Fish | Hunt Fl Security Vulnerabilities

Story of the year: the impact of AI on cybersecurity

In the whirlwind of technological advancements and societal transformations, the term "AI" has undoubtedly etched itself into the forefront of global discourse. Over the past twelve months, this abbreviation has resonated across innumerable headlines, business surveys and tech reports, firmly...

Cueing up a calculator: an introduction to exploit development on Linux

In this follow-up to my previous blog post, I'll explain how to exploit CVE-2023-43641 (a memory corruption vulnerability in libcue) to create a reliable 1-click RCE on Ubuntu 23.04 and Fedora 38. I have also published the source code of the proof of concept. To quickly recap the previous blog...

BlueNoroff: new Trojan attacking macOS users

We recently discovered a new variety of malicious loader that targets macOS, presumably linked to the BlueNoroff APT gang and its ongoing campaign known as RustBucket. The threat actor is known to attack financial organizations, particularly companies, whose activity is in any way related to...

New Threat Actor 'AeroBlade' Emerges in Espionage Attack on U.S. Aerospace

A previously undocumented threat actor has been linked to a cyber attack targeting an aerospace organization in the U.S. as part of what's suspected to be a cyber espionage mission. The BlackBerry Threat Research and Intelligence team is tracking the activity cluster as AeroBlade. Its origin is...

fl-zimmerei.com Improper Access Control vulnerability OBB-3799340

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Associated Press, ESPN, CBS among top sites serving fake virus alerts

ScamClub is a threat actor who's been involved in malvertising activities since 2018. Chances are you probably ran into one of their online scams on your mobile device. Confiant, the firm that has tracked ScamClub for years, released a comprehensive report in September while also disrupting their.....

What is threat hunting?

Many organizations are curious about the idea of threat hunting, but what does this really entail? What should you be hunting for? And what do you need to put in place to threat hunt properly? Four experienced security professionals from across Cisco recently sat down to discuss the basics of...

Citrix Bleed widely exploited, warn government agencies

In a joint cybersecurity advisory, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), along with other international agencies, warn that ransomware gangs are actively exploiting the Citrix Bleed vulnerability. Affiliates of at least two...

Unveiling the Deceptive Dance: Phobos Ransomware Masquerading As VX-Underground

During a recent hunt, Qualys Threat Research has come across a ransomware family known as Phobos, impersonating VX-Underground. Phobos ransomware has been knocking on our door since early 2019 and is often seen being distributed via stolen Remote Desktop Protocol (RDP) connections. Strongly...

#StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability

SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics,.....

Exploit for Path Traversal in Lfprojects Mlflow

...

DarkGate and PikaBot Malware Resurrect QakBot's Tactics in New Phishing Attacks

Phishing campaigns delivering malware families such as DarkGate and PikaBot are following the same tactics previously used in attacks leveraging the now-defunct QakBot trojan. "These include hijacked email threads as the initial infection, URLs with unique patterns that limit user access, and an...

Microsoft unveils expansion of AI for security and security for AI at Microsoft Ignite

The future of security with AI The increasing speed, scale, and sophistication of recent cyberattacks demand a new approach to security. Traditional tools are no longer enough to keep pace with the threats posed by cybercriminals. In just two years, the number of password attacks detected by...

Microsoft unveils expansion of AI for security and security for AI at Microsoft Ignite

The future of security with AI The increasing speed, scale, and sophistication of recent cyberattacks demand a new approach to security. Traditional tools are no longer enough to keep pace with the threats posed by cybercriminals. In just two years, the number of password attacks detected by...

CVE-2023-47631

vantage6 is a framework to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). In affected versions a node does not check if an image is allowed to run if a parent_id is set. A malicious party that breaches the server may modify it to...

CVE-2023-47631

vantage6 is a framework to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). In affected versions a node does not check if an image is allowed to run if a parent_id is set. A malicious party that breaches the server may modify it to...

CVE-2023-47631

vantage6 is a framework to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). In affected versions a node does not check if an image is allowed to run if a parent_id is set. A malicious party that breaches the server may modify it to...

Design/Logic Flaw

vantage6 is a framework to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). In affected versions a node does not check if an image is allowed to run if a parent_id is set. A malicious party that breaches the server may modify it to...

CVE-2023-47631 vantage6 Node accepts non-whitelisted algorithms from malicious server

vantage6 is a framework to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). In affected versions a node does not check if an image is allowed to run if a parent_id is set. A malicious party that breaches the server may modify it to...

Virtually Patch Vulnerabilities with Microsegmentation and Akamai Hunt

...

What is MDR ?

Gaining Insight: Decoding MDR's Functions As we navigate the continually evolving cybersecurity landscape, Managed Detection and Response (MDR) surfaces as a game-changing strategy. But, what does MDR truly signify? In its purest form, MDR marries technical expertise with sector-specific knowledge....

Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction

Microsoft has been tracking activity related to the financially motivated threat actor Octo Tempest, whose evolving campaigns represent a growing concern for organizations across multiple industries. Octo Tempest leverages broad social engineering campaigns to compromise organizations across the...

What is Cloud Migration ?

Dispelling the Fog: Unraveling Cloud Migration In the technological realm, cloud migration is a burgeoning trend that's swiftly taking center stage. However, its definite meaning may not be crystal clear to all. Simply put, cloud migration is the process where essential business constituents such.....

Detect and Remediate Attacks: Practical Applications for Machine Learning

...

More helpful resources for users of all skill levels to help you Take a Security Action

Welcome to this week's edition of the Threat Source newsletter. I continue to be saddened by all the conflict in Israel and Gaza that's still ongoing. I'll be back with a "normal" newsletter next week, as unfortunately, there doesn't seem to be a peaceful solution coming any time soon. In the...

Unraveling Real-Life Attack Paths – Key Lessons Learned

In the ever-evolving landscape of cybersecurity, attackers are always searching for vulnerabilities and exploits within organizational environments. They don't just target single weaknesses; they're on the hunt for combinations of exposures and attack methods that can lead them to their desired...

Threat Actors Exploit Atlassian Confluence CVE-2023-22515 for Initial Access to Networks

SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint Cybersecurity Advisory (CSA) in response to the active exploitation of CVE-2023-22515. This...

Discord, I Want to Play a Game

Discord, I Want to Play a Game By Ernesto Fernández Provecho and David Pastor Sanz (Threatray) · October 16, 2023 Discord is the first choice for gamers when they want to chat with some friends while playing an online computer game. Moreover, it is also a major choice for users that simply want to....

Discord, I Want to Play a Game

Discord, I Want to Play a Game By Ernesto Fernández Provecho and David Pastor Sanz (Threatray) · October 16, 2023 Discord is the first choice for gamers when they want to chat with some friends while playing an online computer game. Moreover, it is also a major choice for users that simply want to....

Using Velociraptor for large-scale endpoint visibility and rapid threat hunting

TL;DR Network-wide collection, acquisition and monitoring tool for use in DFIR engagements Designed for enterprise networks (150k+ Deployments aren’t unheard of) Boasts many features that your commercial EDR has, and a few more Flexible querying language that can adapt to new threats and...

Expanded Microsoft Security Experts offerings provide comprehensive protection

Since we first introduced Microsoft Security Experts in May 2022, we’ve worked hard to expand our new security services category. In the past 16 months, we’ve launched new services, expanded our capabilities, and introduced new ways to buy. Our customers face an unprecedented number of security...

Expanded Microsoft Security Experts offerings provide comprehensive protection

Since we first introduced Microsoft Security Experts in May 2022, we’ve worked hard to expand our new security services category. In the past 16 months, we’ve launched new services, expanded our capabilities, and introduced new ways to buy. Our customers face an unprecedented number of security...

Little Crumbs Can Lead To Giants

This week is the Virus Bulletin Conference in London. Part of the conference is the Cyber Threat Alliance summit, where CTA members like Rapid7 showcase their research into all kinds of cyber threats and techniques. Traditionally, when we investigate a campaign, the focus is mostly on the code of.....

QakBot Threat Actors Still in Action, Using Ransom Knight and Remcos RAT in Latest Attacks

Despite the disruption to its infrastructure, the threat actors behind the QakBot malware have been linked to an ongoing phishing campaign since early August 2023 that led to the delivery of Ransom Knight (aka Cyclops) ransomware and Remcos RAT. This indicates that "the law enforcement operation...

NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations

A plea for network defenders and software manufacturers to fix common problems. EXECUTIVE SUMMARY The National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint cybersecurity advisory (CSA) to highlight the most common cybersecurity...

hunt-japan.com Cross Site Scripting vulnerability OBB-3721389

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

ModuleShifting - Stealthier Variation Of Module Stomping And Module Overloading Injection Techniques That Reduces Memory IoCs

ModuleShifting is stealthier variation of Module Stomping and Module overloading injection technique. It is actually implemented in Python ctypes so that it can be executed fully in memory via a Python interpreter and Pyramid, thus avoiding the usage of compiled loaders. The technique can be used.....

Ransomware reinfections on the rise from improper remediation

Attack. Remediate. Repeat? Speak to any organization infiltrated by ransomware--the most dangerous malware in the world--and they'll be blunt: They'd do anything to avoid getting hit twice. But ransomware attacks have been ramping up in 2023 and reinfections are occurring all over the globe,...

Unlock Broader Detections and Forensics with Velociraptor in Rapid7 XDR

Nearly 70% of companies that are breached are likely to get breached again within twelve months (CPO). Effective remediation and addressing attacks at the root is key to staying ahead of threats and recurring breaches on the endpoint. Strong Digital Forensics and Incident Response (DFIR) ready to.....

Microsoft 365 Defender demonstrates 100 percent protection coverage in the 2023 MITRE Engenuity ATT&CK® Evaluations: Enterprise

For the fifth consecutive year, Microsoft 365 Defender demonstrated industry-leading extended detection and response (XDR) capabilities in the independent MITRE Engenuity ATT&CK® Evaluations: Enterprise. The attack used during the test highlights the importance of a unified XDR platform and...

Microsoft 365 Defender demonstrates 100 percent protection coverage in the 2023 MITRE Engenuity ATT&CK® Evaluations: Enterprise

For the fifth consecutive year, Microsoft 365 Defender demonstrated industry-leading extended detection and response (XDR) capabilities in the independent MITRE Engenuity ATT&CK® Evaluations: Enterprise. The attack used during the test highlights the importance of a unified XDR platform and...

Ransomware group steps up, issues statement over MGM Resorts compromise

The recent attack on MGM Resorts generated lots of speculation with regard to what the cause was. Some folks claimed the culprit was ransomware. Well, confirmation is now forthcoming as an affiliate of the BlackCat/ALPHV ransomware group is said to be the one responsible for the attack and...

Avoid These 5 IT Offboarding Pitfalls

Employee offboarding is no one's favorite task, yet it is a critical IT process that needs to be executed diligently and efficiently. That's easier said than done, especially considering that IT organizations have less visibility and control over employees' IT use than ever. Today, employees can...

Exploit for CVE-2022-32862

%PDF-1.5 %���� 16 0 obj << /Length 972 /Filter...

CVE-2023-3935

A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host...

A secondhand account of the worst possible timing for a scammer to strike

Welcome to this week's edition of the Threat Source newsletter. Up until last week, I had never considered the timing of a scam to be important. I'm so used to just swiping away emails or text messages at random times during the day that I'd never considered what would happen if an adversary...

Exploit for Code Injection in Apache Rocketmq

Fetch Broker Configuration Fetch Broker Configuration will...

New open-source infostealer, and reflections on 2023 so far

Welcome to this week's edition of the Threat Source newsletter. I'm covering for Jon this week whilst he takes some well-deserved holiday. What's on my mind this week? Well, apart from a new horror film that I just read about called "Slotherhouse" where the killer is, um, a sloth (I predict...

FBI Dismantles QakBot Malware, Frees 700,000 Computers, Seizes $8.6 Million

A coordinated law enforcement effort codenamed Operation Duck Hunt has felled QakBot, a notorious Windows malware family that's estimated to have compromised over 700,000 computers globally and facilitated financial fraud as well as ransomware. To that end, the U.S. Justice Department (DoJ) said...

U.S. Hacks QakBot, Quietly Removes Botnet Infections

The U.S. government today announced a coordinated crackdown against QakBot, a complex malware family used by multiple cybercrime groups to lay the groundwork for ransomware infections. The international law enforcement operation involved seizing control over the botnet's online infrastructure, and....