GreyKeep Security
Expert security for an evolving digital age
Researchers at Security Joes recently discovered threat actors leveraging critical vulnerabilities in MinIO to infiltrate a cloud network. According to the blog post, the attack represents a novel approach to compromising cloud assets using non-native solutions.
[Read more…] about MinIO Exploit Reveals Novel Cloud Attack Vector
The FBI and Justice Department spearheaded an international law enforcement effort to dismantle the Qakbot botnet. The operation, codenamed “Operation Duck Hunt”, involved agencies from the United States, France, Germany, Latvia, the Netherlands, Romania, and the United Kingdom. Hailed as “the largest U.S.-led financial and technical disruption of a botnet infrastructure leveraged by cybercriminals,” the operation led to the seizure of $8.6 million in illicit cryptocurrency profits.
[Read more…] about FBI Takes Down Qakbot Botnet in “Duck Hunt”
A suspected Chinese hacking group (tracked as UNC4841) continues to target compromised Barracuda appliances in government, high tech, and information technology sectors. The group originally targeted organizations worldwide by exploiting a zero-day vulnerability discovered in Barracuda Email Security Gateway (ESG). Mandiant initially detailed the 8-month-long espionage campaign in a blog post on June 15, 2023. The vulnerability, reported as CVE-2023-2868, allows for remote command execution on the target appliance while processing .tar files containing specially crafted file names.
[Read more…] about Chinese Hackers Continue Espionage Campaign Despite Barracuda Remediation
Your daily dose of relevant cybersecurity advisories, industry news, and product updates for August 30, 2023.
This is the GreyKeep Security Malware Roundup for August 29, 2023. Here’s a summary of what’s in this week’s edition:
Targets
| MacOS Adobe ColdFusion MOVEit Transfer WinRAR Openfire XMPP Ivanti Sentry Roblox | Juniper SRX Cisco Nexus 3000/9000 (NX-OS) Citrix NetScaler Barracuda ESG EsafeNet Cobra DocGuard IoT devices |
Organizations
| U.S. government Rust developers Roblox developers | Taiwan Hong Kong Metropolitan Police Service |