The ransomware group LAPSUS$, now well-known as the hackers responsible for the recent Okta breach, has returned from what they refer to as a “vacation,” this time with a leak impacting Globant, a large software company based in Luxembourg.
The group, who, according to media reports is largely comprised of teens in the United Kingdom, broadcast the announcement to the 50,000 members of their Telegram channel. Known for stealing data from large organizations then and threatening to publish it if ransom demands are not met, the group leaked 70GB of material from Globant that consisted of extracted data and credentials from the company’s DevOps infrastructure. Some of the stolen data includes administrator passwords found in the firm’s Atlassian suite, including Confluence and Jira, and the Crucible code review tool.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Connected Components Workbench. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Connected Components Workbench. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Connected Components Workbench. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Connected Components Workbench. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Threat: Backdoor.Win32.XLog.21
Vulnerability: Authentication Bypass Race Condition
Description: The malware listens on TCP port 5553. Third-party attackers
who can reach the system before a password has been set can logon using
default credentials of…
Threat: Backdoor.Win32.Xingdoor
Vulnerability: Denial of Service
Description: The malware “System_XingCheng” listens on TCP port 7016.
Attackers who can send a specially crafted packet, can trigger an int 3
“xcc” breakpoint debug…
Threat: Backdoor.Win32.Wisell
Vulnerability: Stack Buffer Overflow (SEH)
Description: The malware listens on TCP port 5277. Attackers who can reach
the infected system can send a specially crafted packet triggering a stack
buffer overflow overwriting…
