H  January(270)  February(364) March(400) April(276) May(343) June(373) July(336) August(388) September(287) October(58) November(67) December(107)  


DATE

NAME

Info

CATEG.

WEB

2.11.24

Attacker Abuses Victim Resources to Reap Rewards from Titan Network In this blog entry, we discuss how an attacker took advantage of the Atlassian Confluence vulnerability CVE-2023-22527 to connect servers to the Titan Network for cryptomining purposes. Vulnerebility blog

Trend Micro

2.11.24

Unmasking Prometei: A Deep Dive Into Our MXDR Findings How does Prometei insidiously operate in a compromised system? This Managed Extended Detection and Response investigation conducted with the help of Trend Vision One provides a comprehensive analysis of the inner workings of this botnet so users can stop the threat in its tracks before it inflicts damage to the system. BotNet blog

Trend Micro

2.11.24

Using gRPC and HTTP/2 for Cryptominer Deployment: An Unconventional Approach In this blog entry, we discuss how malicious actors are exploiting Docker remote API servers via gRPC/h2c to deploy the cryptominer SRBMiner to facilitate their mining of XRP on Docker hosts. Cryptocurrency blog

Trend Micro

2.11.24

Attackers Target Exposed Docker Remote API Servers With perfctl Malware We observed an unknown threat actor abusing exposed Docker remote API servers to deploy the perfctl malware. Malware blog

Trend Micro

2.11.24

Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network  Since August 2023, Microsoft has observed intrusion activity targeting and successfully stealing credentials from multiple Microsoft customers that is enabled by highly evasive password spray attacks. Microsoft has linked the source of these password spray attacks to a network of compromised devices we track as CovertNetwork-1658, also known as xlogin and Quad7 (7777). Hacking blog Microsoft Blog

2.11.24

New Iranian-based Ransomware Group Charges $2000 for File Retrieval The SonicWall Capture Labs threat research team has encountered a recently released ransomware from an Iranian team of hackers. The group has named themselves hackersadism. The group does not appear to be targeting large corporations at this time as they only charge $2000 in BNB (Binance coin crypto) for file restoration. The price for file retrieval is also negotiable. During our analysis, we were able to converse directly with the malware operator and negotiate payment. Ransom blog SonicWall

2.11.24

Command Injection and Local File Inclusion in Grafana: CVE-2024-9264 The SonicWall Capture Labs threat research team became aware of a critical vulnerability in Grafana, assessed its impact and developed mitigation measures. Grafana is a multi-platform open-source analytics and visualization solution that can produce charts, graphs and alerts according to the data. Vulnerebility blog SonicWall

2.11.24

New Iranian-based Ransomware Group Charges $2000 for File Retrieval The SonicWall Capture Labs threat research team has encountered a recently released ransomware from an Iranian team of hackers. The group has named themselves hackersadism. The group does not appear to be targeting large corporations at this time as they only charge $2000 in BNB (Binance coin crypto) for file restoration. The price for file retrieval is also negotiable. During our analysis, we were able to converse directly with the malware operator and negotiate payment. Ransom blog SonicWall

2.11.24

Code Injection in Spring Cloud: CVE-2024-37084 The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-37084, assessed its impact, and developed mitigation measures for this vulnerability. Vulnerebility blog SonicWall

2.11.24

A Look Into Embargo Ransomware, Another Rust-based Ransomware Embargo is a relatively new ransomware group that emerged in 2024. This group is known for using Rust-based malware and operating under a ransomware-as-a-service (Raas) model. Like many modern ransomware groups, Embargo employs double extortion tactics where they first exfiltrate sensitive data from their victims before encrypting their files. They then threaten to release the stolen data unless a ransom Is paid. Malware blog SonicWall

2.11.24

HORUS Protector Part 1: The New Malware Distribution Service Recently, the SonicWall threat research team came across a new malware distribution service called Horus Protector. Horus Protector is claiming to be a Fully Undetectable (FUD) crypter. We have observed a variety of malware families propagated by Horus Protector including AgentTesla, Remcos, Snake, NjRat and many others. Malware blog SonicWall

2.11.24

VMWare vCenter Server CVE-2024-38812 DCERPC Vulnerability CVE-2024-38812 is a critical heap-overflow vulnerability identified in VMware vCenter Server’s implementation of the DCERPC (Distributed Computing Environment/Remote Procedure Call) protocol. This flaw allows a malicious actor with network access to the vCenter Server to send specially crafted packets, potentially leading to remote code execution (RCE). The vulnerability, classified under CWE-122 (Heap-based Buffer Overflow), arises when memory allocated in the heap is improperly overwritten, leading to unpredictable behavior that could be exploited. Vulnerebility blog SonicWall

2.11.24

Insecure Deserialization in Veeam Backup and Replication: CVE-2024-40711 The SonicWall Capture Labs threat research team became aware of an insecure deserialization vulnerability in Veeam Backup & Replication, assessed its impact and developed mitigation measures. Veeam Backup & Replication is a proprietary backup app developed by Veeam for virtual environments built on VMware vSphere, Nutanix AHV and Microsoft Hyper-V hypervisors. Vulnerebility blog SonicWall

2.11.24

Jumpy Pisces Engages in Play Ransomware Unit 42 has identified Jumpy Pisces, a North Korean state-sponsored threat group associated with the Reconnaissance General Bureau of the Korean People's Army, as a key player in a recent ransomware incident. Our investigation indicates a likely shift in the group’s tactics. We believe with moderate confidence that Jumpy Pisces, or a faction of the group, is now collaborating with the Play ransomware group (Fiddling Scorpius). Ransom blog Palo Alto

2.11.24

Deceptive Delight: Jailbreak LLMs Through Camouflage and Distraction

This article introduces a simple and straightforward technique for jailbreaking that we call Deceptive Delight. Deceptive Delight is a multi-turn technique that engages large language models (LLM) in an interactive conversation, gradually bypassing their safety guardrails and eliciting them to generate unsafe or harmful content. AI blog Palo Alto

2.11.24

Jumpy Pisces Engages in Play Ransomware

Unit 42 has identified Jumpy Pisces, a North Korean state-sponsored threat group associated with the Reconnaissance General Bureau of the Korean People's Army, as a key player in a recent ransomware incident. Our investigation indicates a likely shift in the group’s tactics. We believe with moderate confidence that Jumpy Pisces, or a faction of the group, is now collaborating with the Play ransomware group (Fiddling Scorpius). Ransom blog Palo Alto

2.11.24

Gatekeeper Bypass: Uncovering Weaknesses in a macOS Security Mechanism

Unit 42 researchers have found that certain third-party utilities and applications pertaining to archiving, virtualization and Apple’s native command-line tools do not enforce the quarantine attribute. This can pose a threat to the integrity of a security feature on macOS known as Gatekeeper, which is responsible for ensuring that only trusted software runs on the system. A bypass of Gatekeeper could leave the user unprotected from risky applications that may attempt to execute malicious content. OS Blog Palo Alto

2.11.24

Talos IR trends Q3 2024: Identity-based operations loom large Credential theft was the main goal in 25% of incidents last quarter, and new ransomware variants made their appearance - read more about the top trends, TTPs, and security weaknesses that facilitated adversary actions. Cyber blog Cisco Blog

2.11.24

Threat actors use copyright infringement phishing lure to deploy infostealers * Cisco Talos has observed an unknown threat actor conducting a phishing campaign targeting Facebook business and advertising account users in Taiwan. * The decoy email and fake PDF filenames are designed to impersonate a company's legal department, attempting to lure the Phishing blog Cisco Blog

2.11.24

Threat Spotlight: WarmCookie/BadSpace WarmCookie is a malware family that emerged in April 2024 and has been distributed via regularly conducted malspam and malvertising campaigns. Malware blog Cisco Blog

2.11.24

Threat actor abuses Gophish to deliver new PowerRAT and DCRAT Cisco Talos recently discovered a phishing campaign using an open-source phishing toolkit called Gophish by an unknown threat actor. Malware blog Cisco Blog

2.11.24

NVIDIA shader out-of-bounds and eleven LevelOne router vulnerabilities Cisco Talos' Vulnerability Research team recently discovered five Nvidia out-of-bounds access vulnerabilities in shader processing, as well as eleven LevelOne router vulnerabilities spanning a range of possible exploits. For Snort coverage that can detect the exploitation of Vulnerebility blog Cisco Blog

2.11.24

Writing a BugSleep C2 server and detecting its traffic with Snort This blog will demonstrate the practice and methodology of reversing BugSleep’s protocol, writing a functional C2 server, and detecting this traffic with Snort. Cyber blog Cisco Blog

2.11.24

How LLMs could help defenders write better and faster detection Can LLM tools actually help defenders in the cybersecurity industry write more effective detection content? Read the full research AI blog Cisco Blog

2.11.24

Highlighting TA866/Asylum Ambuscade Activity Since 2021 TA866 (also known as Asylum Ambuscade) is a threat actor that has been conducting intrusion operations since at least 2020. Cyber blog Cisco Blog

2.11.24

UAT-5647 targets Ukrainian and Polish entities with RomCom malware variants Cisco Talos has observed a new wave of attacks active since at least late 2023, from a Russian speaking group we track as “UAT-5647”, against Ukrainian government entities and unknown Polish entities BigBrother blog Cisco Blog

2.11.24

Protecting major events: An incident response blueprint Go behind the scenes with Talos incident responders and learn from what we've seen in the field. Incident blog Cisco Blog

2.11.24

Ghidra data type archive for Windows driver functions Cisco Talos is releasing a GDT file on GitHub that contains various definitions for functions and data types. Malware blog Cisco Blog

2.11.24

Vulnerability in popular PDF reader could lead to arbitrary code execution; Multiple issues in GNOME project Talos also discovered three vulnerabilities in Veertu’s Anka Build, a suite of software designed to test macOS or iOS applications in CI/CD environments. Vulnerebility blog Cisco Blog

2.11.24

Largest Patch Tuesday since July includes two exploited in the wild, three critical vulnerabilities The two vulnerabilities that Microsoft reports have been actively exploited in the wild and are publicly known are both rated as only being of “moderate” severity. Vulnerebility blog Cisco Blog

2.11.24

Are hardware supply chain attacks “cyber attacks?” It shouldn’t just be viewed as a cybersecurity issue, because for a hardware supply chain attack, an adversary would likely need to physically infiltrate or tamper with the manufacturing process. Hacking blog Cisco Blog

2.11.24

Breaking Boundaries: Investigating Vulnerable Drivers and Mitigating Risks Have you ever wondered why there are so many vulnerable drivers and what might be causing them to be vulnerable? Do you want to understand why some drivers are prone to crossing security boundaries and how we can stop that? Vulnerebility blog Checkpoint

2.11.24

Operation MiddleFloor: Disinformation campaign targets Moldova ahead of presidential elections and EU membership referendum Beginning in early August, Check Point Research observed a cyber-enabled disinformation campaign primarily targeting Moldova’s government and education sectors. Acting ahead of Moldova’s elections on October 20th, attackers behind this campaign likely seek to foster negative perceptions of European values and the EU membership process in addition to Moldova’s current pro-European leadership, with the intent of influencing the outcome of the upcoming fall elections and national referendum. BigBrother blog Checkpoint

2.11.24

From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code In our previous post, Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models, we introduced our framework for large-language-model-assisted vulnerability research and demonstrated its potential by improving the state-of-the-art performance on Meta's CyberSecEval2 benchmarks. Since then, Naptime has evolved into Big Sleep, a collaboration between Google Project Zero and Google DeepMind. Vulnerebility blog Project Zero

2.11.24

The Windows Registry Adventure #4: Hives and the registry layout To a normal user or even a Win32 application developer, the registry layout may seem simple: there are five root keys that we know from Regedit (abbreviated as HKCR, HKLM, HKCU, HKU and HKCC), and each of them contains a nested tree structure that serves a specific role in the system Vulnerebility blog Project Zero

2.11.24

Effective Fuzzing: A Dav1d Case Study Late in 2023, while working on a 20% project with Project Zero, I found an integer overflow in the dav1d AV1 video decoder. That integer overflow leads to an out-of-bounds write to memory. Dav1d 1.4.0 patched this, and it was assigned CVE-2024-1580. Vulnerebility blog Project Zero

2.11.24

MacOS Malware Surges as Corporate Usage Grows As more companies adopt macOS for their corporate needs, attackers are adapting their techniques to get what they want OS Blog Trelix

2.11.24

Cyber Threats Targeting the US Government During the Democratic National Convention Trellix global sensors detected increased threat activities during the days that the Democratic National Convention (DNC) was held in August 2024, culminating into a massive spike in detections halfway through the convention. Our data indicate that these threat activities targeted a wide range of US government organizations, including regional democratic causes, state legislative offices, legislative data centers, election boards, local law enforcement agencies, and public transportation networks. BigBrother blog Trelix

2.11.24

Month in security with Tony Anscombe – October 2024 edition Election interference, American Water and the Internet Archive breaches, new cybersecurity laws, and more – October saw no shortage of impactful cybersecurity news stories Cyber blog

Eset

2.11.24

How to remove your personal information from Google Search results Have you ever googled yourself? Were you happy with what came up? If not, consider requesting the removal of your personal information from search results. Cyber blog

Eset

2.11.24

Don't become a statistic: Tips to help keep your personal data off the dark web You may not always stop your personal information from ending up in the internet’s dark recesses, but you can take steps to protect yourself from criminals looking to exploit it Cyber blog

Eset

2.11.24

Tony Fadell: Innovating to save our planet | Starmus highlights As methane emissions come under heightened global scrutiny, learn how a state-of-the-art satellite can pinpoint their sources and deliver the insights needed for targeted mitigation efforts Security blog

Eset

2.11.24

CloudScout: Evasive Panda scouting cloud services ESET researchers discovered a previously undocumented toolset used by Evasive Panda to access and retrieve data from cloud services APT blog

Eset

2.11.24

ESET Research Podcast: CosmicBeetle Learn how a rather clumsy cybercrime group wielding buggy malicious tools managed to compromise a number of SMBs in various parts of the world Cyber blog

Eset

2.11.24

Embargo ransomware: Rock’n’Rust Novice ransomware group Embargo is testing and deploying a new Rust-based toolkit Ransom blog

Eset

2.11.24

Google Voice scams: What are they and how do I avoid them? Watch out for schemes where fraudsters trick people into sharing verification codes so they can gain access to their phone numbers Spam blog

Eset

2.11.24

Threat actors exploiting zero-days faster than ever – Week in security with Tony Anscombe The average time it takes attackers to weaponize a vulnerability, either before or after a patch is released, shrank from 63 days in 2018-2019 to just five days last year Exploit blog

Eset

2.11.24

Protecting children from grooming | Unlocked 403 cybersecurity podcast (ep. 7) “Hey, wanna chat?” This innocent phrase can take on a sinister meaning when it comes from an adult to a child online – and even be the start of a predatory relationship Cyber blog

Eset

2.11.24

Quishing attacks are targeting electric car owners: Here’s how to slam on the brakes Ever alert to fresh money-making opportunities, fraudsters are blending physical and digital threats to steal drivers’ payment details Hacking blog

Eset

2.11.24

Aspiring digital defender? Explore cybersecurity internships, scholarships and apprenticeships The world needs more cybersecurity professionals – here are three great ways to give you an ‘in’ to the ever-growing and rewarding security industry Cyber blog

Eset

2.11.24

GoldenJackal jumps the air gap … twice – Week in security with Tony Anscombe GoldenJackal jumps the air gap … twice – Week in security with Tony Anscombe Hacking blog

Eset

2.11.24

ESET Research shares new findings about Telekopye, a scam toolkit used to defraud people on online marketplaces, and newly on accommodation booking platforms Telekopye transitions to targeting tourists via hotel booking scam Spam blog

Eset

2.11.24

Cyber insurance, human risk, and the potential for cyber-ratings Could human risk in cybersecurity be managed with a cyber-rating, much like credit scores help assess people’s financial responsibility? Cyber blog

Eset

2.11.24

Mind the (air) gap: GoldenJackal gooses government guardrails ESET Research analyzed two separate toolsets for breaching air-gapped systems, used by a cyberespionage threat actor known as GoldenJackal BigBrother blog

Eset

2.11.24

The complexities of attack attribution – Week in security with Tony Anscombe Attributing a cyberattack to a specific threat actor is a complex affair, as evidenced by new ESET research published this week Cyber blog

Eset

2.11.24

Separating the bee from the panda: CeranaKeeper making a beeline for Thailand ESET Research details the tools and activities of a new China-aligned threat actor, CeranaKeeper, focusing on massive data exfiltration in Southeast Asia APT blog

Eset

2.11.24

Why system resilience should mainly be the job of the OS, not just third-party applications Building efficient recovery options will drive ecosystem resilience OS Blog

Eset

2.11.24

Cybersecurity Awareness Month needs a radical overhaul – it needs legislation Despite their benefits, awareness campaigns alone are not enough to encourage widespread adoption of cybersecurity best practices Cyber blog

Eset

2.11.24

Gamaredon's operations under the microscope – Week in security with Tony Anscombe ESET research examines the group's malicious wares as used to spy on targets in Ukraine in the past two years Cyber blog

Eset

1.11.24

Inside Iran's Cyber Playbook: AI, Fake Hosting, and Psychological Warfare U.S. and Israeli cybersecurity agencies have published a new advisory attributing an Iranian cyber group to targeting the 2024 BigBrothers

The Hacker News

1.11.24

Massive Git Config Breach Exposes 15,000 Credentials; 10,000 Private Repos Cloned Cybersecurity researchers have flagged a "massive" campaign that targets exposed Git configurations to siphon credentials, clone Incindent

The Hacker News

1.11.24

Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft Microsoft has revealed that a Chinese threat actor it tracks as Storm-0940 is leveraging a botnet called Quad7 to orchestrate highly BotNet

The Hacker News

1.11.24

Microsoft Delays Windows Copilot+ Recall Release Over Privacy Concerns Microsoft is further delaying the release of its controversial Recall feature for Windows Copilot+ PCs, stating it's taking the time to OS

The Hacker News

1.11.24

New Phishing Kit Xiū gǒu Targets Users Across Five Countries With 2,000 Fake Sites Cybersecurity researchers have disclosed a new phishing kit that has been put to use in campaigns targeting Australia, Japan, Spain, the Phishing

The Hacker News

1.11.24

New LightSpy Spyware Version Targets iPhones with Increased Surveillance Tactics Cybersecurity researchers have discovered an improved version of an Apple iOS spyware called LightSpy that not only expands on its OS

The Hacker News

1.11.24

LottieFiles Issues Warning About Compromised "lottie-player" npm Package LottieFiles has revealed that its npm package "lottie-player" was compromised as part of a supply chain attack, prompting it to Hack

The Hacker News

1.11.24

LiteSpeed Cache Plugin Vulnerability Poses Significant Risk to WordPress Websites A high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could allow an unauthenticated Vulnerebility

The Hacker News