[HackerNews] Experts Detail Malicious Code Dropped Using ManageEngine ADSelfService Exploit

At least nine entities across the technology, defense, healthcare, energy, and education industries were compromised by leveraging a recently patched critical vulnerability in Zoho’s ManageEngine ADSelfService Plus self-service password management and single sign-on (SSO) solution.
The spying campaign, which was observed starting September 22, 2021, involved the threat actor taking advantage of

Source: Read More (The Hacker News)

You might be interested in …

[ThreatPost] Hackers Crack Pirated Games with Cryptojacking Malware

All posts, ThreatPost

Threat actors have so far made about $2 million from Crackonosh, which secretly mines Monero cryptocurrency from affected devices. Source: Read More (Threatpost)

Read More

[SecurityWeek] Cisco Patches High-Risk Flaw in ASA, FTD Software

All posts, Security Week

Cisco on Thursday released patches for a high severity vulnerability in the Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software, warning that exploitation could lead to crippling denial-of-service attacks. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[NCSC-NL] Domains used by Flubot malware now known

All posts, NCSC-NL

Flubot is mobile-phone malware that spreads via links in SMS messages. Last month, the Dutch police warned of this malicious app and related misleading messages about packages. Currently, the domain names are know that the Flubot malware (version 4.6 and earlier) uses for communication with the command-and-control server. The NCSC has shared the list with […]

Read More