### #SmokeLoaderThreat #TaiwaneseCyberAttacks #ModularMalware

Summary: A sophisticated malware campaign utilizing SmokeLoader has been detected, specifically targeting Taiwanese companies in the manufacturing, healthcare, and IT sectors. This campaign employs advanced evasion techniques and exploits vulnerabilities in Microsoft Office to execute its payloads directly.

Threat Actor: Unknown | unknown Victim: Taiwanese Companies | Taiwanese Companies

Key Point :

The campaign begins with phishing emails that trick recipients into opening malicious attachments, often containing subtle formatting inconsistencies.…
Read More

### #PhishingInnovation #EmailSecurityBypass #CorruptedFilesAttack

Summary: A new phishing campaign exploits Microsoft’s Word file recovery feature by sending corrupted documents as email attachments, enabling them to evade security software while still being recoverable by users. This tactic aims to trick recipients into providing their credentials through a QR code linked to a phishing site.…

Read More

### #OperationHAECHI #FinancialFraud #InternationalCooperation

Summary: A global law enforcement operation, Operation HAECHI-V, has led to the arrest of over 5,500 suspects involved in financial crimes and the seizure of more than $400 million in virtual assets. This coordinated effort involved authorities from 40 countries and targeted a widespread voice phishing syndicate, among other cybercrime activities.…

Read More

### #IndustrialIoT #AccessPointExploits #RemoteCodeExecution

Summary: A series of critical vulnerabilities in Advantech EKI industrial-grade wireless access points could allow attackers to execute remote code with elevated privileges, posing severe risks to device security. These flaws could enable unauthorized access and control over affected devices, leading to potential network infiltration.…

Read More

### #PhishingAsAService #AiTMattacks #CredentialTheft

Summary: A new phishing-as-a-service platform, ‘Rockstar 2FA,’ has emerged, enabling large-scale adversary-in-the-middle attacks to steal Microsoft 365 credentials by bypassing multifactor authentication. This service, which has gained traction in the cybercrime community, offers various features to facilitate phishing operations.

Threat Actor: Cybercriminals | Rockstar 2FA Victim: Microsoft 365 users | Microsoft 365

Key Point :

Rockstar 2FA allows attackers to intercept valid session cookies, enabling access to accounts even with MFA enabled.…
Read More

### #AIThreats #CloudSecurity #PrivilegeEscalation

Summary: Microsoft has patched four significant security vulnerabilities affecting its AI and cloud services, including one actively exploited in the wild. The most critical flaw, CVE-2024-49035, allows unauthorized privilege escalation on partner.microsoft.com.

Threat Actor: Unknown | unknown Victim: Microsoft | Microsoft

Key Point :

Microsoft identified CVE-2024-49035 as a privilege escalation vulnerability with a CVSS score of 8.7, marked as “Exploitation Detected.”…
Read More

### #IoTSecurity #ContikiNG #VulnerabilityManagement

Summary: Researchers have uncovered three critical vulnerabilities in Contiki-NG, an open-source operating system for IoT devices, which could allow attackers to crash devices or execute malicious code. These vulnerabilities affect versions up to 4.9 and require immediate attention from developers.

Threat Actor: Unknown | unknown Victim: Contiki-NG | Contiki-NG

Key Point :

Three vulnerabilities identified: CVE-2024-41125, CVE-2024-47181, and CVE-2024-41126, with CVSS scores ranging from 7.5 to 8.4.…
Read More

### #KernelExploitation #PrivilegeEscalation #WindowsVulnerability

Summary: A critical vulnerability in the ksthunk.sys driver of Windows allows local attackers to exploit an integer overflow for privilege escalation, demonstrated at the TyphoonPWN 2024 event. Despite Microsoft’s claims of resolution, the flaw remains exploitable in Windows 11 23H2.

Threat Actor: Advanced Threat Actors | Advanced Threat Actors Victim: Microsoft Windows | Microsoft Windows

Key Point :

The vulnerability arises from a lack of integer overflow validation in the CKSAutomationThunk::ThunkEnableEventIrp function.…
Read More

### #ActiveDirectoryExploitation #CertificateTemplateVulnerability #PrivilegeEscalation

Summary: Security researchers have identified a critical zero-day vulnerability, CVE-2024-49019, in Active Directory Certificate Services that allows attackers to escalate privileges through manipulation of version 1 certificate templates. This vulnerability, with a CVSS score of 7.8, was patched in Microsoft’s November Patch Tuesday but poses significant risks if left unaddressed.…

Read More

### #XorBotResurgence #IoTThreats #BotnetEvolution

Summary: NSFOCUS has reported a resurgence of the XorBot botnet, which poses a significant threat to IoT devices globally, showcasing advanced anti-detection techniques and a broader range of exploits. The latest version, 1.04, has evolved to include over 12 exploit methods, making it a formidable challenge for cybersecurity defenders.…

Read More

### #HPEInsight #RemoteSupportSecurity #CriticalVulnerabilities

Summary: HPE has released a critical security bulletin highlighting multiple severe vulnerabilities in its Insight Remote Support service that could allow unauthorized access and remote code execution. Users are urged to update their systems immediately to protect against potential exploitation.

Threat Actor: Unknown | unknown Victim: HPE Insight Remote Support | HPE Insight Remote Support

Key Point :

Multiple critical vulnerabilities discovered, with CVSS scores as high as 9.8.…
Read More