Tag

Magnet Goblin

All articles tagged with #magnet goblin

cybersecurity1 year ago•2 min saved

"Rising Threat: Magnet Goblin Exploits 1-Day Vulnerabilities to Install Linux Malware"

Researchers have discovered a previously unseen Linux variant of the NerbianRAT malware, which has been circulating for at least two years and is installed through the exploitation of recently patched vulnerabilities. The malware, attributed to the threat actor Magnet Goblin, is used to steal credentials and has been deployed through 1-day vulnerabilities in various software, including Ivanti Secure Connect, Magento, and Qlink Sense. Checkpoint Research also identified a smaller version of the malware, MiniNerbian, used for backdooring servers running the Magento ecommerce platform. The Linux version of NerbianRAT lacks protective measures and has been observed stealing VPN credentials and connecting to attacker-controlled IPs.

via Ars Technica|

#1-day-exploits #checkpoint-research #credential-stealer

cybersecurity1 year ago•1 min saved

Magnet Goblin Group Exploits 1-Day Vulnerabilities to Deploy Custom Linux Malware

The financially motivated threat actor group Magnet Goblin is rapidly incorporating one-day security vulnerabilities to breach edge devices and public-facing services, deploying the Nerbian RAT and MiniNerbian on compromised hosts. Their attacks have targeted unpatched Ivanti Connect Secure VPN, Magento, Qlik Sense, and possibly Apache ActiveMQ servers, with the group active since at least January 2022. The deployed malware allows for execution of arbitrary commands and exfiltration of results to a command-and-control server, with the group also utilizing tools such as WARPWIRE JavaScript credential stealer, Ligolo tunneling software, and legitimate remote desktop offerings.

via The Hacker News|

#1-day-exploits #cybersecurity #endpoint-security

cybersecurity1 year ago•2 min saved

"Exploiting 1-Day Flaws: Magnet Goblin Hackers Deploy Custom Linux Malware"

The financially motivated hacking group Magnet Goblin is exploiting 1-day vulnerabilities to deploy custom malware on Windows and Linux systems, targeting devices and services such as Ivanti Connect Secure, Apache ActiveMQ, ConnectWise ScreenConnect, Qlik Sense, and Magento. The group uses custom malware including NerbianRAT and MiniNerbian, with a Linux variant of NerbianRAT identified. Check Point warns that identifying such threats among the volume of 1-day exploitation data is challenging, emphasizing the importance of quick patching and additional security measures to mitigate potential breaches.

via BleepingComputer|

#1-day-vulnerabilities #check-point #cybersecurity