ZuoRAT Can Take Over Widely Used SOHO Routers
Devices from Cisco, Netgear and others at risk from the multi-stage malware, which has been active since April 2020 and shows the work of a sophisticated threat actor.
Vulnerabilities
Security Innovation: Secure Systems Start with Foundational Hardware
LIVE EVENT, MONDAY JULY 11: Join Threatpost and Intel Security’s Tom Garrison in a live conversation about innovation enabling stakeholders to stay ahead of a dynamic threat landscape and what Intel learned from their latest study in partnership with Ponemon Institue.
Patchable and Preventable Security Issues Lead Causes of Q1 Attacks
Attacks against U.S. companies spike in Q1 2022 with patchable and preventable external vulnerabilities responsible for bulk of attacks.
Researchers warn threat actors are using a novel remote code execution exploit to gain initial access to victim’s environments.
CISA warns that threat actors are ramping up attacks against unpatched Log4Shell vulnerability in VMware servers.
The APT is pairing a known Microsoft flaw with a malicious document to load malware that nabs credentials from Chrome, Firefox and Edge browsers.
Culture of ‘insecure-by-design’ security is cited in discovery of bug-riddled operational technology devices.
Evidence suggests that a just-discovered APT has been active since 2013.
A government-aligned attacker tried using a Microsoft vulnerability to attack U.S. and E.U. government targets.
The vulnerability remains unpatched on many versions of the collaboration tool and has potential to create a SolarWinds-type scenario.
