Lucene search
+L

168 matches found

The Hacker News
The Hacker News
added 2024/12/14 10:16 a.m.23 views

Thai Officials Targeted in Yokai Backdoor Campaign Using DLL Side-Loading Techniques

Thai government officials have emerged as the target of a new campaign that leverages a technique called DLL side-loading to deliver a previously undocumented backdoor dubbed Yokai. "The target of the threat actors were Thailand officials based on the nature of the lures," Nikhil Hegde, senior...

7.8CVSS8.7AI score0.99945EPSS
Exploits33
The Hacker News
The Hacker News
added 2024/12/05 11:0 a.m.6 views

Researchers Uncover 4-Month Cyberattack on U.S. Firm Linked to Chinese Hackers

A suspected Chinese threat actor targeted a large U.S. organization earlier this year as part of a four-month-long intrusion. According to Broadcom-owned Symantec, the first evidence of the malicious activity was detected on April 11, 2024 and continued until August. However, the company doesn't...

7.5AI score
Exploits0
Securelist
Securelist
added 2024/11/29 10:0 a.m.26 views

IT threat evolution Q3 2024

IT threat evolution in Q3 2024 IT threat evolution in Q3 2024. Non-mobile statistics IT threat evolution in Q3 2024. Mobile statistics Targeted attacks New APT threat actor targets Russian government entities In May 2024, we discovered a new APT targeting Russian government organizations...

8.2AI score0.97798EPSS
Exploits49
The Hacker News
The Hacker News
added 2024/11/07 9:42 a.m.32 views

SteelFox and Rhadamanthys Malware Use Copyright Scams, Driver Exploits to Target Victims

An ongoing phishing campaign is employing copyright infringement-related themes to trick victims into downloading a newer version of the Rhadamanthys information stealer since July 2024. Cybersecurity firm Check Point is tracking the large-scale campaign under the name CopyRhightadamantys. Target...

7.8CVSS7.1AI score0.00605EPSS
Exploits2
The Hacker News
The Hacker News
added 2024/08/30 6:17 a.m.22 views

New Cyberattack Targets Chinese-Speaking Businesses with Cobalt Strike Payloads

Chinese-speaking users are the target of a "highly organized and sophisticated attack" campaign that is likely leveraging phishing emails to infect Windows systems with Cobalt Strike payloads. "The attackers managed to move laterally, establish persistence and remain undetected within the systems...

8.4AI score
Exploits0
The Hacker News
The Hacker News
added 2024/08/19 1:6 p.m.29 views

New UULoader Malware Distributes Gh0st RAT and Mimikatz in East Asia

A new type of malware called UULoader is being used by threat actors to deliver next-stage payloads like Gh0st RAT and Mimikatz. The Cyberint Research Team, which discovered the malware, said it's distributed in the form of malicious installers for legitimate applications targeting Korean and...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2024/08/12 3:43 a.m.27 views

EastWind Attack Deploys PlugY and GrewApacha Backdoors Using Booby-Trapped LNK Files

The Russian government and IT organizations are the target of a new campaign that delivers a number of backdoors and trojans as part of a spear-phishing campaign codenamed EastWind. The attack chains are characterized by the use of RAR archive attachments containing a Windows shortcut LNK file...

7.9AI score
Exploits0
The Hacker News
The Hacker News
added 2024/08/02 9:56 a.m.44 views

New Windows Backdoor BITSLOTH Exploits BITS for Stealthy Communication

Cybersecurity researchers have discovered a previously undocumented Windows backdoor that leverages a built-in feature called Background Intelligent Transfer Service BITS as a command-and-control C2 mechanism. The newly identified malware strain has been codenamed BITSLOTH by Elastic Security Lab...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2024/07/31 9:37 a.m.28 views

Cyber Espionage Group XDSpy Targets Companies in Russia and Moldova

Companies in Russia and Moldova have been the target of a phishing campaign orchestrated by a little-known cyber espionage group known as XDSpy. The findings come from cybersecurity firm F.A.C.C.T., which said the infection chains lead to the deployment of a malware called DSDownloader. The...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2024/07/30 7:32 a.m.65 views

New SideWinder Cyber Attacks Target Maritime Facilities in Multiple Countries

The nation-state threat actor known as SideWinder has been attributed to a new cyber espionage campaign targeting ports and maritime facilities in the Indian Ocean and Mediterranean Sea. The BlackBerry Research and Intelligence Team, which discovered the activity, said targets of the spear-phishi...

9.3CVSS7.8AI score0.99945EPSS
Exploits62
The Hacker News
The Hacker News
added 2024/07/27 6:9 a.m.27 views

French Authorities Launch Operation to Remove PlugX Malware from Infected Systems

French judicial authorities, in collaboration with Europol, have launched a so-called "disinfection operation" to rid compromised hosts of a known malware called PlugX. The Paris Prosecutor's Office, Parquet de Paris, said the initiative was launched on July 18 and that it's expected to continue...

8AI score
Exploits0
The Hacker News
The Hacker News
added 2024/07/11 12:31 p.m.28 views

Chinese APT41 Upgrades Malware Arsenal with DodgeBox and MoonWalk

The China-linked advanced persistent threat APT group codenamed APT41 is suspected to be using an "advanced and upgraded version" of a known malware called StealthVector to deliver a previously undocumented backdoor dubbed MoonWalk. The new variant of StealthVector – which is also referred to as...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2024/06/18 1:30 p.m.22 views

Cybercriminals Exploit Free Software Lures to Deploy Hijack Loader and Vidar Stealer

Threat actors are luring unsuspecting users with free or pirated versions of commercial software to deliver a malware loader called Hijack Loader, which then deploys an information stealer known as Vidar Stealer. "Adversaries had managed to trick users into downloading password-protected archive...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2024/05/24 9:13 a.m.27 views

Stealthy BLOODALCHEMY Malware Targeting ASEAN Government Networks

Cybersecurity researchers have discovered that the malware known as BLOODALCHEMY used in attacks targeting government organizations in Southern and Southeastern Asia is in fact an updated version of Deed RAT, which is believed to be a successor to ShadowPad. "The origin of BLOODALCHEMY and Deed R...

7.9AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/05/13 7:17 p.m.48 views

Ongoing Malvertising Campaign leads to Ransomware

Executive Summary Rapid7 has observed an ongoing campaign to distribute trojanized installers for WinSCP and PuTTY via malicious ads on commonly used search engines, where clicking on the ad leads to typo squatted domains. In at least one observed case, the infection has led to the attempted...

7.5AI score
Exploits0
NVD
NVD
added 2024/04/19 9:15 p.m.19 views

CVE-2024-4017

Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit filesystem modules allows DLL Side-Loading.This issue affects U-Series Appliance: from 3.4 before 4.0.3...

8.8CVSS8.8AI score0.00171EPSS
Exploits0References1
OSV
OSV
added 2024/04/19 9:15 p.m.7 views

CVE-2024-4017

Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit filesystem modules allows DLL Side-Loading.This issue affects U-Series Appliance: from 3.4 before 4.0.3...

7.8CVSS5.5AI score0.00171EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/19 8:40 p.m.20 views

CVE-2024-4017 Privilege Escalation in U-Series Appliance

Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit filesystem modules allows DLL Side-Loading.This issue affects U-Series Appliance: from 3.4 before 4.0.3...

8.8CVSS7AI score0.00171EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/19 8:40 p.m.21 views

CVE-2024-4017 Privilege Escalation in U-Series Appliance

Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit filesystem modules allows DLL Side-Loading.This issue affects U-Series Appliance: from 3.4 before 4.0.3...

8.8CVSS8.9AI score0.00171EPSS
Exploits0References1
CVE
CVE
added 2024/04/19 8:40 p.m.80 views

CVE-2024-4017

BeyondTrust U-Series Appliance (Windows, 64-bit filesystem modules) is affected by CVE-2024-4017 due to improper privilege management allowing DLL side-loading. Affected versions are 3.4 through prior to 4.0.3; remediation is to upgrade to version 4.0.3 or later. Some sources confirm the vulnerab...

8.8CVSS6.9AI score0.00171EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder