The malicious PoorTry kernel-mode Windows driver used by multiple ransomware gangs to turn off Endpoint Detection and Response (EDR) solutions has evolved into an EDR wiper, deleting files crucial for the operation of security solutions and making restoration harder. Though Trend Micro had warned about this functionality added on Poortry since May 2023, Sophos has…
Read MorePoortry/BurntCigar, first discovered by Mandiant, is a malicious kernel driver used in conjunction with a loader dubbed Stonestop that attempts to bypasses Microsoft Driver Signature Enforcement. Both the driver and the loader are heavily obfuscated by commercial or open-source packers, such as VMProtect, Themida or ASMGuard. The driver tries to disguise itself by using the…
Read MoreImage: MidjourneyThe APT33 Iranian hacking group has used new Tickler malware to backdoor the networks of organizations in the government, defense, satellite, oil and gas sectors in the United States and the United Arab Emirates. As Microsoft security researchers observed, the threat group (also tracked as Peach Sandstorm and Refined Kitten), which operates on behalf…
Read MoreThe research firm says GenAI-powered attacks and AI-related data leaks are two growing concerns that are fueling security investments. Spending on cybersecurity-related services will continue on its growth tear in 2025 as both the cyber talent shortage and cyberattacks—including threats powered by generative AI—remain top concerns for organizations, according to Gartner. The research firm released…
Read MoreDICK’S Sporting Goods, the largest chain of sporting goods retail stores in the United States, disclosed that confidential information was exposed in a cyberattack detected last Wednesday. Founded in 1948, DICK’S operates 857 stores across the United States and has reported $12.98 billion in revenue in 2023. As of February 2024, the Fortune 500 company…
Read MoreGoogle has more than doubled payouts for Google Chrome security flaws reported through its Vulnerability Reward Program, with the maximum possible reward for a single bug now exceeding $250,000. Starting today, the search giant will differentiate memory corruption vulnerabilities depending on the quality of the report and the researcher’s drive to find the full impact of…
Read MoreAn Iran-based hacking group known as Pioneer Kitten is breaching defense, education, finance, and healthcare organizations across the United States and working with affiliates of several ransomware operations to extort the victims. The threat group (also tracked as Fox Kitten, UNC757, and Parisite) has been active since at least 2017 and is believed to have…
Read MoreFortra is warning of a critical hardcoded password flaw in FileCatalyst Workflow that could allow attackers unauthorized access to an internal database to steal data and gain administrator privileges. The hardcoded password can be used by anyone to remotely access an exposed FileCatalyst Workflow HyperSQL (HSQLDB) database, gaining unauthorized access to potentially sensitive information. Additionally,…
Read MoreAug 28, 2024Ravie LakshmananVulnerability / Data Security Fortra has addressed a critical security flaw impacting FileCatalyst Workflow that could be abused by a remote attacker to gain administrative access. The vulnerability, tracked as CVE-2024-6633, carries a CVSS score of 9.8, and stems from the use of a static password to connect to a HSQL database.…
Read MoreThe one-of-a-kind security conference is just a few weeks away. This is it. Time to register. Right now. Security practitioners: It’s go time. mWISE™ runs from September 18 – 19 in Denver, just a few weeks from today. This is the moment to book your travel, choose your sessions, and start feeling the excitement. If you…
Read More