Security Leftovers
-
Security Week ☛ Mozi Botnet Likely Killed by Its Creators
The recent shutdown of the Mozi botnet is believed to have been carried out by its creators, possibly forced by Chinese authorities.
-
Security Week ☛ Mass Exploitation of ‘Citrix Bleed’ Vulnerability Underway
Multiple threat actors are exploiting CVE-2023-4966, aka Citrix Bleed, a critical vulnerability in NetScaler ADC and Gateway.
-
Security Week ☛ MITRE Releases ATT&CK v14 With Improvements to Detections, ICS, Mobile
MITRE announces the release of ATT&CK v14, which brings enhancements related to detections, ICS, and mobile.
-
Security Week ☛ DPI: Still Effective for the Modern SOC?
There has been an ongoing debate in the security industry over the last decade or so about whether or not deep packet inspection (DPI) is dead.
-
Security Week ☛ Dozens of Kernel Drivers Allow Attackers to Alter Firmware, Escalate Privileges
VMware’s Threat Analysis Unit finds 34 new vulnerable kernel drivers that can be exploited to alter or erase firmware and escalate privileges.
-
Silicon Angle ☛ New Iranian state-sponsored hacking campaign uncovered
The Iranian hacking group Scarred Manticore, which has been linked to the country’s Ministry of Intelligence and Security, has been secretly running a digital spy ring across the Mideast. It has targeted government and large infrastructure companies such as telecom and financial services to steal data.
-
Security Week ☛ Malicious NuGet Packages Abuse MSBuild Integrations for Code Execution
Threat actors are constantly publishing malicious NuGet packages to automatically execute code on developers’ machines.