Story of the year: the impact of AI on cybersecurity
In the whirlwind of technological advancements and societal transformations, the term "AI" has undoubtedly etched itself into the forefront of global discourse. Over the past twelve months, this abbreviation has resonated across innumerable headlines, business surveys and tech reports, firmly...
7.7AI Score
Cueing up a calculator: an introduction to exploit development on Linux
In this follow-up to my previous blog post, I'll explain how to exploit CVE-2023-43641 (a memory corruption vulnerability in libcue) to create a reliable 1-click RCE on Ubuntu 23.04 and Fedora 38. I have also published the source code of the proof of concept. To quickly recap the previous blog...
8.8CVSS
8.1AI Score
0.014EPSS
BlueNoroff: new Trojan attacking macOS users
We recently discovered a new variety of malicious loader that targets macOS, presumably linked to the BlueNoroff APT gang and its ongoing campaign known as RustBucket. The threat actor is known to attack financial organizations, particularly companies, whose activity is in any way related to...
7.1AI Score
New Threat Actor 'AeroBlade' Emerges in Espionage Attack on U.S. Aerospace
A previously undocumented threat actor has been linked to a cyber attack targeting an aerospace organization in the U.S. as part of what's suspected to be a cyber espionage mission. The BlackBerry Threat Research and Intelligence team is tracking the activity cluster as AeroBlade. Its origin is...
7.3AI Score
fl-zimmerei.com Improper Access Control vulnerability OBB-3799340
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
Associated Press, ESPN, CBS among top sites serving fake virus alerts
ScamClub is a threat actor who's been involved in malvertising activities since 2018. Chances are you probably ran into one of their online scams on your mobile device. Confiant, the firm that has tracked ScamClub for years, released a comprehensive report in September while also disrupting their.....
7.2AI Score
Many organizations are curious about the idea of threat hunting, but what does this really entail? What should you be hunting for? And what do you need to put in place to threat hunt properly? Four experienced security professionals from across Cisco recently sat down to discuss the basics of...
7.2AI Score
Citrix Bleed widely exploited, warn government agencies
In a joint cybersecurity advisory, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), along with other international agencies, warn that ransomware gangs are actively exploiting the Citrix Bleed vulnerability. Affiliates of at least two...
7.5CVSS
8.3AI Score
0.971EPSS
Unveiling the Deceptive Dance: Phobos Ransomware Masquerading As VX-Underground
During a recent hunt, Qualys Threat Research has come across a ransomware family known as Phobos, impersonating VX-Underground. Phobos ransomware has been knocking on our door since early 2019 and is often seen being distributed via stolen Remote Desktop Protocol (RDP) connections. Strongly...
7.7AI Score
#StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability
SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics,.....
9.4CVSS
8.6AI Score
0.971EPSS
9.8CVSS
7AI Score
0.039EPSS
DarkGate and PikaBot Malware Resurrect QakBot's Tactics in New Phishing Attacks
Phishing campaigns delivering malware families such as DarkGate and PikaBot are following the same tactics previously used in attacks leveraging the now-defunct QakBot trojan. "These include hijacked email threads as the initial infection, URLs with unique patterns that limit user access, and an...
7.5AI Score
Microsoft unveils expansion of AI for security and security for AI at Microsoft Ignite
The future of security with AI The increasing speed, scale, and sophistication of recent cyberattacks demand a new approach to security. Traditional tools are no longer enough to keep pace with the threats posed by cybercriminals. In just two years, the number of password attacks detected by...
7.8AI Score
Microsoft unveils expansion of AI for security and security for AI at Microsoft Ignite
The future of security with AI The increasing speed, scale, and sophistication of recent cyberattacks demand a new approach to security. Traditional tools are no longer enough to keep pace with the threats posed by cybercriminals. In just two years, the number of password attacks detected by...
7.8AI Score
vantage6 is a framework to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). In affected versions a node does not check if an image is allowed to run if a parent_id is set. A malicious party that breaches the server may modify it to...
8.8CVSS
8.6AI Score
0.001EPSS
vantage6 is a framework to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). In affected versions a node does not check if an image is allowed to run if a parent_id is set. A malicious party that breaches the server may modify it to...
8.8CVSS
8.7AI Score
0.001EPSS
vantage6 is a framework to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). In affected versions a node does not check if an image is allowed to run if a parent_id is set. A malicious party that breaches the server may modify it to...
8.8CVSS
0.001EPSS
vantage6 is a framework to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). In affected versions a node does not check if an image is allowed to run if a parent_id is set. A malicious party that breaches the server may modify it to...
8.8CVSS
7.1AI Score
0.001EPSS
CVE-2023-47631 vantage6 Node accepts non-whitelisted algorithms from malicious server
vantage6 is a framework to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). In affected versions a node does not check if an image is allowed to run if a parent_id is set. A malicious party that breaches the server may modify it to...
7.2CVSS
8.9AI Score
0.001EPSS
7.3AI Score
Gaining Insight: Decoding MDR's Functions As we navigate the continually evolving cybersecurity landscape, Managed Detection and Response (MDR) surfaces as a game-changing strategy. But, what does MDR truly signify? In its purest form, MDR marries technical expertise with sector-specific knowledge....
7.8AI Score
Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction
Microsoft has been tracking activity related to the financially motivated threat actor Octo Tempest, whose evolving campaigns represent a growing concern for organizations across multiple industries. Octo Tempest leverages broad social engineering campaigns to compromise organizations across the...
8.7AI Score
Dispelling the Fog: Unraveling Cloud Migration In the technological realm, cloud migration is a burgeoning trend that's swiftly taking center stage. However, its definite meaning may not be crystal clear to all. Simply put, cloud migration is the process where essential business constituents such.....
7.2AI Score
7.1AI Score
More helpful resources for users of all skill levels to help you Take a Security Action
Welcome to this week's edition of the Threat Source newsletter. I continue to be saddened by all the conflict in Israel and Gaza that's still ongoing. I'll be back with a "normal" newsletter next week, as unfortunately, there doesn't seem to be a peaceful solution coming any time soon. In the...
10CVSS
7.4AI Score
0.853EPSS
Unraveling Real-Life Attack Paths – Key Lessons Learned
In the ever-evolving landscape of cybersecurity, attackers are always searching for vulnerabilities and exploits within organizational environments. They don't just target single weaknesses; they're on the hunt for combinations of exposures and attack methods that can lead them to their desired...
7.4AI Score
Threat Actors Exploit Atlassian Confluence CVE-2023-22515 for Initial Access to Networks
SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint Cybersecurity Advisory (CSA) in response to the active exploitation of CVE-2023-22515. This...
9.8CVSS
9.7AI Score
0.973EPSS
Discord, I Want to Play a Game
Discord, I Want to Play a Game By Ernesto Fernández Provecho and David Pastor Sanz (Threatray) · October 16, 2023 Discord is the first choice for gamers when they want to chat with some friends while playing an online computer game. Moreover, it is also a major choice for users that simply want to....
7.4AI Score
Discord, I Want to Play a Game
Discord, I Want to Play a Game By Ernesto Fernández Provecho and David Pastor Sanz (Threatray) · October 16, 2023 Discord is the first choice for gamers when they want to chat with some friends while playing an online computer game. Moreover, it is also a major choice for users that simply want to....
7.1AI Score
Using Velociraptor for large-scale endpoint visibility and rapid threat hunting
TL;DR Network-wide collection, acquisition and monitoring tool for use in DFIR engagements Designed for enterprise networks (150k+ Deployments aren’t unheard of) Boasts many features that your commercial EDR has, and a few more Flexible querying language that can adapt to new threats and...
7.1AI Score
Expanded Microsoft Security Experts offerings provide comprehensive protection
Since we first introduced Microsoft Security Experts in May 2022, we’ve worked hard to expand our new security services category. In the past 16 months, we’ve launched new services, expanded our capabilities, and introduced new ways to buy. Our customers face an unprecedented number of security...
6.6AI Score
Expanded Microsoft Security Experts offerings provide comprehensive protection
Since we first introduced Microsoft Security Experts in May 2022, we’ve worked hard to expand our new security services category. In the past 16 months, we’ve launched new services, expanded our capabilities, and introduced new ways to buy. Our customers face an unprecedented number of security...
6.6AI Score
Little Crumbs Can Lead To Giants
This week is the Virus Bulletin Conference in London. Part of the conference is the Cyber Threat Alliance summit, where CTA members like Rapid7 showcase their research into all kinds of cyber threats and techniques. Traditionally, when we investigate a campaign, the focus is mostly on the code of.....
5.4CVSS
6.8AI Score
0.004EPSS
QakBot Threat Actors Still in Action, Using Ransom Knight and Remcos RAT in Latest Attacks
Despite the disruption to its infrastructure, the threat actors behind the QakBot malware have been linked to an ongoing phishing campaign since early August 2023 that led to the delivery of Ransom Knight (aka Cyclops) ransomware and Remcos RAT. This indicates that "the law enforcement operation...
6.8AI Score
NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations
A plea for network defenders and software manufacturers to fix common problems. EXECUTIVE SUMMARY The National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint cybersecurity advisory (CSA) to highlight the most common cybersecurity...
10CVSS
10AI Score
0.976EPSS
hunt-japan.com Cross Site Scripting vulnerability OBB-3721389
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
ModuleShifting is stealthier variation of Module Stomping and Module overloading injection technique. It is actually implemented in Python ctypes so that it can be executed fully in memory via a Python interpreter and Pyramid, thus avoiding the usage of compiled loaders. The technique can be used.....
7.2AI Score
Ransomware reinfections on the rise from improper remediation
Attack. Remediate. Repeat? Speak to any organization infiltrated by ransomware--the most dangerous malware in the world--and they'll be blunt: They'd do anything to avoid getting hit twice. But ransomware attacks have been ramping up in 2023 and reinfections are occurring all over the globe,...
8.2AI Score
Unlock Broader Detections and Forensics with Velociraptor in Rapid7 XDR
Nearly 70% of companies that are breached are likely to get breached again within twelve months (CPO). Effective remediation and addressing attacks at the root is key to staying ahead of threats and recurring breaches on the endpoint. Strong Digital Forensics and Incident Response (DFIR) ready to.....
7AI Score
For the fifth consecutive year, Microsoft 365 Defender demonstrated industry-leading extended detection and response (XDR) capabilities in the independent MITRE Engenuity ATT&CK® Evaluations: Enterprise. The attack used during the test highlights the importance of a unified XDR platform and...
7.1AI Score
For the fifth consecutive year, Microsoft 365 Defender demonstrated industry-leading extended detection and response (XDR) capabilities in the independent MITRE Engenuity ATT&CK® Evaluations: Enterprise. The attack used during the test highlights the importance of a unified XDR platform and...
7.1AI Score
Ransomware group steps up, issues statement over MGM Resorts compromise
The recent attack on MGM Resorts generated lots of speculation with regard to what the cause was. Some folks claimed the culprit was ransomware. Well, confirmation is now forthcoming as an affiliate of the BlackCat/ALPHV ransomware group is said to be the one responsible for the attack and...
7AI Score
Avoid These 5 IT Offboarding Pitfalls
Employee offboarding is no one's favorite task, yet it is a critical IT process that needs to be executed diligently and efficiently. That's easier said than done, especially considering that IT organizations have less visibility and control over employees' IT use than ever. Today, employees can...
6.5AI Score
5.5CVSS
5.5AI Score
0.001EPSS
A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host...
9.8CVSS
9.7AI Score
0.001EPSS
A secondhand account of the worst possible timing for a scammer to strike
Welcome to this week's edition of the Threat Source newsletter. Up until last week, I had never considered the timing of a scam to be important. I'm so used to just swiping away emails or text messages at random times during the day that I'd never considered what would happen if an adversary...
6.7AI Score
Exploit for Code Injection in Apache Rocketmq
Fetch Broker Configuration Fetch Broker Configuration will...
9.7AI Score
New open-source infostealer, and reflections on 2023 so far
Welcome to this week's edition of the Threat Source newsletter. I'm covering for Jon this week whilst he takes some well-deserved holiday. What's on my mind this week? Well, apart from a new horror film that I just read about called "Slotherhouse" where the killer is, um, a sloth (I predict...
6.7AI Score
FBI Dismantles QakBot Malware, Frees 700,000 Computers, Seizes $8.6 Million
A coordinated law enforcement effort codenamed Operation Duck Hunt has felled QakBot, a notorious Windows malware family that's estimated to have compromised over 700,000 computers globally and facilitated financial fraud as well as ransomware. To that end, the U.S. Justice Department (DoJ) said...
7.2AI Score
U.S. Hacks QakBot, Quietly Removes Botnet Infections
The U.S. government today announced a coordinated crackdown against QakBot, a complex malware family used by multiple cybercrime groups to lay the groundwork for ransomware infections. The international law enforcement operation involved seizing control over the botnet's online infrastructure, and....
7AI Score