Cyber Threat Vulnerability News

The latest cyber threat vulnerability stories, summarized by AI

cyber-threat-vulnerability1.885 min read

Cisco Devices Hacked with Evading Backdoor Implant and Zero-Day Exploits

The backdoor implant on hacked Cisco devices, which exploited zero-day flaws in IOS XE software, has been modified by the threat actor to evade detection. The implant now only responds if the correct Authorization HTTP header is set, making it harder to detect. Cisco has started rolling out security updates to address the issues, but the exact identity of the threat actor is unknown. The number of compromised devices has decreased from 40,000 to a few hundred, possibly due to under-the-hood changes. Over 37,000 devices are still observed to be compromised.

2 years ago•Source: The Hacker News

WinRAR Vulnerability Exposes Users to State-Backed Threat Actors

cyber-threat-vulnerability

2.245 min•2 years ago

WinRAR Vulnerability Exposes Users to State-Backed Threat Actors

State-backed threat actors from Russia and China have been exploiting a security flaw in the WinRAR archiver tool for Windows, known as CVE-2023-38831, which allows arbitrary code execution. Google Threat Analysis Group (TAG) has identified three different clusters involved in the exploitation: FROZENBARENTS (aka Sandworm), FROZENLAKE (aka APT28), and ISLANDDREAMS (aka APT40). These threat actors have been launching phishing campaigns and distributing malicious ZIP files containing the exploit to target organizations in Ukraine and Papua New Guinea. The attacks result in the deployment of various malware, including commodity stealers and backdoors. The widespread exploitation of this known vulnerability highlights the effectiveness of such exploits, even when patches are available.

via The Hacker News

Featured Cyber Threat Vulnerability Stories

Cisco Devices Hacked with Evading Backdoor Implant and Zero-Day Exploits

WinRAR Vulnerability Exposes Users to State-Backed Threat Actors

More Cyber Threat Vulnerability Stories