1589 matches found
Similarities between hacktivist groups reveal Iranian connection
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary COBALT SAPLING is a threat actor group that is believed to be Iranian in origin. The group has been found to operate multiple hacktivist group personas, including Moses Staff and Abrahams Ax. Researchers...
CRYPTBOT Information-Stealing Malware Targeting Your Browser and Crypto-Wallet
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary CRYPTBOT is malware that steals personal information by gathering browser credentials, cookies, cryptocurrency wallets, and system information. It then compresses the collected data into a zip file and...
Titan Stealer – A Cross-Platform Information Stealer Malware Distributed by Threat Actors
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Titan Stealer is a cross-platform information stealer malware actively distributed by a threat actor through a Telegram channel, capable of stealing various information from infected Windows machines and...
Chrome 109 addresses an array of security flaws
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Google Chromes latest stable channel update for Windows, Mac, and Linux addresses a number of security flaws. The flaws allow a remote attacker to get access to potentially sensitive information b...
Brazil’s manufacturing industry under attack by Vice Society ransomware group
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Vice Society ransomware group is a cyber threat group that made headlines in late 2022 and early 2023 for a series of attacks against various targets, including the rapid transit system in San...
VMware addresses Security Flaws in vRealize Log Insight
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary VMware has patched four security flaws in vRealize Log Insight aka Aria Operations for Logs that could potentially expose users to remote code execution attacks and allow an unauthenticated attack...
DragonSpark Attacks Targeting East Asian Countries Using SparkRAT Malware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Recently, a group of cyber-attacks against organizations in East Asia has been identified and named "DragonSpark". These attacks are known for using a relatively unknown open-source tool called SparkRAT,...
Chinese Threat Actors Leverage Phishing and GuLoader to Distribute Remcos RAT
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The malicious campaign described involves the distribution of a malicious PDF file through email, via phishing. The PDF file in this case redirects victims to a legitimate cloud-based platform, where the...
Unpatched Systems Vulnerable to Spoofed Linked Certificates in KDC
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Windows Server provides Public Key Infrastructure PKI technology to enable capabilities such as Encrypting File System EFS, domain authentication, digital signatures, and email security. Misconfiguration...
A New Malware Called Album Stealer is Targeting Facebook Users
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Album Stealer is a malware that disguises itself as a photo album and drops decoy adult images while performing malicious activity in the background. It uses a side-loading technique to execute malicious...
Actors, Threats and Vulnerabilities 16 January 2023 – 22 January 2023
For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here Hive Pro identified three active actors during the past week. The first, Earth Bogle, is a notable threat actor known for information theft and espionage. The second,...
Hive Pro Recognized as a Leading Provider of Fraud and Breach Prevention Solutions in 2022
...
Tracking the Stealthy Movements of Vidar Info-Stealer Malware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Vidar is an info-stealer malware that was first spotted in the wild in late 2018. It is considered a distinct fork of the Arkei malware family and has a simple business model where customers pay between...
CrySIS Ransomware A Long-Standing Threat with a New Twist
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The ransomware family CrySIS, dubbed Dharma, has been advancing since 2016. Its source code was made available to the public, enabling others to customize it for their use. The criminals behind the malwa...
Empowering CTEM Program with Contextualized Vulnerability Prioritization
...
A new EmojiDeploy attack has been found in an Azure service
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The EmojiDeploy attack chain allows a threat actor to run arbitrary code, steal or delete sensitive data, and compromise a targeted application on Azure by exploiting a remote code execution vulnerabilit...
Control Web Panel OS Command Injection Exploitation Increases After POC Release
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary On January 3, 2023, a security researcher published a proof-of-concept exploit for a vulnerability in Control Web Panel CWP that allows unauthenticated remote code execution. By January 6, the...
Korean Word Processor Scam Alert Orcus RAT Lurking in Cracked Versions
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Orcus RAT, formerly known as Schnorchel, first appeared in April 2016 and allows for remote control of infected systems. Intruders are attempting to deploy a variant of Orcus RAT along with XMRig...
New BOLDMOVE Backdoor uses FortiOS vulnerability for initial access
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A suspected China-nexus campaign has exploited a vulnerability in Fortinets FortiOS SSL-VPN, known as CVE-2022-42475. The exploitation was believed to have occurred as early as October 2022 and the targe...
APT15 enhanced its arsenal with an updated variant of the Turian backdoor
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary APT15 has modified its toolkit to include new variants of the Turian backdoor, as well as new command and control infrastructure. The malware contains VMProtect, which obfuscates all API calls within the...
Kasablanka Group Launches Phishing Campaigns Targeting Russian Government Entities
Threat Level Actors Report For a detailed threat advisory, download the pdf file here Summary The GitLab CE and EE have two security issues in Git. One of them is CVE-2022-41903, which is an integer overflow in the ‘git-log’ and ‘git-archive’ commands that can result in arbitrary heap writes and...
GitLab releases new CE and EE versions to address integer overflow vulnerabilities
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The GitLab CE and EE have two security issues in Git. One of them is CVE-2022-41903, which is an integer overflow in the ‘git-log’ and ‘git-archive’ commands that can result in arbitrary heap writ...
Middle East targeted by Earth Bogle using NjRAT malware
Threat Level Actors Report For a detailed threat advisory, download the pdf file here Summary Earth Bogles active campaign hosts malware on public cloud storage sites like files.fm and failiem.lv. Compromised web servers also distribute NjRAT, also known as Bladabindi, a remote access trojan RAT...
NetSupport RAT employs phishing campaigns that incorporate Pokemon lures
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary NetSupport Manager is a remote control tool that can be used by ordinary or corporate users to remotely control systems, but it is being abused by threat actors as it allows external control over specifi...
Google Chrome Vulnerability Exposes Data of 2.5 Billion Users
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A vulnerability in Google Chrome could affect over 2.5 billion users. An attacker can exploit this vulnerability for the theft of sensitive files, such as crypto wallets and cloud provider...
Rhadamanthys: A New Evasive Information Stealer
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Rhadamanthys Evasive Infostealer is spread through phishing emails and prevalent Google ads that lead to fake download pages for popular workforce software...
A Critical Vulnerability That Affects ManageEngine Products
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A critical vulnerability in several ManageEngine products allows for remote code execution RCE without authentication. This vulnerability is tracked as CVE-2022-47966 and is caused by an outdated...
Cisco Small Business Routers Vulnerable to Authentication Bypass and Remote Code Execution
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Multiple vulnerabilities were found in the web-based management interface of Cisco Small Business Routers. The authentication bypass vulnerability CVE-2023-20025 allows an unauthenticated attacker...
Actors, Threats and Vulnerabilities 9 January 2023 – 15 January 2023
...
The Vulnerability Discovered in the Cacti Open-Source RRD tool
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A high-severity vulnerability named CVE-2022-46169 has been found in Cacti, a free, open-source, web-based network monitoring and graphing tool designed as a front-end application for the...
Pro-Russian Hacktivist Group NoName057(16) Launches Cyber Attacks on Ukraine and NATO Organizations
Threat Level Actors Report For a detailed threat advisory, download the pdf file here Summary NoName05716 is a pro-Russian hacktivist group that has been conducting a campaign of DDoS attacks on Ukraine and NATO organizations since the early days of the war in Ukraine. The group has targeted...
Newly Discovered PoweRAT Malware Distributed through PyPI
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A newly discovered malware called “PoweRAT" combines a stealer and a RAT remote access tool. The malware is being distributed through the Python Package Index PyPI, a repository of software for the Pytho...
GootKit Loader is targeting organizations in the Australian healthcare industry
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Gootkit, also known as Gootloader, is a type of malware known for being used in advanced persistent threat APT campaigns. Recently, it has been discovered to be targeting organizations in the Australian...
NeedleDropper malware leverages a memory corruption flaw in Microsoft to disseminate
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new dropper strain dubbed NeedleDropper is used to distribute multiple malware families. The dropper attempts to obfuscate by dumping numerous useless, invalid files and storing critical data within...
After four months of idleness, Emotet reappears and deploys loaders
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Emotet banking Trojan was initially found in 2014 as one of the most expensive and damaging malware. The phishing efforts that spread Emotet used the same email thread hijacking approach to deceive...
Microsoft addresses one actively exploited zero-day and numerous critical vulnerabilities
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Microsoft released a patch on January 2023s Patch Tuesday addressing 98 vulnerabilities, of which 11 are considered critical. The patch includes fixes for a range of vulnerabilities including 39...
Google releases Chrome 109 with a range of bug fixes
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Google Chrome 109 is being promoted to the stable channel for Windows, Mac, and Linux. It contains a number of bug fixes and improvements, including use after free in Overview Mode, a heap buffer...
PatchWork gang dropped a variant of the BADNEWS Trojan
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Patchwork deployed a variant of the BADNEWS Ragnatela Remote Administration Trojan that employed malicious RTF files in its most recent campaign. The groups project name and control panel are named...
New Vulnerability Found in the JsonWebToken Open-Source Project
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A new high-severity vulnerability named CVE-2022-23529 has been discovered in the popular JsonWebToken open-source package. This vulnerability allows attackers to execute remote code on servers th...
Southeast Asian APT Group Saaiwc Targets Military and Financial Departments with PowerDism Backdoor
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Saaiwc Group APT-LY-1005 is a newly identified APT group that is thought to operate in Southeast Asia. The groups main tactic is to use an ISO file as a malicious payload, which when executed, injects a...
Actors, Threats and Vulnerabilities 2 January 2023 – 8 January 2023
...
Turla APT used ANDROMEDA malware to infiltrate a variety of industries
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Turla Group is reportedly distributing the KOPILUWAK reconnaissance software and the QUIETCANARY backdoor to victims of ANDROMEDA malware in Ukraine. ANDROMEDA malware, spread through infected USB...
Information Stealer LummaC2 Targets Browsers and Crypto Wallets
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary LummaC2 Stealer is an information stealer that targets Chromium and Mozilla-based browsers. It is designed to steal sensitive information from a victims machine, including crypto wallets, extensions, and...
The Dangers of macOS Ransomware A Closer Look at KeRanger, FileCoder, MacRansom, and EvilQuest
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary MacOS ransomware typically spreads through user-assisted methods such as downloading and running fake or trojanized applications. It can also arrive as a second-stage payload dropped or downloaded by oth...
Bluebottle Group Continues Attacks on Banks in Francophone Africa
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Bluebottle is a cybercrime group that has been targeting banks in French-speaking countries in Africa. The group uses a variety of tactics, including living off the land, dual-use tools, and commodity...
Blind Eagle Hackers resurfaced with a formidable infection chain
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Blind Eagle is a financially motivated threat group that has been targeting individuals in numerous South American countries since at least 2018. A novel infection chain involving a more complex toolkit w...
Zoho Addresses SQL Injection Vulnerability in ManageEngine Products
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A security flaw affecting multiple ManageEngine products identified as CVE-2022-47523 is an SQL injection vulnerability found in the ZOHO’s Password Manager Pro Secure Vault, PAM360 Privileged...
Linux Malware Using SHC Compiler Installs CoinMiner and DDoS Bots
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new strain of Linux malware, developed using the Shc compiler, has been found to install a CoinMiner on infected systems. It is believed that this malware is being spread through dictionary attacks on...
Threat Actors Using WerFault.exe to Deploy Pupy RAT
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Pupy RAT malware is using a technique called DLL side-loading to disguise itself as the legitimate WerFault.exe process in order to evade detection. The malware is delivered via an ISO image that...
Several vulnerabilities are addressed by Fortinet across its product range
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Fortinet addressed security vulnerabilities across its products, most notably FortiADC, which has a high-severity command injection bug listed as CVE-2022-39947 due to incorrect input validation i...