BACKGROUND
A new botnet named DreamBus is a malware with worm-like behavior that can propagate itself both across the Internet and literally through compromised internal networks using a variety of techniques. It installs the XMRig crypto miner on powerful enterprise-class Linux and Unix systems with the goal of using their computing power to Mine Monero cryptocurrency.
Background
FireEye has uncovered a widespread campaign, that they are tracking as UNC2452. The actors behind this campaign gained access to numerous public and private organizations around the world. They gained access to victims via trojanized updates to SolarWind’s Orion IT monitoring and management software. This incident may have begun as early as Spring 2020 and is currently ongoing. Post compromise activity following this supply chain compromise has included lateral movement and data theft.
BACKGROUND
A new strain of Adrozek malware infects devices and modifies browser settings in order to inject ads into search results pages so that the attackers can collect fees from referral programs. The malware can also extract credentials from the browser and upload them to the attacker's servers.
BACKGROUND
A Remote Code Execution vulnerability has been identified in MS Teams desktop app which can be triggered by a novel XSS (Cross-Site Scripting) injection in teams.microsoft.com. A specifically crafted chat message can be sent to any Microsoft Teams member or channel which will execute arbitrary code on a victim PC's with NO USER INTERACTION.
BACKGROUND
Three high-severity security update patches for Cisco appliances have been released, which affects Webex Teams for Windows (CVE-2020-3535), its Identity Services Engine (CVE-2020-3467), and Video Surveillance 8000 Series IP Cameras (CVE-2020-3544).
IMPACT
CVE-2020-3467
Allow the attacker to modify parts of the configuration using authenticated user. The modified configuration could either allow unauthorized devices onto the network or prevent authorized devices from accessing the network