January(137)  February(207)  March(430) April(242)

DATE

NAME

CATEGORY

SUBCATE

INFO

28.2.24

Pony

Malware

Stealer

Pony (also known as Fareit or Siplog) is a malware categorized as a loader and stealer, although it is also used as a botnet, being a tool that has been used for more than 10 years and is still in use.

28.2.24

RustDoor

Malware

Backdoor

New macOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group

28.2.24

Russian Cyber Actors Use Compromised Routers to
Facilitate Cyber Operation

REPORT

REPORT

Actions EdgeRouter network defenders and users should implement to protect against APT28 activity

28.2.24

TimbreStealer

Malware

Stealer

When Stealers Converge: New Variant of Atomic Stealer in the Wild

28.2.24

Mispadu

Malware

Banking

According to ESET Research, Mispadu is an ambitious Latin American banking trojan that utilizes McDonald’s malvertising and extends its attack surface to web browsers.

28.2.24

Cyclops Blink

Malware

Linux

Modular malware framework targeting SOHO network devices

28.2.24

MASEPIE

Malware

Loader

Compromised Routers Are Still Leveraged as Malicious Infrastructure to Target Government Organizations in Europe and the Caucasus

28.2.24

CVE-2023-23397

Vulnerebility

CVE

Microsoft Outlook Elevation of Privilege Vulnerability

28.2.24

APT29

APT

APT

SVR cyber actors adapt tactics for initial cloud access

28.2.24

CVE-2023-40000

Vulnerebility

CVE

4 Million WordPress Sites affected by Stored Cross-Site Scripting Vulnerability in LiteSpeed Cache Plugin

28.2.24

Nood RAT

Malware

RAT

Analysis of Nood RAT Used in Attacks Against Linux (Gh0st RAT’s Variant)

28.2.24

CVE-2023-4969

Vulnerebility

CVE

A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures.

27.2.24

CVE-2024-1071

Vulnerebility

CVE

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'sorting' parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.

27.2.24

CVE-2023-3460

Vulnerebility

CVE

The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.

27.2.24

IDAT Loader

Malware

Loader

Unveiling UAC-0184: The Steganography Saga of the IDAT Loader Delivering Remcos RAT to a Ukraine Entity in Finland

27.2.24

SubdoMailing

Spam

SPAM

“SubdoMailing” — Thousands of Hijacked Major-Brand Subdomains Found Bombarding Users With Millions of Malicious Emails

27.2.24

DarkVNC

Malware

Stealer

DarkVNC is a hidden utility based on the Virtual Network Computing (VNC) technology, initially promoted on an Exploit forum in 2016.

27.2.24

Remcos RAT

Malware

RAT

We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.

27.2.24

DCRat

Malware

RAT

We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.

27.2.24

Ousaban

Malware

Banking

Ousaban: LATAM Banking Malware Abusing Cloud Services

27.2.24

Mekotio

Malware

Banking

Tweet on recent Mekotio Banker campaign

27.2.24

Astaroth

Malware

Banking

First spotted in the wild in 2017, Astaroth is a highly prevalent, information-stealing Latin American banking trojan. It is written in Delphi and has some innovative execution and attack techniques.

25.2.24

WEBIGniter v28.7.23 - Stored Cross Site Scripting (XSS)

Exploit

WebApps

PHP

25.2.24

JFrog Artifactory < 7.25.4 - Blind SQL Injection

Exploit

WebApps

PHP

25.2.24

Wondercms 4.3.2 - XSS to RCE

Exploit

WebApps

Multiple

25.2.24

SureMDM On-premise < 6.31 - CAPTCHA Bypass User Enumeration

Exploit

WebApps

Multiple

25.2.24

Employee Management System v1 - 'email' SQL Injection

Exploit

WebApps

PHP

25.2.24

Microsoft Windows Defender - VBScript Detection Bypass

Exploit

Local

Windows_x86-64

25.2.24

Microsoft Windows Defender Bypass - Detection Mitigation Bypass

Exploit

Local

Windows_x86-64

25.2.24

XAMPP - Buffer Overflow POC

Exploit

DoS

Windows

25.2.24

phpFox < 4.8.13 - (redirect) PHP Object Injection Exploit

Exploit

WebApps

PHP

25.2.24

DS Wireless Communication - Remote Code Execution

Exploit

Local

Hardware

25.2.24

Metabase 0.46.6 - Pre-Auth Remote Code Execution

Exploit

WebApps

Linux

25.2.24

SISQUALWFM 7.1.319.103 - Host Header Injection

Exploit

WebApps

Multiple

25.2.24

Lost and Found Information System v1.0 - ( IDOR ) leads to Account Take over

Exploit

WebApps

PHP

25.2.24

ManageEngine ADManager Plus Build < 7183 - Recovery Password Disclosure

Exploit

WebApps

Windows

25.2.24

VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) - Remote Denial Of Service

Exploit

DoS

Hardware

25.2.24

Splunk 9.0.4 - Information Disclosure

Exploit

WebApps

Multiple

25.2.24

LockBit Attempts to Stay Afloat With a New Version

Ransomware

Ransomware

This research is the result of our collaboration with the National Crime Agency in the United Kingdom, who took action against LockBit as part of Operation Cronos, an international effort resulting in the undermining of its operations.

23.2.24

CVE-2024-23204 

Vulnerebility

CVE

The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 and iPadOS 17.3. A shortcut may be able to use sensitive data with certain actions without prompting the user.

23.2.24

PQ3

Crypto

Crypto

iMessage with PQ3: The new state of the art in quantum-secure messaging at scale

22.2.24

SSH-Snake

Malware

Worm

SSH-Snake: New Self-Modifying Worm Threatens Networks

22.2.24

KONNI

Malware

RAT

To Russia With Love: Assessing a KONNI-Backdoored Suspected Russian Consular Software Installer

22.2.24

CVE-2023-52161

Vulnerebility

CVE

The Access Point functionality in eapol_auth_key_handle in eapol.c in iNet wireless daemon (IWD) before 2.14 allows attackers to gain unauthorized access to a protected Wi-Fi network. An attacker can complete the EAPOL handshake by skipping Msg2/4 and instead sending Msg4/4 with an all-zero key.

22.2.24

CVE-2023-52160 

Vulnerebility

CVE

The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication.

21.2.24

PlugX

Malware

Stealer

Mustang Panda’s PlugX new variant targetting Taiwanese government and diplomats

21.2.24

SMUGX

Campaign

Campaign

CHINESE THREAT ACTORS TARGETING EUROPE IN SMUGX CAMPAIGN

21.2.24

Operation Texonto

Operation

Operation

Operation Texonto: Information operation targeting Ukrainian speakers in the context of the war

21.2.24

VietCredCare

Malware

Stealer

Extra credit: VietCredCare information stealer takes aim at Vietnamese businesses

21.2.24

Earth Preta

Campaign

Campaign

Earth Preta Campaign Uses DOPLUGS to Target Asia

21.2.24

CVE-2024-22250

Vulnerebility

CVE

Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a malicious actor with unprivileged local access to a windows operating system can hijack a privileged EAP session when initiated by a privileged domain user on the same system.

21.2.24

CVE-2024-22245

Vulnerebility

CVE

Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in (EAP) could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary Active Directory Service Principal Names (SPNs).

21.2.24

Migo

Malware

Miner

Migo - a Redis Miner with Novel System Weakening Techniques

21.2.24

SysJoker

Malware

Backdoor

Sysjoker is a backdoor malware that was first discovered in December 2021 by Intezer.

21.2.24

BiBi-Linux

Malware

Wipper

According to Security Joes, this malware is an x64 ELF executable, lacking obfuscation or protective measures. It allows attackers to specify target folders and can potentially destroy an entire operating system if run with root permissions.

21.2.24

Tool of First Resort

REPORT

REPORT

Israel-Hamas War in Cyber

21.2.24

CVE-2024-25600

Vulnerebility

CVE

CVE-2024-25600 (CVSS score: 9.8), enables unauthenticated attackers to achieve remote code execution. It impacts all versions of the Bricks up to and including 1.9.6.

19.2.24

Anatsa 

Malware

Android

Anatsa Trojan Returns: Targeting Europe and Expanding Its Reach

19.2.24

TAG-70

Group

Group

Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign

19.2.24

BASICSTAR

Malware

Backdoor

Through its managed security services offerings, Volexity routinely identifies spear-phishing campaigns targeting its customers.

18.2.24

Raccoon Stealer v2

Malware

Stealer

Raccoon Stealer v2 – Part 1: The return of the dead

18.2.24

Recordbreaker

Malware

Stealer

An info stealer is malicious software (malware) that seeks to steal private data from a compromised device, including passwords, cookies, autofill information from browsers, and cryptocurrency wallet information.

17.2.24

DeliveryCheck

Malware

Backdoor

According to CERT-UA, this malware makes use of XSLT (Extensible Stylesheet Language Transformations) and COM-hijacking. Its specificity is the presence of a server part, which is usually installed on compromised MS Exchange servers in the form of a MOF (Managed Object Format) file using the Desired State Configuration (DCS) PowerShell tool), effectively turning a legitimate server into a malware control center.

17.2.24

TinyTurla-NG

Malware

Backdoor

TinyTurla Next Generation - Turla APT spies on Polish NGOs

17.2.24

FLATLINED

Vulnerebility

CVE

FLATLINED: ANALYZING PULSE SECURE FIRMWARE AND BYPASSING INTEGRITY CHECKING

17.2.24

GoldDigger

Malware

iOS

Group-IB uncovers the first iOS Trojan harvesting facial recognition data used for unauthorized access to bank accounts. The GoldDigger family grows

17.2.24

Bumblebee

Malware

Loader

This malware is delivered by an ISO file, with an DLL inside with a custom loader. Because of the unique user-agent "bumblebee" this malware was dubbed BUMBLEBEE. At the time of Analysis by Google's Threat Analysis Group (TAG) BumbleBee was observed to fetch Cobalt Strike Payloads.

17.2.24

Water Hydra

APT

APT

Water Hydra’s Zero-Day Attack Chain Targets Financial Traders

17.2.24

CVE-2024-21412

Vulnerebility

CVE

Internet Shortcut Files Security Feature Bypass Vulnerability

17.2.24

DarkMe

Malware

Loader

CVE-2024-21412: Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day

17.2.24

CVE-2024-20684

Vulnerebility

CVE

(CVSS score: 6.5) - Windows Hyper-V Denial of Service Vulnerability

17.2.24

CVE-2024-21357 

Vulnerebility

CVE

(CVSS score: 7.5) - Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

17.2.24

CVE-2024-21380

Vulnerebility

CVE

(CVSS score: 8.0) - Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability

17.2.24

CVE-2024-21410

Vulnerebility

CVE

(CVSS score: 9.8) - Microsoft Exchange Server Elevation of Privilege Vulnerability

17.2.24

CVE-2024-21413 

Vulnerebility

CVE

(CVSS score: 9.8) - Microsoft Outlook Remote Code Execution Vulnerability

17.2.24

CVE-2024-21412

Vulnerebility

CVE

(CVSS score: 8.1) - Internet Shortcut Files Security Feature Bypass Vulnerability

17.2.24

CVE-2024-21351 

Vulnerebility

CVE

(CVSS score: 7.6) - Windows SmartScreen Security Feature Bypass Vulnerability

17.2.24

Glupteba

BOTNET

BOTNET

Diving Into Glupteba's UEFI Bootkit

17.2.24

Glupteba

Malware

Bootkit

Diving Into Glupteba's UEFI Bootkit

17.2.24

PikaBot

Malware

Loader

Pikabot is a malware loader that originally emerged in early 2023. Over the past year, ThreatLabz has been tracking the development of Pikabot and its modus operandi.

17.2.24

CVE-2024-21893

Vulnerebility

CVE

A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.

17.2.24

DSLog

Malware

Backdoor

Ivanti Connect Secure: Journey to the core of the DSLog backdoor

17.2.24

CVE-2023-43770 

Vulnerebility

CVE

Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior.

17.2.24

Akira ransomware

Ransomware

Ransomware

Akira Ransomware and Exploitation of Cisco Anyconnect Vulnerability CVE-2020-3259

17.2.24

CVE-2020-3259 

Vulnerebility

CVE

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential information.

17.2.24

RustDoor

Malware

macOS

New macOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group

17.2.24

SNS Sender

Campaign

Spam

SNS Sender | Active Campaigns Unleash Messaging Spam Through the Cloud

12.2.24

Rhysida Decryption Tool

Ransomware

Anti-Ransom tool

Korea Internet & Security Agency (KISA) distribuuje nastroj pro obnovu ransomwaru Rhysida.

12.2.24

Warzone RAT

Malware

RAT

The U.S. Justice Department (DoJ) on Friday announced the seizure of online infrastructure that was used to sell a remote access trojan (RAT) called Warzone RAT.

10.2.24

RustDoor

Malware

Backdoor

New MacOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group

10.2.24

RASPBERRY ROBIN

Malware

Worm

RASPBERRY ROBIN KEEPS RIDING THE WAVE OF ENDLESS 1-DAYS

10.2.24

Online Nurse Hiring System 1.0 - Time-Based SQL Injection

Exploit

WebApps

PHP

10.2.24

Rail Pass Management System 1.0 - Time-Based SQL Injection

Exploit

WebApps

PHP

10.2.24

Wordpress Seotheme - Remote Code Execution Unauthenticated

Exploit

WebApps

PHP

10.2.24

Wordpress Augmented-Reality - Remote Code Execution Unauthenticated

Exploit

WebApps

PHP

10.2.24

Elasticsearch - StackOverflow DoS

Exploit

DoS

Multiple

10.2.24

Zyxel zysh - Format string

Exploit

Remote

Hardware

10.2.24

Advanced Page Visit Counter 1.0 - Admin+ Stored Cross-Site Scripting (XSS) (Authenticated)

Exploit

WebApps

PHP

10.2.24

Milesight Routers UR5X, UR32L, UR32, UR35, UR41 - Credential Leakage Through Unprotected System Logs and Weak Password Encryption

Exploit

Remote

Hardware

10.2.24

Wordpress 'simple urls' Plugin < 115 - XSS

Exploit

WebApps

PHP

10.2.24

TASKHUB-2.8.8 - XSS-Reflected

Exploit

WebApps

PHP

10.2.24

WhatsUp Gold 2022 (22.1.0 Build 39) - XSS

Exploit

WebApps

Multiple

10.2.24

MISP 2.4.171 - Stored XSS

Exploit

WebApps

PHP

10.2.24

Clinic's Patient Management System 1.0 - Unauthenticated RCE

Exploit

WebApps

PHP

10.2.24

Curfew e-Pass Management System 1.0 - FromDate SQL Injection

Exploit

WebApps

PHP

10.2.24

GYM MS - GYM Management System - Cross Site Scripting (Stored)

Exploit

WebApps

PHP

9.2.24

MoqHao 

Malware

Android

MoqHao evolution: New variants start automatically right after installation

9.2.24

Coyote

Malware

Banking

Coyote: A multi-stage banking Trojan abusing the Squirrel installer

9.2.24

CVE-2024-21762

Vulnerebility

CVE

FortiOS - Out-of-bound Write in sslvpnd

9.2.24

CVE-2024-22024

Vulnerebility

CVE

CVE-2024-22024 (XXE) for Ivanti Connect Secure and Ivanti Policy Secure

9.2.24

Zardoor

Malware

Backdoor

New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organization

8.2.24

HijackLoader

Malware

Loader

HijackLoader Expands Techniques to Improve Defense Evasion

8.2.24

Troll Stealer

Malware

Stealer

Kimsuky disguised as a Korean company signed with a valid certificate to distribute Troll Stealer

8.2.24

CVE-2024-22241

Vulnerebility

CVE

Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account.

8.2.24

CVE-2024-22240 

Vulnerebility

CVE

Aria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information.

8.2.24

CVE-2024-22239

Vulnerebility

CVE

Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain regular shell access.

8.2.24

CVE-2024-22238

Vulnerebility

CVE

Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to improper input sanitization.

8.2.24

CVE-2024-22237

Vulnerebility

CVE

Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain root access to the system.

8.2.24

CVE-2024-23109

Vulnerebility

CVE

An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests.

8.2.24

CVE-2024-23108 

Vulnerebility

CVE

An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests.

8.2.24

CVE-2024-20255

Vulnerebility

CVE

A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.

8.2.24

CVE-2024-20254

Vulnerebility

CVE

Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device.

8.2.24

CVE-2024-20252

Vulnerebility

CVE

Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device.

8.2.24

KV-Botnet

BOTNET

BOTNET

KV-Botnet: Don’t Call It A Comeback

7.2.24

CVE-2023-40546

Vulnerebility

CVE

(CVSS score: 5.3) - Out-of-bounds read when printing error messages, resulting in a denial-of-service (DoS) condition

7.2.24

CVE-2023-40548

Vulnerebility

CVE

(CVSS score: 7.4) - Buffer overflow in shim when compiled for 32-bit processors that can lead to a crash or data integrity issues during the boot phase

7.2.24

CVE-2023-40549

Vulnerebility

CVE

(CVSS score: 5.5) - Out-of-bounds read in the authenticode function that could permit an attacker to trigger a DoS by providing a malformed binary

7.2.24

CVE-2023-40550

Vulnerebility

CVE

(CVSS score: 5.5) - Out-of-bounds read when validating Secure Boot Advanced Targeting (SBAT) information that could result in information disclosure

7.2.24

CVE-2023-40551

Vulnerebility

CVE

(CVSS score: 7.1) - Out-of-bounds read when parsing MZ binaries, leading to a crash or possible exposure of sensitive data

7.2.24

BOLDMOVE

Malware

Backdoor

According to Mandiant, this malware family is attributed to potential chinese background and its Linux variant is related to exploitation of Fortinet's SSL-VPN (CVE-2022-42475).

7.2.24

BOLDMOVE

Malware

ELF

According to Mandiant, this malware family is attributed to potential chinese background and directly related to observed exploitation of Fortinet's SSL-VPN (CVE-2022-42475). There is also a Windows variant.

7.2.24

COATHANGER

Malware

RAT

Successful exploitation of the flaw paved the way for the deployment of a backdoor dubbed COATHANGER from an actor-controlled server that's designed to grant persistent remote access to the compromised appliances.

7.2.24

CVE-2023-40547

Vulnerebility

CVE

A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response.

7.2.24

CVE-2024-23917

Vulnerebility

CVE

In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible

6.2.24

CrackedCantil

Malware

Stealer

CrackedCantil: A Malware Symphony Breakdown

6.2.24

Ov3r_Stealer

Malware

Stealer

Facebook Advertising Spreads Novel Malware Variant

6.2.24

CVE-2023-38156

Vulnerebility

CVE

(CVSS score: 7.2) - Azure HDInsight Apache Ambari Java Database Connectivity (JDBC) Injection Elevation of Privilege Vulnerability

6.2.24

CVE-2023-36419

Vulnerebility

CVE

(CVSS score: 8.8) - Azure HDInsight Apache Oozie Workflow Scheduler XML External Entity (XXE) Injection Elevation of Privilege Vulnerability

6.2.24

GambleForce

Group

Group

Analysis of TTPs tied to GambleForce, which carried out SQL injection attacks against companies in the APAC region

6.2.24

CVE-2024-21887

Vulnerebility

CVE

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

6.2.24

CVE-2024-21893

Vulnerebility

CVE

A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.

6.2.24

Epeius

Malware

Spyware

A Spyware Vendor Seemingly Made a Fake WhatsApp to Hack Targets

6.2.24

Skygofree

Malware

Android

Skygofree: Following in the footsteps of HackingTeam

5.2.24

VajraSpy

Malware

RAT

ESET researchers discovered several Android apps carrying VajraSpy, a RAT used by the Patchwork APT group

5.2.24

Pegasus

Malware

Spyware

New spyware attacks exposed: civil society targeted in Jordan

5.2.24

DiceLoader

Malware

Loader

This report aims to detail the functioning of a malware used by FIN7 since 2021, named DiceLoader (also known Icebot), and to provide a comprehensive approach of the threat by detailing the related Techniques...

5.2.24

Phemedrone Stealer

Malware

Stealer

CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign

5.2.24

Mispadu Stealer

Malware

Stealer

Unit 42 researchers recently discovered activity attributed to Mispadu Stealer, a stealthy infostealer first reported in 2019

5.2.24

CVE-2023-36025

Vulnerebility

CVE

Windows SmartScreen Security Feature Bypass Vulnerability

3.2.24

Cloudflare Breach

Incident

Incident

Thanksgiving 2023 security incident

3.2.24

AnyDesk Incident Response 2-2-2024

Incident

Incident

Following indications of an incident on some of our systems, we conducted a security audit and found evidence of compromised production systems. We immediately activated a remediation and response plan involving cyber security experts CrowdStrike. The remediation plan has concluded successfully.

3.2.24

CVE-2024-23832

Vulnerebility

CVE

Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication.

3.2.24

Juniper-SRX-Firewalls&EX-switches - (PreAuth-RCE) (PoC)

Exploit

WebApps

PHP

3.2.24

Electrolink FM/DAB/TV Transmitter - Pre-Auth MPFS Image Remote Code Execution

Exploit

WebApps

Hardware

3.2.24

Electrolink FM/DAB/TV Transmitter - Unauthenticated Remote DoS

Exploit

DoS

Hardware

3.2.24

Electrolink FM/DAB/TV Transmitter - Remote Authentication Removal

Exploit

WebApps

Hardware

3.2.24

Electrolink FM/DAB/TV Transmitter (Login Cookie) - Authentication Bypass

Exploit

WebApps

Hardware

3.2.24

Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure

Exploit

WebApps

Hardware

3.2.24

Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) - Credentials Disclosure

Exploit

WebApps

Hardware

3.2.24

TP-LINK TL-WR740N - Multiple HTML Injection

Exploit

WebApps

Hardware

3.2.24

TP-Link TL-WR740N - UnAuthenticated Directory Transversal

Exploit

WebApps

Hardware

3.2.24

PCMan FTP Server 2.0 - 'pwd' Remote Buffer Overflow

Exploit

Remote

Windows

3.2.24

mooSocial 3.1.8 - Cross-Site Scripting (XSS) on User Login Page

Exploit

WebApps

PHP

3.2.24

WebCatalog 48.4 - Arbitrary Protocol Execution

Exploit

Remote

Windows

3.2.24

COLDRIVER

Group

Group

The Coldriver Group, also known as Callisto and SEABORGIUM, is a threat actor known to attack government organizations, think tanks, and journalists in Europe and the Caucasus regions through spearphishing campaigns.

3.2.24

HeadLace

Malware

Backdoor

ITG05 operations leverage Israel-Hamas conflict lures to deliver Headlace malware

3.2.24

CVE-2023-23397

Vulnerebility

CVE

Microsoft Outlook Elevation of Privilege Vulnerability

3.2.24

Shuckworm

Group

Group

Shuckworm: Inside Russia’s Relentless Cyber Campaign Against Ukraine

3.2.24

NTLM Relay Attacks

Attack

Attack

NTLM relay attacks A dangerous game of hot potato

3.2.24

LitterDrifter

Group

Group

Malware Spotlight – Into the Trash: Analyzing LitterDrifter

3.2.24

UAC-0027

Group

Group

UAC-0027 Attack Detection: Hackers Target Ukrainian Organizations Using DIRTYMOE (PURPLEFOX) Malware

3.2.24

DirtyMoe

Malware

Backdoor

Securonix Threat Research Security Advisory: Analysis and Detection of STEADY#URSA Attack Campaign Targeting Ukraine Military Dropping New Covert SUBTLE-PAWS PowerShell Backdoor

2.2.24

RoyalTSX 6.0.1 - RTSZ File Handling Heap Memory Corruption PoC

Exploit

Remote

macOS

2.2.24

Proxmox VE - TOTP Brute Force

Exploit

Remote

Linux

2.2.24

GoAhead Web Server 2.5 - 'goform/formTest' Multiple HTML Injection Vulnerabilities

Exploit

WebApps

Multiple

2.2.24

Grocy <=4.0.2 - CSRF

Exploit

WebApps

PHP

2.2.24

101 News 1.0 - Multiple-SQLi

Exploit

WebApps

PHP

2.2.24

Academy LMS 6.2 - SQL Injection

Exploit

WebApps

PHP

2.2.24

Academy LMS 6.2 - Reflected XSS

Exploit

WebApps

PHP

2.2.24

UNC5221

Group

CyberSpy

UNC5221: Unreported and Undetected WIREFIRE Web Shell Variant

2.2.24

Frog4Shell

BOTNET

Botnet

Frog4Shell — FritzFrog Botnet Adds One-Days to Its Arsenal

2.2.24

BPFdoor

Malware

Rootkit

We discuss proof-of-concept rootkits and malware used by cybercriminals in conjunction with Berkeley Packet Filtering (BPF), a piece of technology that allows programs to execute code in the operating systems of popular cloud-computing platforms. We also show how to detect such threats.

2.2.24

Commando Cat

Campaign

Cryptocurrency

The Nine Lives of Commando Cat: Analysing a Novel Malware Campaign Targeting Docker

2.2.24

Volt Typhoon

Group

Group

[Microsoft] Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering. Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.

2.2.24

HeadCrab 2.0

Malware

 

HeadCrab 2.0: Evolving Threat in Redis Malware Landscape

2.2.24

CVE-2024-23222

Vulnerebility

CVE

A type confusion issue was addressed with improved checks. This issue is fixed in tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3.

2.2.24

CVE-2022-48618

Vulnerebility

CVE

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2.

1.2.24

CVE-2024-23653 

Vulnerebility

CVE

'Leaky Vessels' Cloud Bugs Allow Container Escapes Globally

1.2.24

CVE-2024-23652

Vulnerebility

CVE

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner.

1.2.24

CVE-2024-23651 

Vulnerebility

CVE

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner.

1.2.24

CVE-2024-21626

Vulnerebility

CVE

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification.

1.2.24

CVE-2024-21893

Vulnerebility

CVE

A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.

1.2.24

CVE-2024-21888

Vulnerebility

CVE

A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator.

1.2.24

Telekopye

BOTNET

Bot

Telekopye: Hunting Mammoths using Telegram bot

1.2.24

Scammers Paradise

Operation

Phishing

“Scammers Paradise” —Exploring Telegram’s Dark Markets, Breeding Ground for Modern Phishing Operations

1.2.24

QUIETBOARD

Malware

Python

Evolution of UNC4990: Uncovering USB Malware's Hidden Depths

1.2.24

EMPTYSPACE

Malware

Backdoor

Mandiant has observed UNC4990 leverage EMPTYSPACE (also known as VETTA Loader and BrokerLoader), a downloader that can execute any payload served by the command and control (C2) server, and QUIETBOARD, which is a backdoor that was delivered using EMPTYSPACE.

1.2.24

UNC4990

Group

Group

Evolution of UNC4990: Uncovering USB Malware's Hidden Depths

1.2.24

2023 Adversary Infrastructure Report

REPORT

Report

2023 Adversary Infrastructure Report

1.2.24

KRUSTYLOADER

Malware

Loader

KRUSTYLOADER - RUST MALWARE LINKED TO IVANTI CONNECTSECURE COMPROMISES

1.2.24

CVE-2024-21887

Vulnerebility

CVE

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

1.2.24

CVE-2023-46805

Vulnerebility

CVE

An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.

1.2.24

CVE-2023-4911

Vulnerebility

CVE

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable.

1.2.24

CVE-2023-6780

Vulnerebility

CVE

An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions.

1.2.24

CVE-2023-6779

Vulnerebility

CVE

An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library.

1.2.24

CVE-2023-6246

Vulnerebility

CVE

A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions