 2023

greykeep · August 30, 2023 ·

GreyKeep Security Cybersecurity Daily News

Your daily dose of relevant cybersecurity advisories, industry news, and product updates for August 30, 2023.

Advisories

[Read more…]

Roblox and Rust Developers Targeted With Malicious Packages

greykeep · August 30, 2023 ·

Software developer coding in a dark room on two monitors — Photo by Mohammad Rahmani

Using a technique known as typosquatting, hackers attempt to lure unsuspecting Roblox and Rust developers into downloading malicious software packages from the npm package repository and Rust Crates.io registry.

[Read more…]

Weekly Malware Roundup – August 29, 2023

greykeep · August 29, 2023 ·

This is the GreyKeep Security Malware Roundup for August 29, 2023. Here’s a summary of what’s in this week’s edition:

Targets

MacOS
Adobe ColdFusion
MOVEit Transfer
WinRAR
Openfire XMPP
Ivanti Sentry
Roblox

Juniper SRX
Cisco Nexus 3000/9000 (NX-OS)
Citrix NetScaler
Barracuda ESG
EsafeNet Cobra DocGuard
IoT devices

Organizations

U.S. government
Rust developers
Roblox developers

Taiwan
Hong Kong
Metropolitan Police Service

[Read more…]

Ransomware Campaign Targeting MOVEit Impacts 60 Million People

greykeep · August 28, 2023 ·

Background by Peter Gargiulo

As reported by security research firms Emsisoft and Resecurity, as many as 1,000 organizations and 60 million individuals have been affected by the recent ransomware campaign targeting a SQL injection vulnerability (CVE-2023-34362) in the MOVEit Transfer web application. An attacker can exploit the vulnerability to access file transfers without authentication.

[Read more…]