Victim: backyarddiscovery.com Country : US Actor: embargo Source: http://embargobe3n5okxyzqphpmk3moinoap2snz5k6765mvtkk7hhi544jid.onion/#/post/41 Discovered: 2024-11-30 07:58:15.359031 Published: 2024-11-29 21:13:01.372576 Description : Backyard Discovery is built for families. From a child,’s first playset to structures that guard the parents’ newest outdoor interests, our products are meant to play a role in families’ lives for years and years.…

Read More
Summary: The Perfctl malware campaign poses a significant threat to Linux servers globally, utilizing advanced evasion techniques to mine cryptocurrency and perform proxyjacking. Its stealthy operations have primarily targeted high-demand sectors such as cryptocurrency and software development, particularly in the United States, Germany, and South Korea.…
Read More

### #ZabbixSecurity #SQLInjectionThreat #OpenSourceRisks

Summary: A critical SQL injection vulnerability (CVE-2024-42327) has been identified in Zabbix, an open-source IT infrastructure monitoring tool, allowing attackers to escalate privileges and gain control over Zabbix instances. Organizations are urged to update to the latest patched versions to mitigate risks associated with this vulnerability.…

Read More
Summary: In a recent targeted campaign, a threat actor known as “topnotchdeveloper12” has published three malicious npm packages that impersonate popular cryptographic libraries. These packages contain spyware-infostealer malware aimed at crypto-asset developers, compromising their sensitive information. The ongoing risks in software supply chains are highlighted, particularly in the context of third-party libraries.…
Read More

### #MacOSMalware #BANSHEEStealer #MaaSThreats

Summary: In August 2024, Russian hackers released BANSHEE Stealer, a macOS malware designed to steal sensitive data from browsers and cryptocurrency wallets. The malware’s source code was later leaked, leading to the shutdown of its operations.

Threat Actor: Russian Hackers | Russian Hackers Victim: macOS Users | macOS Users

Key Point :

BANSHEE Stealer targets both x86_64 and ARM64 architectures, capable of stealing data from nine different browsers.…
Read More
Summary: The SMOKEDHAM backdoor, active since 2019, is linked to the cyber threat group UNC2465, known for complex extortion operations and ransomware deployments. This group has recently shifted from DARKSIDE to LOCKBIT ransomware, utilizing malicious installers disguised as legitimate software to deliver the SMOKEDHAM payload. The backdoor facilitates initial access and persistence in targeted networks, with ongoing activity observed in 2023 and 2024.…
Read More

### #MallocStackLoggingExploit #LocalPrivilegeEscalation #AppleVulnerability

Summary: A critical vulnerability in Apple’s MallocStackLogging framework allows attackers to achieve local privilege escalation on macOS systems, posing a significant security risk. Despite Apple’s mitigations, the flaw can be exploited through clever manipulation of log file writes.

Threat Actor: Unknown | Unknown Victim: Apple | Apple

Key Point :

The vulnerability, designated CVE-2023-32428, has a CVSS score of 7.8, indicating high severity.…
Read More
Summary: ESET researchers have uncovered a critical zero-day vulnerability (CVE-2024-9680) in Mozilla products, exploited by the Russia-aligned group RomCom. This vulnerability allows arbitrary code execution in the browser context, enabling the installation of RomCom’s backdoor. The exploit is linked to another Windows vulnerability (CVE-2024-49039), highlighting a sophisticated attack chain that requires no user interaction.…
Read More
Summary: The Elpaco ransomware, a variant of Mimic, utilizes the Everything library for file discovery and features a customizable GUI for attackers. It employs sophisticated techniques for evasion and encryption, making it challenging to recover encrypted files. The ransomware has been observed targeting multiple countries since August 2023.…
Read More
Summary: The discovery of the malicious NPM package “jest-fet-mock” highlights an innovative supply chain attack that utilizes Ethereum smart contracts for command-and-control operations. This cross-platform malware targets development environments by impersonating legitimate testing utilities, showcasing a new method of leveraging blockchain technology in cyber attacks. #SupplyChainAttack #BlockchainMalware #NPMThreat Keypoints: First observed instance of malware utilizing Ethereum smart contracts for C2 server address distribution in the NPM ecosystem.…
Read More

Threat Actor: Attackers exploiting API vulnerabilities | attackers exploiting API vulnerabilities Victim: Fortune 1000 Companies | Fortune 1000 Companies Price: Potentially millions in damages Exfiltrated Data Type: Sensitive secrets (API keys, authentication tokens, database credentials)

Key Points :

30,784 exposed APIs identified across Fortune 1000 and CAC 40 companies.…
Read More
Summary: Moonstone Sleet, a newly identified North Korean APT group, combines espionage with financial motives through sophisticated cyberattacks. Utilizing social engineering, custom malware, and ransomware, they target technology firms, financial institutions, and cryptocurrency platforms. Their operations reflect a dual focus on financial gain and geopolitical intelligence, posing significant risks to global organizations.…
Read More
Summary: Hexon Stealer is a sophisticated malware that extracts sensitive information from compromised systems, including browser credentials and cryptocurrency data. Utilizing the Electron framework, it allows attackers to maintain remote access and control over infected devices. The malware has evolved from previous variants and is actively promoted through various online channels.…
Read More