The method, known as Bring Your Own Interpreter (BYOI), involves use of an interpreter, not present on a system by default, to run malicious code of an interpreted programming or scripting language.

Successful exploitation of this vulnerability allows an attacker to upload an arbitrary file with arbitrary names and extensions, leading to Remote Code Execution (RCE) on the targeted web server.

Pro-Ocean uses known vulnerabilities to target cloud applications. Additionally, it attempts to remove other malware and miners including Luoxk, BillGates, XMRig, and Hashfish before installation.

The actor used the BumbleBee webshell to upload and download files to and from the compromised Exchange server, but more importantly, to move laterally to other servers on the network.

The recent campaign has targeted German, Italian and Japanese speakers. TA551 has historically pushed different families of information-stealing malware like Ursnif and Valak.

While this is not the first software supply-chain compromise, it may be the most notable, as the attacker was trying to gain widespread, persistent access to a number of critical networks.

NIS 2 seeks to promote voluntary cyberthreat information sharing by directing Member States to ensure that covered entities can share cyberthreat information among themselves to improve cybersecurity.

On December 4, 2020, the Kubernetes Product Security Committee disclosed a new medium-severity vulnerability (CVE-2020-8554) affecting all Kubernetes versions and is currently unpatched.

Unit 42 researchers have been tracking the threat group AridViper, which has been targeting the Middle Eastern region, and identified a new information stealer with relations to the MICROPSIA malware.

Unit 42 researchers uncovered a novel Linux-based cryptocurrency mining botnet that exploits a disputed PostgreSQL remote code execution (RCE) vulnerability that compromises database servers for cryptojacking.