CISA confirms new cybersecurity incidents

Share post:

The Cybersecurity and Infrastructure Security Agency (CISA) has confirmed new cybersecurity incidents, shedding light on the tactics employed by the hackers.

In one incident, hackers potentially with government support, successfully breached two US federal agencies by exploiting vulnerabilities in outdated software. They used a flaw in the Progress Telerik user interface (UI) for ASP.NET AJAX and a .NET deserialization flaw in the Microsoft Internet Information Services (IIS) web server.

They also targeted another outdated vulnerability, CVE-2017-9248, in the Telerik UI for ASP.NET AJAX DialogHandler component. The hackers engaged in harmful activities like uploading malicious scripts, downloading and deleting sensitive files, and making unauthorized changes in the agency networks.

In another instance, VulnCheck researchers discovered malicious actors pretending to be security researchers and shared fake proof-of-concept exploits for zero-day vulnerabilities on GitHub and Twitter. They claimed these exploits exposed flaws in popular products like Signal, WhatsApp, Chrome, Exchange, and Discord. However, these exploits actually contained malware that targeted both Windows and Linux machines.

In a third instance, Kaspersky’s analysis of the dark web reveals that ransomware is the most common type of malware, making up 58% of all malware families from 2015 to 2022. Infostealers ranked second at 24%, while botnets, loaders, and backdoors accounted for the remaining 18%. The report also noted a rise in ransomware activities since 2021, while mentions of botnets, backdoors, and loaders decreased.

The sources for this piece include an article in TheRegister.

SUBSCRIBE NOW

Related articles

Hackers Plant False Memories in ChatGPT to Steal User Data

A security researcher has uncovered a vulnerability in ChatGPT that could allow hackers to store false information and...

“Octo2” Trojan Targets Bank Accounts by Posing as VPN or Chrome Apps on Android

A new malware variant called “Octo2” is spreading across Android devices by posing as popular apps like NordVPN...

Evilginx – Open source tool can bypass Multi-Factor Authentication (MFA)

Security vendor Abnormal Security is reporting a new cybersecurity tool that is gaining traction among cybercriminals. The tool,...

Kaspersky’s exit from US market frightens some customers

Kaspersky, the Russian cybersecurity firm, has unexpectedly removed its antivirus software from U.S. customers' computers, replacing it with...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways