Attackers Crafted Custom Malware for Fortinet Zero-Day

Click here to subscribe to Informationweek.com

Categories: Services | Professionals Business goods Financially Kantoor Marketing Retail Retail Industry Machines Age: 14 until 18 year 19 until 30 year 31 until 64 years

1 year ago

Html
Text

The "BoldMove" backdoor demonstrates a high level of knowledge of FortiOS, according to Mandiant researchers, who said the attacker appears to be based out of China.

Follow Dark Reading:

January 20, 2023

LATEST SECURITY NEWS & COMMENTARY

Attackers Crafted Custom Malware for Fortinet Zero-Day The "BoldMove" backdoor demonstrates a high level of knowledge of FortiOS, according to Mandiant researchers, who said the attacker appears to be based out of China. EmojiDeploy Attack Chain Targets Misconfigured Azure Service Multiple misconfigurations in a service that underpins many Azure features could have allowed an attacker to remotely compromise a cloud user's system. PayPal Breach Exposed PII of Nearly 35K Accounts The credential-stuffing attack, likely fueled by password reuse, yielded personal identifiable information that can be used to verify the authenticity of previously stolen data. Cybercriminals Target Telecom Provider Networks The growing use of mobile devices for MFA and the proliferation of 5G and VoIP in general could result in more attacks in future, experts say. Ethically Exploiting Vulnerabilities: A Play-by-Play There's a fine line between a hacker and an attacker, but it pays to be proactive. Consider tests by ethical hackers, a red team, or pen testers, and then bolster your company's defenses against malicious attacks. Massive Adware Campaign Shuttered Mainly Apple iOS in-app ads were targeted, injecting malicious JavaScript code to rack up phony views. Name That Toon: Poker Hand Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. MORE NEWS / MORE COMMENTARY


HOT TOPICS
Vulnerable Historian Servers Imperil OT Networks These specialized database servers, which collect and archive information on device operation, often connect IT and OT networks. ChatGPT Opens New Opportunities for Cybercriminals: 5 Ways for Organizations to Get Ready From updating employee education and implementing stronger authentication protocols to monitoring corporate accounts and adopting a zero-trust model, companies can better prepare defenses against chatbot-augmented attacks. Cybersecurity and the Myth of Quiet Quitting People are working harder than ever, but they're not happy about it — and the insider threat is all too real. MORE

EDITORS' CHOICE

ICS Confronted by Attackers Armed With New Motives, Tactics, and Malware Threat actors are diversifying across all aspects to attack critical infrastructure, muddying the threat landscape, and forcing industrial organizations to rethink their security. LATEST FROM THE EDGE
3 Lessons Learned in Vulnerability Management In 2022, multiple high-profile vulnerabilities like Log4j and OpenSSL provided important takeaways for future public reporting. LATEST FROM DR TECHNOLOGY
Software Supply Chain Security Needs a Bigger Picture SBOMs aren't enough. OpenSSF's Alpha-Omega brings in new blood to help secure the open source projects most impactful to the software supply chain.

WEBINARS

Every DDoS Resilience and Response Playbook Should Include These Things

Cyber attackers can level organizations with a distributed denial-of-service (DDoS) attack. How do security teams keep stakeholders informed when services are down? Who do they call to remediate the incident and make sure the attackers don't knock everything down again? ...

The Craziest Cyberattacks Seen In the Wild and How You Can Avoid Them

It feels like we hear about a new devastating cyberattack in the news every day. And attack methods seem to be proliferating at an exponential rate. So, which tactics should you be aware of beyond standard "click and infect" attack ...

View More Dark Reading Webinars >>

WHITE PAPERS

How Machine Learning, AI & Deep Learning Improve Cybersecurity State of Email Security Ransomware Resilience and Response: The Next-Generation Ransomware Is On The Rise State of Ransomware Readiness: Facing the Reality Gap How Hybrid Work Fuels Ransomware Attacks

View More White Papers >>

FEATURED REPORTS

10 Hot Talks From Black Hat USA 2022

Black Hat USA brings together cutting-edge research, new security tools, and sophisticated defensive techniques over the course of two days. There were some recurring themes across the sessions, and many of these topics are going to be important issues to ...

The Promise and Reality of Cloud Security

Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises ...

How Machine Learning, AI & Deep Learning Improve Cybersecurity

View More Dark Reading Reports >>

PRODUCTS & RELEASES

Roaming Mantis Uses DNS Changers to Target Users via Compromised Public Routers SynSaber Releases ICS Vulnerabilities & CVEs Report Covering Second Half of 2022 The Media Industry Is the Most Vulnerable to Cyber Attacks, Report Shows SecurityGen Identifies the Cybersecurity Priorities for Mobile Operators in 2023 KnowBe4 to Offer $10,000 Women in Cybersecurity Scholarship and (ISC) 2 Certification Education Package International Council of E-Commerce Consultants Launches Cybersecurity Essentials Professional Certificate Program on edX MORE PRODUCTS & RELEASES

CURRENT ISSUE

The Promise and Reality of Cloud Security
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES

Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA

To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.

Thoughts about this newsletter? Give us feedback.

Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:

If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.

We take your privacy very seriously. Please review our Privacy Statement.

Share on

Other newsletters from Informationweek.com

Cisco Report: Enterprises Ill-prepared to Realize AI’s Potential Informationweek.com
9 hours ago
Ransomware Attack on Blue Yonder Hits Starbucks, Supermarkets | Fancy Bear's Nearest Neighbor Uses Nearby Wi-Fi Network Informationweek.com
Yesterday at 18:44
How to Create an Accurate IT Project Timeline Informationweek.com
Yesterday at 16:01

More newsletters from Informationweek.com

Related newsletters

View other categories

Services | Professionals Business goods Financially Kantoor Marketing Retail Retail Industry Machines