How Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware

Kanpur, India – September 23, 2024 – A sophisticated cyber-espionage campaign orchestrated by a China-linked group, dubbed “Earth Baxia,” has been uncovered, targeting several Asia-Pacific (APAC) nations. The attackers exploited a vulnerability in the open-source GeoServer software, identified as CVE-2024-36401, to deploy the EAGLEDOOR malware, compromising critical infrastructure and government agencies across the region12. The Attack Vector…

Read More

Europol Dismantles Massive Phishing Operation Stealing Mobile Phone Credentials

September 20, 2024 – In a significant victory against cybercrime, Europol has successfully dismantled a major phishing network known as iServer. This international operation, codenamed “Operation Kaerb,” targeted a phishing-as-a-service (PhaaS) platform that had been exploiting mobile phone credentials on a massive scale. The iServer platform, primarily operated by Spanish-speaking criminals, was responsible for unlocking…

Read More

Critical Ivanti Cloud Vulnerability Exploited in a Attack

September 19, 2024 – In a concerning development for cybersecurity professionals, Ivanti has disclosed that a critical vulnerability in its Cloud Service Appliance (CSA) is being actively exploited by threat actors. The vulnerability, tracked as CVE-2024-8963, allows attackers to bypass admin authentication and execute arbitrary commands on unpatched appliances12. Details of the Vulnerability The flaw affects Ivanti…

Read More

New “Raptor Train” IoT Botnet Compromises Over 200,000 Devices Worldwide

September 18, 2024 – Cybersecurity researchers have uncovered a massive new botnet, dubbed “Raptor Train,” which has compromised over 200,000 Internet of Things (IoT) devices globally. This botnet, believed to be operated by a Chinese nation-state threat actor known as Flax Typhoon, has been active for several years, targeting critical infrastructure and various organizations worldwide12. Botnet Details…

Read More
solarwinds

SolarWinds Patches Critical ARM Vulnerability Enabling RCE Attacks

September 18, 2024 – SolarWinds has released a critical patch for its Access Rights Manager (ARM) software, addressing a severe remote code execution (RCE) vulnerability. The flaw, identified as CVE-2024-28991, has been rated with a critical severity score of 9.0 out of 10, highlighting the urgency for users to update their systems immediately12. Vulnerability Details The vulnerability,…

Read More
RustDoor Malware linkedin

North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware

September 16, 2024 – In a concerning development, cybersecurity experts have raised alarms over North Korean hackers targeting cryptocurrency users on LinkedIn using a sophisticated malware known as RustDoor. This alarming trend highlights the increasing sophistication of cyber threats aimed at the financial sector, particularly decentralized finance (DeFi) and cryptocurrency businesses. The Nature of the Attack…

Read More
Hadooken Malware

New Hadooken Malware Targets Oracle WebLogic Servers

September 16, 2024 – Oracle WebLogic Server, a key platform for developing and managing enterprise applications, has become the latest target of a new Linux malware named “Hadooken.” This malware, discovered by Aqua Nautilus researchers, is exploiting weak admin credentials to infiltrate systems. Malware Details Hadooken malware is designed to exploit Oracle WebLogic servers by leveraging…

Read More