Kimwolf Android Botnet Infects Over 2 Million Devices via Exposed ADB and Proxy Networks

The botnet known as Kimwolf has infected more than 2 million Android devices by tunneling through residential proxy networks, according to findings from Synthient. "Key actors involved in the Kimwolf botnet are observed monetizing the botnet through app installs, selling residential proxy...

APT trends report Q3 2024

Kaspersky's Global Research and Analysis Team GReAT has been releasing quarterly summaries of advanced persistent threat APT activity for over seven years now. Based on our threat intelligence research, these summaries offer a representative overview of what we've published and discussed in more...

IcePeony and Transparent Tribe Target Indian Entities with Cloud-Based Tools

High-profile entities in India have become the target of malicious campaigns orchestrated by the Pakistan-based Transparent Tribe threat actor and a previously unknown China-nexus cyber espionage group dubbed IcePeony. The intrusions linked to Transparent Tribe involve the use of a malware called...

CVE-2024-8914 Thanh Toán Quét Mã QR Code Tự Động – MoMo, ViettelPay, VNPay và 40 ngân hàng Việt Nam <= 2.0.1 - Unauthenticated Stored Cross-Site Scripting

The Thanh Toán Quét Mã QR Code Tự Động – MoMo, ViettelPay, VNPay và 40 ngân hàng Việt Nam plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.1 due to incorrect use of the wpksesallowedhtml function, which allows the 'onclick' attribute for...

Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware

A suspected advanced persistent threat APT originating from China targeted a government organization in Taiwan, and possibly other countries in the Asia-Pacific APAC region, by exploiting a recently patched critical security flaw impacting OSGeo GeoServer GeoTools. The intrusion activity, which w...

Vietnamese Human Rights Group Targeted in Multi-Year Cyberattack by APT32

A non-profit supporting Vietnamese human rights has been the target of a multi-year campaign designed to deliver a variety of malware on compromised hosts. Cybersecurity company Huntress attributed the activity to a threat cluster tracked as APT32, a Vietnamese-aligned hacking crew that's also...

The internet is already scary enough without April Fool’s jokes

I feel like over the past several years, the "holiday" that is April Fools Day has really died down. At this point, there are few headlines you can write that would be more ridiculous than something youd find on a news site any day of the week. And there are so many more serious issues that are...

Woo Viet < 1.5.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Woo Viet – WooCommerce for Vietnam plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

New APT Group 'Lotus Bane' Behind Recent Attacks on Vietnam's Financial Entities

A financial entity in Vietnam was the target of a previously undocumented threat actor called Lotus Bane as part of a cyber attack that was first detected in March 2023. Singapore-headquartered Group-IB described the hacking outfit as an advanced persistent threat group that's believed to have be...

Mustang Panda Targets Asia with Advanced PlugX Variant DOPLUGS

The China-linked threat actor known as Mustang Panda has targeted various Asian countries using a variant of the PlugX aka Korplug backdoor dubbed DOPLUGS. "The piece of customized PlugX malware is dissimilar to the general type of the PlugX malware that contains a completed backdoor command...

New 'VietCredCare' Stealer Targeting Facebook Advertisers in Vietnam

Facebook advertisers in Vietnam are the target of a previously unknown information stealer dubbed VietCredCare at least since August 2022. The malware is "notable for its ability to automatically filter out Facebook session cookies and credentials stolen from compromised devices, and assess wheth...

Chinese Hackers Using Deepfakes in Advanced Mobile Banking Malware Attacks

A Chinese-speaking threat actor codenamed GoldFactory has been attributed to the development of highly sophisticated banking trojans, including a previously undocumented iOS malware called GoldPickaxe that's capable of harvesting identity documents, facial recognition data, and intercepting SMS...

Woocommerce Vietnam Checkout < 2.0.8 - Authenticated (Shop manager+) Stored Cross-Site Scripting

Description The Woocommerce Vietnam Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $currency variable in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

Cross site scripting

The Woocommerce Vietnam Checkout WordPress plugin before 2.0.6 does not escape the custom shipping phone field no the checkout form leading to XSS...

CVE-2023-5325 Woocommerce Vietnam Checkout < 2.0.6 - Unauthenticated Stored XSS

The Woocommerce Vietnam Checkout WordPress plugin before 2.0.6 does not escape the custom shipping phone field no the checkout form leading to XSS...

Imperva Expands Global Network, Adds First PoP in Vietnam

We are delighted to announce our first Point of Presence PoP in Hanoi, Vietnam, expanding our global network with our 16th PoP located in the Asia Pacific & Japan APJ region. Alongside its rich culture and historic sites, Hanoi, the enchanting capital city of Vietnam, is a bustling business cente...

Woocommerce Vietnam Checkout < 2.0.6 - Unauthenticated Stored XSS

Description The plugin does not escape the custom shipping phone field no the checkout form leading to XSS 1 Install both WooCommerce and the plugin. 2 Set a WooCommerce shipping method, and the store's address to one that is in Vietnam. 3 Add product to cart, and proceed to checkout 4 Tick "Ship...

Woocommerce Vietnam Checkout < 2.0.6 - Unauthenticated Stored XSS

Description The plugin does not escape the custom shipping phone field no the checkout form leading to XSS PoC 1 Install both WooCommerce and the plugin. 2 Set a WooCommerce shipping method, and the store's address to one that is in Vietnam. 3 Add product to cart, and proceed to checkout 4 Tick...

Record-Breaking 100 Million RPS DDoS Attack Exploits HTTP/2 Rapid Reset Flaw

Cloudflare on Thursday said it mitigated thousands of hyper-volumetric HTTP distributed denial-of-service DDoS attacks that exploited a recently disclosed flaw called HTTP/2 Rapid Reset, 89 of which exceeded 100 million requests per second RPS. "The campaign contributed to an overall increase of...

Grayling APT Emerges as a Silent Threat Targeting Taiwan

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The Grayling APT group orchestrated a meticulously planned targeting campaign with a primary emphasis on espionage. Grayling set its sights on a government entity in the Asia-Pacific region, along with...