Tag: DNS
### #WordPressSecurity #PluginVulnerabilities #WebApplicationRisks
Summary: A report has identified two critical vulnerabilities in the Anti-Spam by CleanTalk WordPress plugin, affecting over 200,000 installations and allowing unauthenticated attackers to compromise websites. Users are urged to update to the latest version to mitigate these risks.
Threat Actor: Unauthenticated Attackers | unauthenticated attackers Victim: Anti-Spam by CleanTalk Users | Anti-Spam by CleanTalk
Key Point :
Two vulnerabilities, CVE-2024-10542 and CVE-2024-10781, allow attackers to install malicious plugins and execute arbitrary code.…### #InfrastructureSecurity #PolicyExploitation #CloudBreach
Summary: Cybersecurity researchers have revealed new attack techniques targeting infrastructure-as-code (IaC) and policy-as-code (PaC) tools, specifically HashiCorp’s Terraform and Open Policy Agent (OPA), which exploit domain-specific languages to compromise cloud platforms and exfiltrate sensitive data. Despite their enhanced security features, these tools are not immune to sophisticated attacks that leverage their inherent functionalities.…
### #CyberSecurity #MalwareAnalysis #ThreatIntelligence Summary: Volexity’s analysis reveals a vulnerability in Fortinet’s FortiClient VPN client exploited by the Chinese state-affiliated threat actor BrazenBamboo, leading to the development of the DEEPDATA malware family. This malware is capable of extracting sensitive information, including user credentials, from compromised systems.…
Summary:
Cadet Blizzard (DEV-0586) is a Russian GRU-affiliated cyber threat group that has been active since at least 2020, primarily targeting Ukrainian government agencies and critical infrastructure. Following a series of cyberattacks during the 2022 Russian invasion of Ukraine, the group has expanded its operations to Europe and Latin America, employing sophisticated tactics for espionage and disruption.…Summary: Over 1 million domains are potentially vulnerable to “Sitting Ducks” attacks, which exploit DNS misconfigurations to hijack domains for malicious purposes. The report by Infoblox Threat Intel highlights the simplicity of executing these attacks and the challenges in detecting them.
Threat Actor: Vipers, Hawks | Vipers, Hawks Victim: Various organizations and individuals | Various organizations and individuals
Key Point :
Over 800,000 domains remain vulnerable to hijacking, with 70,000 already compromised.…Summary: Security researchers from Hunt.io have identified a cyber operation utilizing the Sliver command-and-control framework and Ligolo-ng tunneling tool, targeting victims by impersonating Y Combinator. The operation highlights the evolving tactics of cybercriminals leveraging trusted brands to establish credibility and evade detection.
Threat Actor: Cybercriminals | cybercriminals Victim: Y Combinator | Y Combinator
Key Point :
The attackers registered a domain mimicking Y Combinator to deflect suspicion and establish a facade of authenticity.…Summary: Google has reported that cybercriminals are using landing page cloaking to impersonate legitimate websites and conduct scams, including selling counterfeit products and tricking users into revealing sensitive information. The company is actively combating these tactics and plans to release advisories on online fraud every six months to raise awareness.…
Summary: Microsoft’s November 2024 Patch Tuesday addresses 91 vulnerabilities, including four critical zero-days, two of which are actively exploited. The updates include fixes for various types of flaws, such as remote code execution and elevation of privilege vulnerabilities.
Threat Actor: Unknown | unknown Victim: Microsoft | Microsoft
Key Point :
Four zero-day vulnerabilities were disclosed, two of which were actively exploited in attacks.…Summary: This blog post discusses phishing techniques used by the threat actor 0ktapus to compromise cloud identities and outlines methods for investigating phishing campaigns. It provides a comprehensive framework for identifying phishing infrastructure and highlights the importance of ongoing vigilance in cybersecurity practices.
Threat Actor: 0ktapus | 0ktapus Victim: Various organizations | various organizations
Key Point :
0ktapus employs sophisticated phishing techniques, including smishing, vishing, and MFA fatigue, to target IT service desk workers and gain access to cloud environments.…Summary:
CloudSEK’s Threat Research team has identified significant threats posed by the Androxgh0st botnet, which has been exploiting multiple vulnerabilities since January 2024. This botnet targets various technologies, including web servers and IoT devices, and shows signs of operational integration with the Mozi botnet. Immediate patching of vulnerabilities is recommended to mitigate risks.…