60 matches found
SideWinder APT Strikes Middle East and Africa With Stealthy Multi-Stage Attack
An advanced persistent threat APT actor with suspected ties to India has sprung forth with a flurry of attacks against high-profile entities and strategic infrastructures in the Middle East and Africa. The activity has been attributed to a group tracked as SideWinder, which is also known as...
Cloud Atlas Exploits Six-Year-Old Flaw to Target Russian Companies
Summary: The threat actor Cloud Atlas has been identified in spear-phishing attacks targeting Russian enterprises. The modus operandi involves a phishing message in the initial stage, containing a lure document that exploits CVE-2017-11882, a memory corruption vulnerability in Microsoft Offices...
Cloud Atlas' Spear-Phishing Attacks Target Russian Agro and Research Companies
The threat actor referred to as Cloud Atlas has been linked to a set of spear-phishing attacks on Russian enterprises. Targets included a Russian agro-industrial enterprise and a state-owned research company, according to a report from F.A.C.C.T., a standalone cybersecurity company formed after...
Hackers Exploiting MS Excel Vulnerability to Spread Agent Tesla Malware
Attackers are weaponizing an old Microsoft Office vulnerability as part of phishing campaigns to distribute a strain of malware called Agent Tesla. The infection chains leverage decoy Excel documents attached in invoice-themed messages to trick potential targets into opening them and activate the...
Alert: Phishing Campaigns Deliver New SideTwist Backdoor and Agent Tesla Variant
The Iranian threat actor tracked as APT34 has been linked to a new phishing attack that leads to the deployment of a variant of a backdoor called SideTwist. "APT34 has a high level of attack technology, can design different intrusion methods for different types of targets, and has supply chain...
Qualys Top 20 Most Exploited Vulnerabilities
The earlier blog posts showcased an overview of the vulnerability threat landscape that is either remotely exploited or most targeted by attackers. A quick recap – We focused on high-risk vulnerabilities that can be remotely exploited with or without authentication, and with the view on the time ...
Targeted attack on industrial enterprises and public institutions
In January 2022, Kaspersky ICS CERT experts detected a wave of targeted attacks on military industrial complex enterprises and public institutions in several countries. In the course of our research, we were able to identify over a dozen of attacked organizations. The attack targeted industrial...
Snake Keylogger Spreads Through Malicious PDFs
While most malicious e-mail campaigns use Word documents to hide and spread malware, a recently discovered campaign uses a malicious PDF file and a 22-year-old Office bug to propagate the Snake Keylogger malware, researchers have found. The campaign—discovered by researchers at HP Wolf...
Russian threat actor UAC-0056 targets European countries
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. The Governmental Computer Emergency Response Team of Ukraine CERT-UA has released an alert about a Russian threat actor UAC-0056 SaintBear, UNC2589, TA471 delivering malwares using email attachments. UNC2589 is a cyber...
FormBook spam campaign targets citizens of Ukraine️
Our Threat Intelligence team has been closely monitoring cyber threats related to the war in Ukraine. Today, we discovered a malicious spam campaign dropping the Formbook stealer specifically targeting Ukrainians. Formbook is part of a long-running malspam operation that we observe on a regular...
Beware of malware offering “Warm greetings from Saudi Aramco”
Recently, the Malwarebytes Threat Intelligence Team found a Formbook campaign targeting oil and gas companies. The campaign they discovered was delivered by a targeted email that contained two attachments, one is a pdf file and the other an Excel document. Formbook The Formbook malware is an...
Malicious campaign uses a barrage of commodity RATs to target Afghanistan and India
Cisco Talos recently discovered a threat actor using political and government-themed malicious domains to target entities in India and Afghanistan.These attacks use dcRAT and QuasarRAT for Windows delivered via malicious documents exploiting CVE-2017-11882 — a memory corruption vulnerability in...
Top CVEs Trending with Cybercriminals
Criminal small talk in underground forums offer critical clues about which known Common Vulnerabilities and Exposures CVEs threat actors are most focused on. This, in turn, offers defenders clues on what to watch out for. An analysis of such chatter, by Cognyte, examined 15 cybercrime forums...
ticketpass.fr Cross Site Scripting vulnerability OBB-1258115
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
rupert.id.au Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1150677 Security Researcher roker Helped patch 51 vulnerabilities Received 2 Coordinated Disclosure badges Received 4 recommendations , a holder of 2 badges for responsible and coordinated disclosure, found a security vulnerability affecting rupert.id.au website and its...
biaindiana.org Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1134453 Security Researcher geeknik Helped patch 8949 vulnerabilities Received 8 Coordinated Disclosure badges Received 21 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting biaindiana.org website and...
Loda RAT Grows Up
By Chris Neal. Over the past several months, Cisco Talos has observed a malware campaign that utilizes websites hosting a new version of Loda, a remote access trojan RAT written in AutoIT. These websites also host malicious documents that begin a multi-stage infection chain which ultimately serve...
stroyportal-volga.ru Cross Site Scripting vulnerability
Security Researcher Faizanmark Helped patch 76 vulnerabilities Received 6 Coordinated Disclosure badges Received 58 recommendations , a holder of 6 badges for responsible and coordinated disclosure, found a security vulnerability affecting stroyportal-volga.ru website and its users. Following...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
Overview of CVE-2017-11882 In terms of vulnerability exploit...
Microsoft Warns of Email Attacks Executing Code Using an Old Bug
Microsoft is warning of a fresh email campaign that distributes malicious RTF files boobytrapped with an exploit dating back to a 2017 vulnerability, CVE-2017-11882. The exploit allows attackers to automatically run malicious code without requiring user interaction. “The CVE-2017-11882...