January(137) February(207) March(430) April(317) May(278) June(237) July(216) August(0) September(0) October(0) November(0) December(0) | i |
DATE |
NAME |
CATEGORY |
SUBCATE |
INFO |
|
27.7.24 |
Handala Hacking Team | GROUP | GROUP | Handala Hack: What We Know About the Rising Threat Actor |
|
27.7.24 |
Handala’s Wiper | MALWARE | Wipper | CrowdStrike’s Falcon agent caused downtime for millions of computers across the globe beginning July 19. This event caused panic and chaos, which threat actors quickly latch on to gain an edge over defenders. |
|
27.7.24 |
Cuckoo Spear | GROUP | GROUP | Highly sophisticated, well-funded, and strategically motivated nation-state cybersecurity threats are complex and challenging, requiring advanced cybersecurity measures, threat intelligence, and international cooperation. |
|
27.7.24 |
CVE-2023-46229 |
CVE |
langchain_experimental (aka LangChain Experimental) in LangChain before 0.0.306 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via __import__ in Python code, which is not prohibited by pal_chain/base.py. | |
|
27.7.24 |
CVE-2023-44467 |
CVE |
LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server. | |
|
26.7.24 |
RADAR Ransomware | ALERTS | RANSOM | Another ransomware group that employs double-extortion tactics has been making the rounds in the already crowded ransomware threat landscape. Calling themselves RADAR, the group compromises machines, encrypts the files, and appends them with a .[random8characters] extension. |
|
26.7.24 |
Smishing in Japan – Utilities, financial services and shipping top lures | ALERTS | SPAM | Smishing, or SMS phishing, is increasingly becoming a favored tactic for cybercriminals due to the widespread use of mobile devices and generally high open rates of SMS messages compared to emails. |
|
26.7.24 |
Atlantida Stealer among the malware variants spread by Stargazer Goblin threat group | ALERTS | VIRUS | Atlantida Stealer has been determined as one of several malware payloads spread recently in a malware distribution campaign attributed to the threat actor known as Stargazer Goblin. Other payloads spread via this malware delivery service dubbed as Stargazers Ghost Network included RedLine, Lumma Stealer, Rhadamanthys and RisePro. |
|
26.7.24 |
The increasing incidence of threats utilizing AI | ALERTS | AI | There has been a rise in cyber attacks using Large Language Models (LLMs) to generate malicious code. Symantec's Team has observed phishing campaigns where LLM-generated scripts download harmful payloads like Rhadamanthys, NetSupport, CleanUpLoader (Broomstick, Oyster), ModiLoader (DBatLoader), LokiBot, and Dunihi (H-Worm). |
|
26.7.24 |
PicassoLoader Malware | ALERTS | VIRUS | There was a recent surge in activity from the group called UAC-0057 (aka GhostWriter). In this campaign, attackers are distributing Word documents that are macro-enabled with the intention of launching a malware loader known as PicassoLoader. This malicious loader is capable of deploying a Cobalt Strike Beacon onto the victim's machine. |
|
26.7.24 |
ConfusedFunction |
CVE |
ConfusedFunction: A Privilege Escalation Vulnerability Impacting GCP Cloud Functions | |
|
26.7.24 |
APT45 | GROUP | APT | APT45: North Korea’s Digital Military Machine |
|
26.7.24 |
CVE-2024-6327 |
CVE |
In Progress® Telerik® Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code execution attack is possible through an insecure deserialization vulnerability. | |
|
26.7.24 |
CVE-2024-41110 |
CVE |
Critical Docker Engine Flaw Allows Attackers to Bypass Authorization Plugins | |
|
26.7.24 |
CVE-2024-4076 | ICS | VULNEREBILITY | (CVSS score: 7.5) - Due to a logic error, lookups that triggered serving stale data and required lookups in local authoritative zone data could have resulted in an assertion failure |
|
26.7.24 |
CVE-2024-1975 | ICS | VULNEREBILITY | (CVSS score: 7.5) - Validating DNS messages signed using the SIG(0) protocol could cause excessive CPU load, leading to a denial-of-service condition. |
|
26.7.24 |
CVE-2024-1737 | ICS | VULNEREBILITY | (CVSS score: 7.5) - It is possible to craft excessively large numbers of resource record types for a given owner name, which has the effect of slowing down database processing |
|
26.7.24 |
CVE-2024-0760 | ICS | VULNEREBILITY | (CVSS score: 7.5) - A malicious DNS client that sent many queries over TCP but never read the responses could cause a server to respond slowly or not at all for other clients |
|
25.7.24 |
Cursed tapes | EXPLOIT | Social site | Cursed tapes: Exploiting the EvilVideo vulnerability on Telegram for Android |
|
25.7.24 |
Patchwork | GROUP | GROUP | The Patchwork group has updated its arsenal, launching attacks for the first time using Brute Ratel C4 and an enhanced version of PGoShell |
|
25.7.24 |
Falcon Content Update for Windows Hosts | INCIDENT | INCIDENT | Remediation and Guidance Hub: Falcon Content Update for Windows Hosts |
|
25.7.24 |
CVE-2024-21412 | CAMPAIGN | CVE | Exploiting CVE-2024-21412: A Stealer Campaign Unleashed |
|
25.7.24 |
ACR Stealer | MALWARE | Stealer | ACR Stealer is an information stealer advertised by a threat actor operating under the pseudonym SheldIO, on Russian-speaking cybercrime forums. It is sold as a Malware-as-a-Service (MaaS) since March 2024. |
|
25.7.24 |
New Linux Play ransomware targets ESXi servers | ALERTS | RANSOM | As recently reported by researchers from Trend Micro, a new Linux variant of the infamous Play ransomware has been observed to target the ESXi servers. Prior to execution, the malware runs checks to confirm that it is running within an ESXi environment. Play ransomware will also attempt to power off all running ESXi virtual machines before proceeding with the encryption process. |
|
25.7.24 |
LummaC2 variant exploiting Steam for dynamic C2 domains | ALERTS | VIRUS | A new variant of LummaC2 has been observed exploiting the 'Steam' gaming platform. This variant now obtains dynamic C2 domains on demand, a departure from its previous technique of embedding C2 details within the sample itself. The malware stores a Steam URL, specifically a Steam account profile page, as executable code. |
|
25.7.24 |
New variant of the Jellyfish Loader observed in the wild | ALERTS | VIRUS | A new variant of the .NET-based Jellyfish Loader malware has been found in the wild. The malware has been reported as being distributed via a malicious .LNK file execution. |
|
25.7.24 |
CVE-2024-4879 - ServiceNow Jelly Template Injection vulnerability | ALERTS | VULNEREBILITY | CVE-2024-4879 is a recently disclosed critical template injection vulnerability (CVSS score 9.3) affecting ServiceNow, which is a popular platform for digital business transformation. Successful exploitation of the flaw might allow the unauthenticated remote attackers to gain access and execute arbitrary code within the context of the Now Platform. |
|
25.7.24 |
BianLian Ransomware changes strategy | ALERTS | RANSOM | BianLian is a ransomware threat actor that has been active since mid-2022, specifically targeting the infrastructure sector in the US and Australia. As part of its attack vector, the threat actor typically exploits RDP credentials acquired through third parties or phishing to gain initial access. |
|
25.7.24 |
Threat Actors continue to exploit CVE-2024-21412 | ALERTS | VULNEREBILITY | Threat actors continue to exploit CVE-2024-21412, a security bypass vulnerability in Microsoft Windows SmartScreen that was reported and patched in February 2024. |
|
25.7.24 |
"Mouse Logger" Malicious Python Script | SANS | SANS | Keylogging is a pretty common feature of many malware families because recording the key pressed on a keyboard may reveal a lot of interesting information like usernames, passwords, etc. |
|
25.7.24 |
CVE-2012-4792 |
CVE |
Microsoft Internet Explorer Use-After-Free Vulnerability | |
|
25.7.24 |
CVE-2024-39891 |
CVE |
Twilio Authy Information Disclosure Vulnerability | |
|
24.7.24 |
Malware-laden Word Document Delivering Daolpu Stealer | ALERTS | VIRUS | Following the recent outage which affected computers running Microsoft operating systems across the globe, attackers are continuously exploiting the incident to lure users into accessing malicious links or launching malware-laden files. A new attack linked to this incident has been discovered involving a Word document containing macros that execute and download an unidentified stealer dubbed Daolpu. |
|
24.7.24 |
Protection Highlight: ScriptNN | ALERTS | PHISHING | Phishing is an all-too-common type of social engineering attack that attempts to steal user data by sending fraudulent communications, usually via email or SMS, which appear to come from a legitimate source. Phishing is predominantly employed at the first stage in a malware attack, whether the ultimate objective is reconnaissance or compromise. |
|
24.7.24 |
Braodo: A new Python-based Infostealer in the cyber threat landscape | ALERTS | VIRUS | A new infostealer, named Braodo, has been observed circulating in the ever-evolving threat landscape. It is distributed through an archive file that includes a BAT file. When executed, this BAT file connects to GitHub to download a secondary BAT file and a ZIP archive containing the final Braodo infostealer payload. |
|
24.7.24 |
Daggerfly group updates their toolset | ALERTS | GROUP | The Daggerfly (aka Evasive Panda, Bronze Highland) threat group, which has been active for at least a decade, has made some significant updates to their toolset. Symantec’s Threat Hunter Team has published a report providing details regarding Daggerfly tools such as the modular malware framework MgBot, Macma, a modular macOS backdoor, and a recently observed multi-stage backdoor identified as Suzafk. |
|
24.7.24 |
FIN7 has a versatile attack arsenal | ALERTS | GROUP | Threat Actor FIN7 (also tracked under the names Carbon Spider, the Carbanak Group, and Sangria Tempest) is known for its proficiency in sophisticated campaigns and engineering attacks to gain initial access to corporate networks. |
|
24.7.24 |
BlackSuit Ransomware poses as fake Antivirus Installer | ALERTS | RANSOM | New variants of BlackSuit ransomware have been observed in the wild, employing deceptive tactics to evade detection. Recently, they masqueraded as fake Qihoo 360 antivirus installers to deceive victims. Once installed, the malware encrypts user files and appends the .blacksuit extension. |
|
24.7.24 |
CyberVolk Ransomware | ALERTS | RANSOM | A new strain of ransomware dubbed CyberVolk has been reported. This ransomware is written in C/C++ and features a unique encryption algorithm developed entirely by the group behind the malware. |
|
24.7.24 |
RA World Ransomware group | ALERTS | RANSOM | Researchers at Palo Alto Networks have provided an analysis of the RA World Ransomware group. This group has been active since 2023 and has targeted victims worldwide across multiple industries. |
|
24.7.24 |
RA World Ransomware group | ALERTS | RANSOM | In recent weeks, mobile users of several major financial institutions in South Korea were targeted by a FakeApp/FakeBank Android campaign. |
|
24.7.24 |
FakeApp Campaign: South Korea's Financial Institutions' Mobile Users Targeted | ALERTS | CAMPAIGN | In recent weeks, mobile users of several major financial institutions in South Korea were targeted by a FakeApp/FakeBank Android campaign. |
|
24.7.24 |
New backdoor spreading in Seedworm malspam campaign | ALERTS | CAMPAIGN | Recently the APT group Seedworm has been observed deploying a previously undocumented backdoor named Bugsleep, primarily via a phishing campaign with PDFs containing malicious links targeting organizations in the Middle East. Once deployed this new backdoor allows attackers to execute remote commands and exfiltrate files to the C&C server. |
|
24.7.24 |
Tag-100: Emerging threat actor exploiting appliance vulnerabilities | ALERTS | GROUP | A new threat actor, dubbed Tag-100, has been reported targeting government and private sector entities worldwide. This threat actor exploits vulnerabilities in appliances to initiate its attacks and has been observed exploiting known vulnerabilities in appliances such as Citrix NetScaler. |
|
24.7.24 |
Copybara Android malware | ALERTS | VIRUS | Copybara is a banking Trojan affecting Android mobile devices and has been observed targeting users in Italy. Threat actors use previously obtained contact details and portray themselves as bank employees to socially engineer victims into downloading the malicious application by way of SMS phishing and voice phishing, also known as smishing and vishing respectively. |
|
24.7.24 |
NullBulge exploiting code repositories in AI and Gaming Sectors | ALERTS | AI | n response to the threat actors exploiting security vulnerabilities in AI and gaming-focused entities, a new group dubbed NullBulge has been reported. |
|
24.7.24 |
Health Insurance Fund (NEAK) Targeted with Lokibot Malware | ALERTS | VIRUS | A recent report has revealed that the National Health Insurance Fund (NEAK) based in Hungary was targeted by attackers who aimed to deploy Lokibot malware. |
|
24.7.24 |
Grayfly is targeting and compromising multiple sectors | ALERTS | APT | Over the past few weeks, multiple campaigns have been reported, carried out by the China-linked APT group Grayfly also known as APT41. |
|
24.7.24 |
New Exploit Variation Against D-Link NAS Devices (CVE-2024-3273) |
SANS |
In April, an OS command injection vulnerability in various D-Link NAS devices was made public [1]. The vulnerability, %%CVE:2024-3273%% was exploited soon after it became public. Many of the affected devices are no longer supported. |
|
|
24.7.24 |
CVE |
New Exploit Variation Against D-Link NAS Devices (CVE-2024-3273) |
||
|
24.7.24 |
macOS |
Infect If Needed | A Deeper Dive Into Targeted Backdoor macOS.Macma |
||
|
24.7.24 |
REPORT |
A secret Disinformation Campaign targetingU.S.Congress and Taxpayers conductedbyU.S.Government agencies |
||
|
24.7.24 |
Espionage |
Daggerfly: Espionage Group Makes Major Update to Toolset |
||
|
24.7.24 |
Attackers Abuse Swap File to Steal Credit Cards | CRIME | Steal Credit Cards | When it comes to website security, sometimes the most innocuous features can become powerful tools in the hands of attackers |
|
24.7.24 |
FrostyGoop | MALWARE | ICS | Impact of FrostyGoop ICS Malware on Connected OT Systems |
|
23.7.24 |
VIGORISH VIPER | PAPERS | PAPERS | This groundbreaking report
unveils the discovery of a technology suite and its connection to Chinese organized crime, money laundering, and human trafficking throughout Southeast Asia. |
|
23.7.24 |
VIGORISH VIPER | GROUP | GROUP | GAMBLING IS NO GAME: DNS LINKS BETWEEN CHINESE ORGANIZED CRIME AND SPORTS SPONSORSHIPS |
|
23.7.24 |
FLUXROOT | GROUP | HACKING | A Latin America (LATAM)-based financially motivated actor codenamed FLUXROOT has been observed leveraging Google Cloud serverless projects to orchestrate credential phishing activity, highlighting the abuse of the cloud computing model for malicious purposes. |
|
23.7.24 |
SocGholish | MALWARE | Malware | Fake Browser Updates Lead to BOINC Volunteer Computing Software |
|
23.7.24 |
Prolific Puma | GROUP | Ransomware | Play Ransomware Group’s New Linux Variant Targets ESXi, Shows Ties With Prolific Puma |
|
20.7.24 |
CHINA’S CYBER REVENGE | REPORT | REPORT | WHY THE PRC FAILS TO BACK ITS CLAIMS OF WESTERN ESPIONAGE |
|
20.7.24 |
AuKill | MALWARE | Tool | ‘AuKill’ EDR killer malware abuses Process Explorer driver |
|
20.7.24 |
BUGSLEEP | MALWARE | Backdoor | BugSleep is a backdoor designed to execute the threat actors’ commands and transfer files between the compromised machine and the C&C server. |
|
19.7.24 |
New variant of BeaverTail malware targets job seekers | ALERTS | VIRUS | A new variant of the BeaverTail malware has been reported, distributed via a macOS DMG file that mimics the legitimate video call service MiroTalk. |
|
19.7.24 |
APT17 Campaign: New variants of 9002 RAT targeting Italian government entities | ALERTS | APT | A malware campaign by the APT17 group has been reported, distributing newer variants of 9002 RAT. The campaign specifically targets government entities and Italian companies. |
|
19.7.24 |
UAC-0180 Phishing Campaign Targeting Ukrainian | ALERTS | GROUP | A recent phishing campaign was observed by researchers targeting Ukrainian defense enterprises on the topic of Unmanned Aerial Vehicle (UAV) purchasing. |
|
19.7.24 |
RDPWrapper and Tailscale leveraged in recent malspam campaign | ALERTS | CAMPAIGN | Researchers have uncovered a multi-stage cyberattack campaign starting with a malicious zip file containing a .lnk shortcut file that was likely spread via phishing emails. |
|
19.7.24 |
ShadowRoot Ransomware | ALERTS | RANSOM | Threat researchers have identified a new ransomware called ShadowRoot which targets businesses in Turkey. T |
|
19.7.24 |
Phishing malware campaign targeting Ukrainian Government entities linked to Russian Threat Actor UNC4814 | ALERTS | PHISHING | Symantec has observed a phishing malware campaign targeting government entities in Ukraine. |
|
19.7.24 |
Zero-Day Exploit: Malicious .url Files Leveraging CVE-2024-38112 on Windows | ALERTS | EXPLOIT | An ongoing campaign targeting Windows users has been observed. Threat actors distribute phishing emails containing Windows Internet Shortcut files with a .url extension. |
|
19.7.24 |
CVE-2024-23471 | VULNEREBILITY | CVE | Solarwinds ARM CreateFile Directory Traversal Remote Code Execution Vulnerability |
|
19.7.24 |
CVE-2024-23470 | VULNEREBILITY | CVE | Solarwinds ARM UserScriptHumster Exposed Dangerous Method Remote Command Execution Vulnerability |
|
19.7.24 |
CVE-2024-23466 | VULNEREBILITY | CVE | Solarwinds ARM Directory Traversal Remote Code Execution Vulnerability |
|
19.7.24 |
CVE-2024-23467 | VULNEREBILITY | CVE | Solarwinds ARM Traversal Remote Code Execution Vulnerability |
|
19.7.24 |
CVE-2024-23475 | VULNEREBILITY | CVE | Solarwinds ARM Traversal and Information Disclosure Vulnerability |
|
19.7.24 |
CVE-2024-23469 | VULNEREBILITY | CVE | Solarwinds ARM Exposed Dangerous Method Remote Code Execution Vulnerability |
|
19.7.24 |
CVE-2024-28074 | VULNEREBILITY | CVE | SolarWinds ARM Internal Deserialization Remote Code Execution Vulnerability |
|
19.7.24 |
CVE-2024-23472 | VULNEREBILITY | CVE | SolarWinds ARM Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability |
|
19.7.24 |
Snowflake | REPORT | REPORT | We have released our Snowflake threat hunting guide, which contains guidance and queries for detecting abnormal and malicious activity across Snowflake customer database instances. |
|
19.7.24 |
UNC5537 | GROUP | GROUP | UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion |
|
19.7.24 |
APT41 | APT | APT | APT41 Has Arisen From the DUST |
|
19.7.24 |
Demodex | MALWARE | Rootkit | A Comprehensive Look at the Updated Infection Chain of Ghost Emperor’s Demodex Rootkit. |
|
19.7.24 |
DUSTPAN | EXPLOIT | Shell | APT41 used a combination of ANTSWORD and BLUEBEAM web shells for the execution of DUSTPAN to execute BEACON backdoor for command-and-control communication. |
|
19.7.24 |
OilAlpha | MALWARE | Mobil App | OilAlpha Malicious Applications Target Humanitarian Aid Groups Operating in Yemen |
|
19.7.24 |
Statement on Falcon Content Update for Windows Hosts | INCIDENT | INCIDENT | CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. |
|
18.7.24 |
Killer Ultra Malware | ALERTS | VIRUS | A tool used in Qilin ransomware attacks known as "Killer Ultra" was recently uncovered by researchers. |
|
18.7.24 |
Noxious Stealer | ALERTS | VIRUS | A new stealer malware dubbed Noxious Stealer was recently identified by researchers. |
|
18.7.24 |
Specially crafted HTML files allow for abuse of Windows search | ALERTS | SPAM | Attackers have been recently observed abusing Windows search in order to redirect users to malware. |
|
18.7.24 |
Jenkings Script Console exploited for cryptocurrency mining | ALERTS | CRYPTOCURRENCY | Improperly configured Jenkins Script Console instances (such as Jenkins Groovy plugin) have been weaponized by attackers leading to criminal activities such as the deployment of cryptocurrency miners, and backdoors to gather sensitive information. |
|
18.7.24 |
Phishing campaign impersonating Afrihost services | ALERTS | CAMPAIGN | Afrihost is a South African Internet Service Provider (ISP) that offers services such as ADSL broadband, wireless, mobile services, and web hosting. |
|
18.7.24 |
CVE-2024-36401: Vulnerability in OSGeo GeoServer GeoTools | ALERTS | VULNEREBILITY | CVE-2024-36401 (CVSS score: 9.8) is a vulnerability in OSGeo GeoServer GeoTools, with evidence of active exploitation. |
|
18.7.24 |
Malware disguised as cracked versions of MS Office | ALERTS | VIRUS | Threat researchers discovered malware disguised as cracked versions of MS Office. |
|
18.7.24 |
BadPack method used in Android malware | ALERTS | VIRUS | BadPack is a method observed in malware which targets Android mobile devices. |
|
18.7.24 |
HotPage | MALWARE | Adware | HotPage: Story of a signed, vulnerable, ad-injecting driver |
|
18.7.24 |
SAPwned | VULNEREBILITY | AI | SAPwned: SAP AI vulnerabilities expose customers’ cloud environments and private AI artifacts |
|
18.7.24 |
TAG-100 | GROUP | GROUP | TAG-100 Uses Open-Source Tools in Suspected Global Espionage Campaign, Compromising Two Asia-Pacific Intergovernmental Bodies |
|
18.7.24 |
CVE-2024-34102 | VULNEREBILITY | CVE | (CVSS score: 9.8) - Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability |
|
18.7.24 |
CVE-2024-28995 | VULNEREBILITY | CVE | (CVSS score: 8.6) - SolarWinds Serv-U Path Traversal Vulnerability |
|
18.7.24 |
CVE-2022-22948 | VULNEREBILITY | CVE | (CVSS score: 6.5) - VMware vCenter Server Incorrect Default File Permissions Vulnerability |
|
18.7.24 |
BeaverTail | MALWARE | Stealer | North Korean Hackers Update BeaverTail Malware to Target MacOS Users |
|
17.7.24 |
CVE-2024-27348 | VULNEREBILITY | CVE | RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue. |
|
17.7.24 |
DeputyDog | APT | APT | Italian government agencies and companies in the target of a Chinese APT |
|
17.7.24 |
FIN7 Reboot | APT | APT | FIN7 Reboot | Cybercrime Gang Enhances Ops with New EDR Bypasses and Automated Attacks |
|
16.7.24 |
Quasar RAT delivered via Home Trading System | ALERTS | VIRUS | Threat researchers have identified Quasar RAT malware being distributed via a private Home Trading System (HTS), a tool that allows investors to trade from their own PCs. However, the HTS (aka HPlus) used in these attacks is unsearchable and its provider remains unknown. |
|
16.7.24 |
Malicious Word Document Spreading Stealer Malware | ALERTS | VIRUS | An ongoing campaign has revealed a stealer malware initially distributed through Word documents. This malware infects computers, retrieves the device’s IP address, and subsequently sends the user’s browser information to a dedicated command-and-control (C2) server operated by the attackers, with the data customized for different countries. |
|
16.7.24 |
CVE-2024-36991 - Path Traversal vulnerability in Splunk Enterprise | ALERTS | VULNEREBILITY | CVE-2024-36991 (CVSS: 7.5 High) is a path traversal vulnerability in Splunk Enterprise, a big data platform that simplifies the task of collecting and managing massive volumes of machine-generated data, helping organizations derive insights from this data. |
|
16.7.24 |
BUGSLEEP | MALWARE | Backdoor | NEW BUGSLEEP BACKDOOR DEPLOYED IN RECENT MUDDYWATER CAMPAIGNS |
|
16.7.24 |
MuddyWater | GROUP | GROUP | MuddyWater replaces Atera by custom MuddyRot implant in a recent campaign |
|
16.7.24 |
Void Banshee | GROUP | GROUP | CVE-2024-38112: Void Banshee Targets Windows Users Through Zombie Internet Explorer in Zero-Day Attacks |
|
16.7.24 |
CVE-2024-36401 | VULNEREBILITY | CVE | OSGeo GeoServer GeoTools Eval Injection Vulnerability |
|
15.7.24 |
SYS01 Stealer | MALWARE | Stealer | How SYS01 Stealer Will Get Your Sensitive Facebook Info |
|
15.7.24 |
Poco RAT phishing campaign targeting Spanish speakers | ALERTS | VIRUS | Since early 2024, an ongoing phishing campaign has been targeting Spanish speakers, distributing a new remote access trojan (RAT) known as Poco RAT. |
|
15.7.24 |
CRYSTALRAY's Ongoing Operations Leveraging SSH-Snake | ALERTS | GROUP | Since February 2024, researchers have been tracking the evolving threat actor CRYSTALRAY. The group was observed to leverage the use of a network mapping tool called SSH-Snake, a self-modifying worm malware which exploits compromised SSH credentials to spread through networks. |
|
15.7.24 |
HardBit Ransomware 4.0 | RANSOMWARE | RANSOMWARE | In this Threat Analysis report, Cybereason Security Services investigates HardBit Ransomware version 4.0, a new version observed in the wild. |
|
14.7.24 |
CRYSTALRAY | GROUP | GROUP | CRYSTALRAY: Inside the Operations of a Rising Threat Actor Exploiting OSS Tools |
| 13.7.24 | RADIUS/UDP Considered Harmf | PAPERS | PAPERS | The core of the RADIUS protocol predates modern secure cryptographic design. Surprisingly, in the two decades since Wang et al. demonstrated an MD5 hash collision in 2004, RADIUS has not been updated to remove MD5. In fact, RADIUS appears to have received notably little security analysis given its ubiquity in modern networks. |
| 13.7.24 | Blast-RADIUS Attack | ATTACK | PROTOCOL | Blast-RADIUS, an authentication bypass in the widely used RADIUS/UDP protocol, enables threat actors to breach networks and devices in man-in-the-middle MD5 collision attacks. |
| 13.7.24 | Xhibiter NFT Marketplace 1.10.2 - SQL Injection | PHP | WebApps | |
| 13.7.24 | Azon Dominator Affiliate Marketing Script - SQL Injection | PHP | WebApps | |
| 13.7.24 | Microweber 2.0.15 - Stored XSS | PHP | WebApps | |
| 13.7.24 | Customer Support System 1.0 - Stored XSS | PHP | WebApps | |
| 13.7.24 | Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting (XSS) | PHP | WebApps | |
| 13.7.24 | SolarWinds Platform 2024.1 SR1 - Race Condition | Exploit | Multiple | WebApps |
| 13.7.24 | Flatboard 3.2 - Stored Cross-Site Scripting (XSS) (Authenticated) | PHP | WebApps | |
| 13.7.24 | Poultry Farm Management System v1.0 - Remote Code Execution (RCE) | Exploit | PHP | WebApps |
|
13.7.24 | AT&T Confirms Data Breach | INCIDENT | INCIDENT | AT&T Confirms Data Breach Affecting Nearly All Wireless Customers |
|
13.7.24 | DarkGate | MALWARE | RAT | DarkGate: Dancing the Samba With Alluring Excel Files |
|
13.7.24 | Use-after-free vulnerability in lighttpd version 1.4.50 and earlier | ALERT | ALERT | A use-after-free vulnerability in lighttpd in versions 1.4.50 and earlier permits a remote, unauthenticated attacker to trigger lighttpd to read from invalid pointers in memory. The attacker can use crafted HTTP Requests to crash the web server and/or leak memory in order to access sensitive data. |
|
13.7.24 | RADIUS protocol susceptible to forgery attacks. | ALERT | ALERT | A vulnerability in the RADIUS protocol allows an attacker allows an attacker to forge an authentication response in cases where a Message-Authenticator attribute is not required or enforced. This vulnerability results from a cryptographically insecure integrity check when validating authentication responses from a RADIUS server. |
|
12.7.24 | 2024-06-25 - Latrodectus infection with BackConnect and Keyhole VNC | MALWARE TRAFFIC | MALWARE TRAFFIC | Zip files are password-protected. Of note, this site has a new password scheme. For the password, see the "about" page of this website. |
|
12.7.24 | 2024-06-24 - ClickFix popup leads to Lumma Stealer | MALWARE TRAFFIC | MALWARE TRAFFIC | Zip files are password-protected. Of note, this site has a new password scheme. For the password, see the "about" page of this website. |
|
12.7.24 | 2024-06-17 - Google ad --> fake unclaimed funds site --> Matanbuchus with Danabot | MALWARE TRAFFIC | MALWARE TRAFFIC | Zip files are password-protected. Of note, this site has a new password scheme. For the password, see the "about" page of this website. |
|
12.7.24 | OilAlpha targets Arabic-speaking humanitarian NGOs in Yemen | ALERTS | APT | OilAlpha continues to target Arabic-speaking entities, as well as those interested in humanitarian organizations and NGOs operating in Yemen. According to reports, users are lured to a deceptive web portal that mimics the generic login interfaces of humanitarian organizations such as CARE International and the Norwegian Refugee Council, with the aim of stealing credentials. |
|
12.7.24 | Vultur Campaign: Clothing Retailer Brand Abused in Fake App Scheme | ALERTS | CAMPAIGN | Brands of all genres are constantly abused by cybercriminals to target specific demographics, and financial institutions are usually the ones most impersonated. |
|
12.7.24 | DodgeBox Loader Loading MoonWalk Backdoor | ALERTS | VIRUS | Threat researchers recently discovered a new loader dubbed DodgeBox. This loader shares significant traits with StealthVector, which is associated with the Chinese APT group APT41 / Earth Baku. |
|
12.7.24 | Tax-Themed Android Malware Targeting Uzbekistan Mobile Users | ALERTS | VIRUS | Taxes have been and continue to be prevalently used in social engineering tactics around the world to trick users (both consumers and enterprises) into deploying malware on their machines, entangling themselves in BEC scams, inputting sensitive data into phishing websites, and more. |
|
12.7.24 | CVE-2024-39929 | VULNEREBILITY | CVE | Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users. |
|
12.7.24 | CVE-2024-3596 | VULNEREBILITY | CVE | This vulnerability allows an attacker performing a meddler-in-the-middle attack between Palo Alto Networks PAN-OS firewall and a RADIUS server to bypass authentication and escalate privileges to ‘superuser’ when RADIUS authentication is in use and either CHAP or PAP is selected in the RADIUS server profile. |
|
12.7.24 | CVE-2024-5910 | VULNEREBILITY | CVE | Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. |
|
11.7.24 | Despite group disruptions, ransomware activity not decreasing | ALERTS | RANSOM | In a newly released report, Symantec’s Threat Hunter Team shares insight into observed ransomware activity. The data shows that despite disruptions affecting Lockbit and Noberus groups and a downward trend between the last quarter of 2023 and the first quarter of 2024, activity is still on the rise. |
|
11.7.24 | ViperSoftX: Evolving tactics from Torrent software lures to eBook disguises | ALERTS | VIRUS | ViperSoftX is an infostealer that continues to evolve and enhance its tactics and techniques. Initially, attackers leveraged pirated versions of popular software to lure users, often distributed through torrent sites. |
|
11.7.24 | GuardZoo: Android spyware targeting middle eastern defense entities | ALERTS | VIRUS | An Android spyware dubbed GuardZoo has been observed targeting defense entities in the Middle East. It is believed to be associated with the Houthi rebel faction in Yemen. |
|
11.7.24 | Ghostscript (CVE-2024-29510) | ALERTS | VULNEREBILITY | Symantec is aware of a remote code execution vulnerability (CVE-2024-29510) in the "Ghostscript" document conversion toolkit used on Linux systems. |
|
11.7.24 | DoNex ransomware decryptor | TOOL | Anti-ransom | The DoNex ransomware has been rebranded several times. The first brand, called Muse, appeared in April 2022. Multiple evolutions followed, resulting in the final version of the ransomware, called DoNex. |
|
11.7.24 | CVE-2024-6385 | VULNEREBILITY | CVE | GitLab Critical Patch Release: 17.1.2, 17.0.4, 16.11.6 |
|
11.7.24 | Veeam Backup Software Vulnerability | INCIDENT | INCIDENT | Patch or Peril: A Veeam vulnerability incident |
|
11.7.24 | DodgeBox | MALWARE | Loader | DodgeBox: A deep dive into the updated arsenal of APT41 | Part 1 |
|
11.7.24 | Poco RAT | MALWARE | RAT | New Malware Campaign Targeting Spanish Language Victims |
|
10.7.24 | Water Sigbin exploits vulnerabilities to deliver cryptocurrency miner | ALERTS | CRYPTOCURRENCY | The threat actor Water Sigbin (aka 8220 Gang) has exploited vulnerabilities in the Oracle WebLogic Server ( CVE-2017-3506 and CVE-2023-21839) to deliver a cryptocurrency miner called XMRing to the compromised systems. |
|
10.7.24 | Protection Highlight: Recent Sideloading Attacks | ALERTS | HACKING | In this bulletin however we'll talk about sideloading as it relates to the cybersecurity field. MITRE defines sideloading attacks in T1574.002 as a type of (search order) Hijack Execution Flow, which exploits the way Windows applications load DLLs. |
|
10.7.24 | CVE-2024-38021 | VULNEREBILITY | CVE | Microsoft Office Remote Code Execution Vulnerability |
|
10.7.24 | CVE-2024-38080 | VULNEREBILITY | CVE | Windows Hyper-V Elevation of Privilege Vulnerability |
|
10.7.24 | CVE-2024-38112 | VULNEREBILITY | CVE | Windows MSHTML Platform Spoofing Vulnerability |
|
10.7.24 | CVE-2024-35264 | VULNEREBILITY | CVE | .NET and Visual Studio Remote Code Execution Vulnerability |
|
10.7.24 | Huione Guarantee | SPAM | SPAM | Huione Guarantee: The multi-billion dollar marketplace used by online scammers |
|
10.7.24 | ViperSoftX | MALWARE | Malware | The Mechanics of ViperSoftX: Exploiting AutoIt and CLR for Stealthy PowerShell Execution |
|
10.7.24 | CVE-2024-6387 | VULNEREBILITY | CVE | CVE-2024-6409: OpenSSH: Possible remote code execution in privsep child due to a race condition in signal handling |
|
9.7.24 | Popular sticky-note installers trojanized to push malware | ALERTS | VIRUS | A recent report by (CTA) member Rapid7 has recently disclosed that popular sticky-note app 'Notezilla' installers have been trojanized in order to deliver malware. |
|
9.7.24 | Recent Water Hydra APT Activity Exploiting CVE-2024-21412 | ALERTS | APT | In early 2024, threat researchers exposed the DarkGate campaign, exploiting CVE-2024-21412 via fake software installers. Afterwards, the APT group Water Hydra used the same vulnerability to target financial traders with the DarkMe RAT, bypassing SmartScreen. |
|
9.7.24 | RADIUS | ATTACK | Protocol | RADIUS is almost thirty years old, and uses cryptography based on MD5. Given that MD5 has been broken for over a decade, what are the implications for RADIUS? Why is RADIUS still using MD5? |
|
9.7.24 | Jenkins Script Console | HACKING | CRYPTOCURRENCY | Turning Jenkins Into a Cryptomining Machine From an Attacker's Perspective |
|
9.7.24 | GuardZoo | MALWARE | Android | Lookout Discovers Houthi Surveillanceware Targeting Middle Eastern Militaries |
|
9.7.24 | APT40 | APT | APT | People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action |
|
8.7.24 |
Caught in the Net: Using Infostealer Logs to Unmask CSAM Consumers | PAPERS | PAPERS | In this proof-of-concept (PoC) report, we used Recorded Future Identity Intelligence’s vast trove of information stealer (“infostealer”) malware data to identify consumers of child sexual abuse material (CSAM), surface additional sources, and arrive at geographic and behavioral trends for the most popular sources |
|
8.7.24 | Eldorado | RANSOM | RANSOM | Eldorado Ransomware: The New Golden Empire of Cybercrime? |
|
8.7.24 | StrelaStealer | MALWARE | Stealer | StrelaStealer Resurgence: Tracking a JavaScript-Driven Credential Stealer Targeting Europe |
|
8.7.24 | Satanstealer | MALWARE | Stealer | Satanstealer is a new open source infostealing malware shared on GitHub. The malware collects and exfiltrates various types of information such as browser cookies, passwords, registered phone numbers, and email client details. |
|
8.7.24 | Poseidon | MALWARE | Stealer | ‘Poseidon’ Mac stealer distributed via Google ads |
|
8.7.24 | 0bj3ctivity | MALWARE | Stealer | 0bj3ctivity is an infostealer variant first observed last year in campaigns targeting Italy. A new campaign delivering this malware yet again to Italian users has been reported by CERT-AGID. |
|
8.7.24 | Neptune Stealer | MALWARE | Stealer | A new malware strain dubbed Neptune Stealer has been uncovered by researchers. This malware quietly infiltrates systems to extract passwords and financial data, operating discreetly and customizing itself to evade detection. |
|
8.7.24 | Kematian Stealer | MALWARE | Stealer | Kematian-Stealer : A Deep Dive into a New Information Stealer |
|
8.7.24 | CloudSorcerer | APT | APT | CloudSorcerer – A new APT targeting Russian government entities |
|
8.7.24 | Zergeca: A new Golang botnet with advanced capabilities | ALERTS | BOTNET | A new botnet, dubbed Zergeca and written in Golang, has been observed in the wild. In addition to conducting distributed denial-of-service (DDoS) attacks, the botnet includes several other features such as proxy-based obfuscation. |
|
8.7.24 | Beware of Orcinius trojan's multi-stage attack via Dropbox and Google docs | ALERTS | VIRUS | Beware of the Orcinius trojan malware! It's a multi-stage trojan reported to utilize Dropbox and Google Docs as part of its attack vector for downloading secondary payloads. |
|
8.7.24 | Neptune Stealer | ALERTS | VIRUS | A new malware strain dubbed Neptune Stealer has been uncovered by researchers. This malware quietly infiltrates systems to extract passwords and financial data, operating discreetly and customizing itself to evade detection. |
|
8.7.24 | CVE-2024-39930 | VULNEREBILITY | CVE | The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if the built-in SSH server is activated. Windows installations are unaffected. |
|
8.7.24 | CVE-2024-39931 | VULNEREBILITY | CVE | Gogs through 0.13.0 allows deletion of internal files. |
|
8.7.24 | CVE-2024-39932 | VULNEREBILITY | CVE | Gogs through 0.13.0 allows argument injection during the previewing of changes. |
|
8.7.24 | CVE-2024-39933 | VULNEREBILITY | CVE | Gogs through 0.13.0 allows argument injection during the tagging of a new release. |
|
8.7.24 | Mekotio | MALWARE | Banking | Mekotio Banking Trojan Threatens Financial Systems in Latin America |
|
5.7.24 | Mekotio malware targets banking users in Latin America | ALERTS | VIRUS | Mekotio is a banking trojan active in the threat landscape since at least 2015 and targeting predominantly the Latin America region. |
|
5.7.24 | Religion as Bait: AndroRAT Targets Nigerian Mobile Users | ALERTS | VIRUS | Nigeria features a vibrant religious landscape with multiple different faiths shaping the country. |
|
5.7.24 | Fake Sex Tapes of Turkish Celebrities Fuel SpyNote Spread | ALERTS | VIRUS | Fake sex tapes remain a common social engineering lure used by malware actors due to their ability to evoke strong emotions potentially resulting in impulsive actions. |
|
5.7.24 | CVE-2024-37051 - JetBrains IntelliJ IDEs vulnerability | ALERTS | VULNEREBILITY | CVE-2024-37051 is a recently disclosed critical vulnerability impacting Jetbrains IntelliJ integrated development environment (IDE) apps. |
|
5.7.24 | LukaLocker ransomware distributed by Volcano Demon group | ALERTS | RANSOM | LukaLocker is a newly seen offering from a ransomware group dubbed Volcano Demon. Recently observed attacks were prefaced by exfiltration of data using harvested credentials. |
|
5.7.24 | GootLoader | MALWARE | Loader | GootLoader Malware Still Active, Deploys New Versions for Enhanced Attacks |
|
5.7.24 | Zergeca | BOTNET | BOTNET | New Threat: A Deep Dive Into the Zergeca Botnet |
|
5.7.24 | CVE-2023-2071 | VULNEREBILITY | ICS | PN1645 | FactoryTalk View Machine Edition Vulnerable to Remote Code Execution |
|
5.7.24 | CVE-2023-29464 | VULNEREBILITY | ICS | PN1652 | FactoryTalk® Linx Vulnerable to Denial-of-Service and Information Disclosure |
|
4.7.24 | Disguised e-book delivering AsyncRAT | ALERTS | VIRUS | Former reports detailed how AsyncRAT malware is usually distributed via file extensions such as .chm, .wsf, and .lnk. |
|
4.7.24 | CosmicSting (CVE-2024-34102) - XXE vulnerability is targeting Adobe Commerce and Magento | ALERTS | VULNEREBILITY | CVE-2024-34102 is a critical (CVSS: 9.8) XML External Entity Reference (XXE) vulnerability in Adobe commerce and Magento, which are popular E-commerce platforms. |
|
4.7.24 | CVE-2024-29849 - Veeam Backup Enterprise Manager authentication bypass vulnerability | ALERTS | VULNEREBILITY | CVE-2024-29849 is a recently disclosed critical authentication bypass vulnerability (CVSS score 9.8) affecting Veeam Backup Enterprise Manager. |
|
4.7.24 | CVE-2024-36104 - Path Traversal vulnerability in Apache OFBiz | ALERTS | VULNEREBILITY | CVE-2024-36104 is a Path traversal vulnerability in Apache OFBiz, which is a comprehensive suite of business applications. |
|
4.7.24 | k4spreader: New malware tool used by '8220' Chinese threat actor group | ALERTS | GROUP | A new malware tool known as k4spreader has been observed being used by the '8220' Chinese threat actor group in recent campaigns. |
|
4.7.24 | MerkSpy | MALWARE | Spyware | MerkSpy: Exploiting CVE-2021-40444 to Infiltrate Systems |
|
3.7.24 | SmokeLoader, part 2 | MALWARE | Loader | A Brief History of SmokeLoader, Part 2 |
|
3.7.24 | SmokeLoader, part 1 | MALWARE | Loader | A Brief History of SmokeLoader, Part 1 |
|
3.7.24 | FakeBat loader | MALWARE | Loader | Exposing FakeBat loader: distribution methods and adversary infrastructure |
|
3.7.24 | HappyDoor | MALWARE | Backdoor | Kimsuky Group's New Backdoor Appears (HappyDoor) |
|
3.7.24 | Xctdoor | MALWARE | Backdoor | Xctdoor Malware Used in Attacks Against Korean Companies (Andariel) |
|
3.7.24 | RegreSSHion (CVE-2024-6387) | ALERTS | VULNEREBILITY | Symantec is aware of the "regreSSHion" vulnerability (CVE-2024-6387), which is a critical remote code execution (RCE) flaw in OpenSSH. |
|
3.7.24 | Protection Highlight: CVE-2024-4577 PHP-CGI Argument Injection Vulnerability | ALERTS | VULNEREBILITY | PHP is a general-purpose server scripting language and a powerful scripting tool for making dynamic and interactive Web pages. |
|
3.7.24 | Apple IDs Targeted in US Smishing Campaign | ALERTS | HACKING | Phishing actors continue to target Apple IDs due to their widespread use, which offers access to a vast pool of potential victims. |
|
3.7.24 | CVE-2024-31982 - XWiki RCE vulnerability | ALERTS | VULNEREBILITY | CVE-2024-31982 is a recently disclosed remote code execution (RCE) vulnerability affecting XWiki, which is a popular open-source and Java-based wiki platform. |
| 2.7.24 | Indirector: High-Precision Branch Target Injection Attacks Exploiting the Indirect Branch Predict | PAPERS | CPU | This paper introduces novel high-precision Branch Target Injection (BTI) attacks, leveraging the intricate structures of the Indirect Branch Predictor (IBP) and the Branch Target Buffer (BTB) in high-end Intel CPUs. |
| 2.7.24 | High-Precision Branch Target Injection Attacks Exploiting the Indirect Branch Predictor | ATTACK | CPU | introduces novel high-precision Branch Target Injection (BTI) attacks, leveraging the intricate structures of the Indirect Branch Predictor (IBP) and the Branch Target Buffer (BTB) in high-end Intel CPUs (Raptor Lake and Alder Lake). |
| 2.7.24 | Xhibiter NFT Marketplace 1.10.2 - SQL Injection | Exploit | WebApps | PHP |
| 2.7.24 | Azon Dominator Affiliate Marketing Script - SQL Injection | WebApps | PHP | |
| 2.7.24 | Microweber 2.0.15 - Stored XSS | WebApps | PHP | |
| 2.7.24 | Customer Support System 1.0 - Stored XSS | WebApps | PHP | |
|
2.7.24 | CVE-2024-20399 | VULNEREBILITY | CVE | Cisco NX-OS Software CLI Command Injection Vulnerability |
|
2.7.24 | CocoaPods | VULNEREBILITY | CVE | Vulnerabilities in CocoaPods Open the Door to Supply Chain Attacks Against Thousands of iOS and MacOS Applications |
|
2.7.24 | Datebug APT continues to spread CapraRAT Android malware | ALERTS | APT | Renewed malicious activity associated to the Datebug APT (aka. Transparent Tribe or APT36) has been reported by researchers from Sentinel One |
|
2.7.24 | Poseidon infostealer targeting macOS | ALERTS | VIRUS | Poseidon is a new infostealer variant targeting the macOS platform. The malware is an evolution of the older variant known as RodStealer. |
|
2.7.24 | MerkSpy malware payload delivered through exploitation of CVE-2021-40444 vulnerability | ALERTS | VIRUS | Researchers from Fortinet have reported on a new campaign delivering the MerkSpy malware. |
|
2.7.24 | Kematian Stealer | ALERTS | VIRUS | Researchers have reported a new stealer-type malware dubbed Kematian. |
|
2.7.24 | Fake ZainCash App Steals Mobile User Data | ALERTS | VIRUS | ZainCash, a comprehensive mobile wallet service licensed under the Central Bank of Iraq, designed to provide a variety of digital financial services, has become one of the latest Fintech brands abused by cybercriminals. |
|
1.7.24 | CapraTube | MALWARE | Android | CapraTube Remix | Transparent Tribe’s Android Spyware Targeting Gamers, Weapons Enthusiasts |
|
1.7.24 | Snowblind | MALWARE | Android | Beware of Snowblind: A new Android malware |
|
1.7.24 | regreSSHion | VULNEREBILITY | CVE | regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server |
|
1.7.24 | CVE-2024-2973 | VULNEREBILITY | CVE | 2024-06: Out-Of-Cycle Security Bulletin: Session Smart Router(SSR): On redundant router deployments API authentication can be bypassed (CVE-2024-2973) |