China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware

A China-based threat actor known for deploying Medusa ransomware has been linked to the weaponization of a combination of zero-day and N-day vulnerabilities to orchestrate "high-velocity" attacks and break into susceptible internet-facing systems. "The threat actor's high operational tempo and...

Pentales: Red Team vs. N-Day (and How We Won)

During a recent Vector Command operation, I had the chance to sit down with one of our red teamers to hear firsthand how they identified and exploited an N-Day vulnerability in a customer’s environment. It’s a clear example of how continuous red teaming can uncover and validate real-world risks...

Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices

The North Korean threat actor known as Lazarus Group has been attributed to the zero-day exploitation of a now-patched security flaw in Google Chrome to seize control of infected devices. Cybersecurity vendor Kaspersky said it made the discovery after it came across a novel attack chain in May 20...

Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack

Cybersecurity researchers have flagged multiple in-the-wild exploit campaigns that leveraged now-patched flaws in Apple Safari and Google Chrome browsers to infect mobile users with information-stealing malware. "These campaigns delivered n-day exploits for which patches were available, but would...

Sharp Multi-Function Printer 18 Vulnerabilities

Hello, Please find a text-only version below sent to security mailing lists. The complete version on "17 vulnerabilities in Sharp Multi-Function Printers" is posted here: https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html The text version is also posted here:...

Operation Blacksmith: Lazarus targets organizations worldwide using novel Telegram-based malware written in DLang

Cisco Talos recently discovered a new campaign conducted by the Lazarus Group were calling "Operation Blacksmith," employing at least three new DLang-based malware families, two of which are remote access trojans RATs, where one of these uses Telegram bots and channels as a medium of command and...

Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability

Since early October 2023, Microsoft has observed two North Korean nation-state threat actors – Diamond Sleet and Onyx Sleet – exploiting CVE-2023-42793, a remote-code execution vulnerability affecting multiple versions of JetBrains TeamCity server. TeamCity is a continuous integration/continuous...

Iranian Hackers Launch Sophisticated Attacks Targeting Israel with PowerLess Backdoor

An Iranian nation-state threat actor has been linked to a new wave of phishing attacks targeting Israel that's designed to deploy an updated version of a Windows backdoor called PowerLess. Cybersecurity firm Check Point is tracking the activity cluster under its mythical creature handle Educated...

Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets

Over the past several months, Microsoft has observed a mature subgroup of Mint Sandstorm, an Iranian nation-state actor previously tracked as PHOSPHORUS, refining its tactics, techniques, and procedures TTPs. Specifically, this subset has rapidly weaponized N-day vulnerabilities in common...

Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets

Over the past several months, Microsoft has observed a mature subgroup of Mint Sandstorm, an Iranian nation-state actor previously tracked as PHOSPHORUS, refining its tactics, techniques, and procedures TTPs. Specifically, this subset has rapidly weaponized N-day vulnerabilities in common...

New Backdoor Created Using Leaked CIA's Hive Malware Discovered in the Wild

Unidentified threat actors have deployed a new backdoor that borrows its features from the U.S. Central Intelligence Agency CIA's Hive multi-platform malware suite, the source code of which was released by WikiLeaks in November 2017. "This is the first time we caught a variant of the CIA Hive...

Open-Source Intelligence to Understand the Scope of N-Day Vulnerabilities

Open-Source Intelligence to Understand the Scope of N-Day Vulnerabilities By Charles McFarland · September 21, 2022 The zero-day is the holy grail for cybercriminals; However, N-day vulnerabilities can pose problems even years after discovery. If a target is vulnerable, it doesn’t matter whether...

Open-Source Intelligence to Understand the Scope of N-Day Vulnerabilities

Open-Source Intelligence to Understand the Scope of N-Day Vulnerabilities By Charles McFarland · September 21, 2022 The zero-day is the holy grail for cybercriminals; However, N-day vulnerabilities can pose problems even years after discovery. If a target is vulnerable, it doesn’t matter whether...

Cyberespionage APT Now Identified as Three Separate Actors

A threat group responsible for sophisticated cyberespionage attacks against U.S. utilities is actually comprised of three subgroups, all with their own toolsets and targets, that have been operating globally since 2018, researchers have found. TA410 is a cyberespionage umbrella group loosely link...

Exploit for SQL Injection in Zohocorp Manageengine_Network_Configuration_Manager

CVE-2021-41081 N-DAY VULNERABILITY RESEARCH F...

Abcbot — A New Evolving Wormable Botnet Malware Targeting Linux

Researchers from Qihoo 360's Netlab security team have released details of a new evolving botnet called "Abcbot" that has been observed in the wild with worm-like propagation features to infect Linux systems and launch distributed denial-of-service DDoS attacks against targets. While the earliest...

Exploit for Out-of-bounds Write in Sudo_Project Sudo

CVE-2019-18634 N-Day Exploit Slides https://docs.googl...

This Week in Security News - July 16, 2021

Trends and Shifts in the Underground N-Day Exploit Market and Scams Make Getting Verified on Social Media a Minefield...

Browser Bugs Exploited to Install 2 New Backdoors on Targeted Computers

Cybersecurity researchers have disclosed details about a new watering hole attack targeting the Korean diaspora that exploits vulnerabilities in web browsers such as Google Chrome and Internet Explorer to deploy malware for espionage purposes. Dubbed "Operation Earth Kitsune" by Trend Micro, the...