Chinese Hackers Target Government Officials in Europe, South America, and Middle East

A Chinese hacking group has been attributed to a new campaign aimed at infecting government officials in Europe, the Middle East, and South America with a modular malware known as PlugX. Cybersecurity firm Secureworks said it identified the intrusions in June and July 2022, once again demonstrati...

North Korean Hackers Deploying New MagicRAT Malware in Targeted Campaigns

The prolific North Korean nation-state actor known as the Lazarus Group has been linked to a new remote access trojan called MagicRAT. The previously unknown piece of malware is said to have been deployed in victim networks that had been initially breached via successful exploitation of...

Beijing PaiNet Software Co., Ltd Panalog has SQL injection vulnerability

Ltd. was founded in 2004, the company's products cover network access, traffic management, security audit, data analysis and other application scenarios, business coverage of enterprises, education, operators, government, medical, financial, energy, military, public security, hotels and other...

Chile government’s Windows and Linux servers hit by RedAlert ransomware

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Chilean Ministry of Interior asserted that RedAlert ransomware aka N13V attack had disrupted the operations and online services of a government agency in the country. In classic double-extortion...

vtc.gov.tw Cross Site Scripting vulnerability OBB-2887905

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Montenegro Is the Victim of a Cyberattack

Details are few, but Montenegro has suffered a cyberattack: A combination of ransomware and distributed denial-of-service attacks, the onslaught disrupted government services and prompted the country’s electrical utility to switch to manual control. … But the attack against Montenegro’s...

APT40 deployed ScanBox malware to target the Australian government

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary APT 40 is a Chinese cyber espionage group, using phishing campaigns to target Australian government institutions and wind turbine operators in the South China Sea by directing selected individuals to a...

U.S. Government Spending Billions on Cybersecurity

In recent months, the House of Representatives has been hard at work drafting various spending bills for the 2023 fiscal year. While these bills provide funding for a vast array of government programs and agencies, there was one thing that really stands out. Collectively, the bills that are makin...

Criminals socially engineer their way to bank details with fake arrest warrants

When an organization experiences a massive data breach, it knows at least that it needs to inform the federal government about the cybersecurity incident, get law enforcement involved, and then inform its clients and affiliates. Seems simple enough, but this process, which countries from the West...

Iranian-linked hacker group victimized Israel’s shipping industry

Threat Level Actor Report For a detailed advisory, download the pdf file here Summary Iranian threat group UNC3890 used social engineering lures and a watering hole to jeopardize Israels shipping, government, energy, aviation, and healthcare sectors. This campaign has been running since at least...

Attackers waited until holidays to hit US government

The government industry in the United States dealt with heavy hitting breaches against local, federal, and state government networks, primarily during the first quarter of 2021. Our telemetry revealed a small spike in a generic backdoor detection, known as Backdoor.Agent, during March of 2021,...

dp2.bangkok.go.th Cross Site Scripting vulnerability OBB-2840024

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Twitter Exposes Personal Information for 5.4 Million Accounts

Twitter accidentally exposed the personal information--including phone numbers and email addresses--for 5.4 million accounts. And someone was trying to sell this information. In January 2022, we received a report through our bug bounty program of a vulnerability in Twitters systems. As a result o...

Researchers Warn of Ongoing Mass Exploitation of Zimbra RCE Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added two flaws to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The two high-severity issues relate to weaknesses in Zimbra Collaboration, both of which could be chained to achieve...

Zero-day vulnerability leveraged to deploy Cuba Ransomware

Threat Level Attack Report For a detailed advisory, download the pdf file here Summary The threat actors behind the Cuba ransomware have stepped up their game by using a new Remote Access Trojan called ROMCOM and weaponizing a local privilege escalation vulnerabilityCVE-2022-24521. A wide range o...

CVE-2022-30134

creationtimestamp| type| source ---|---|--- 2022-08-10 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=850 2022-08-10 12:05:04+00:00| seen| https://t.me/truesecator/3274...

Iranian threat actor targets the Albanian government using ROADSWEEP ransomware

Threat Level Attack Report For a detailed advisory, download the pdf file here Summary A cyberattack that took place in mid-July momentarily disrupted various Albanian government services and websites and was most likely the work of Iranian hackers. The attack used a new ransomware family called...

Iranian Hackers Likely Behind Disruptive Cyberattacks Against Albanian Government

A threat actor working to further Iranian goals is said to have been behind a set of damaging cyberattacks against Albanian government services in mid-July 2022. Cybersecurity firm Mandiant said the malicious activity against a NATO state represented a "geographic expansion of Iranian disruptive...

What We're Looking Forward to at Black Hat, DEF CON, and BSidesLV 2022

The week of Black Hat, DEF CON, and BSides is highly anticipated annual tradition for the cybersecurity community, a weeklong chance for security pros from all corners of the industry to meet in Las Vegas to talk shop and share what they've spent the last 12 months working on. But like many belov...

CVE-2022-20827

creationtimestamp| type| source ---|---|--- 2022-08-04 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=848 2022-08-04 14:00:07+00:00| seen| https://t.me/truesecator/3253 2022-08-05 11:39:52+00:00| seen| https://t.me/icscert/576 2022-08-07 09:16:40+00:00| seen|...