The Red Cross is asking hackers not to leak confidential information online as one of…
When the attack became known, representatives of the Red Cross asked the hackers “not to share, sell, disclose or use this data in any other way.”
Now the International Committee of the Red Cross (ICRC) has submitted a more detailed report on the incident. It turned out that the attack took place back in November 2021, and the attackers were present on the organization’s network for several months (until it was discovered on January 18, 2022).
The Red Cross said the hackers used an exploit for the CVE-2021-40539 vulnerability to penetrate the network. This bug affects Zoho ManageEngine ADSelfService Plus, a password management and SSO solution from the Indian company Zoho. The vulnerability allows attackers to bypass authentication, host web shells on the target’s servers, and then traverse the network and compromise administrator credentials.
While it was initially unclear who was behind the attack, the Red Cross now says that the “advanced hacking tools” used for the hack are typically used by APT groups and are not available to ordinary hackers. This abbreviation stands for “advanced persistent threat” and is usually used to refer to hacker groups sponsored by the authorities and following their orders.
Let me remind you that we also wrote that 38 Million User Records Leaked Due to Misconfiguration of Microsoft Power Apps.
News-bpudepi.today is a domain that tries to trick you into subscribing to its browser notifications…
Doguhtam.xyz is a site that tries to trick you into subscribing to its browser notifications…
News-xlixoti.com is a site that tries to force you into subscribing to its browser notifications…
Ducesousightion.com is a domain that tries to trick you into clik to its browser notifications…
News-xlabica.live is a domain that tries to trick you into clik to its browser notifications…
Mergechain.co.in is a site that tries to trick you into subscribing to its browser notifications…