Summary: This blog post provides an in-depth analysis of the LemonDuck malware, which exploits the EternalBlue vulnerability (CVE-2017-0144) in SMB services for cryptocurrency mining. It details the attack methodology, persistence …
Tag: PASSWORD
Summary: Apple has issued updates for iOS and iPadOS to fix two significant security vulnerabilities, one allowing saved passwords to be read aloud by VoiceOver and another affecting audio capture …
Summary: Cisco Talos has identified a financially motivated threat actor, active since 2022, that has been deploying a variant of MedusaLocker ransomware known as “BabyLockerKZ.” This group has shifted its …
Summary: A persistent and sophisticated malware dropper known as “perfctl” is targeting Linux servers globally, exploiting vulnerabilities to deploy cryptomining and proxyjacking malware. Recent analyses reveal extensive exploit paths and …
Short Summary:
ESET researchers have uncovered a series of cyberespionage attacks attributed to the APT group GoldenJackal, targeting governmental organizations in Europe. The group has utilized sophisticated tools to compromise …
The article discusses a phishing campaign utilizing the Mamba 2FA phishing kit, which mimics Microsoft 365 login pages and employs advanced techniques to capture user credentials and multi-factor …
Summary: The APT hacking group FIN7 has created a network of fake AI-powered deepnude generator websites to distribute information-stealing malware to unsuspecting visitors. This sophisticated operation leverages controversial technology to …
Summary: A critical vulnerability (CVE-2024-47191) in the OATH-Toolkit’s PAM module exposes systems to root-level exploits during one-time password (OTP) authentication. Discovered by SUSE Security Team members, the flaw allows unprivileged …
Summary: Scammers are creating fake activation pages for popular streaming services, using SEO techniques to appear in Google search results, leading victims to malicious sites that display alarming fake alerts. …
Summary: A large-scale fraud campaign has exploited fake trading apps on the Apple App Store and Google Play Store, as well as phishing sites, to defraud victims in a scheme …
The BlueShark APT group has been actively targeting individuals in South Korea during the first half of 2024, utilizing various malware types and spear-phishing tactics disguised as …
Since mid-2023, the Sekoia Threat Detection & Research team has been investigating a sophisticated cyber attack infrastructure that utilizes compromised edge devices as Operational Relay Boxes (ORBs). This …
Short Summary:
Cisco Talos has identified a financially motivated threat actor, active since 2022, distributing a MedusaLocker ransomware variant named “BabyLockerKZ.” The actor has targeted organizations globally, with a notable …
Summary: A critical vulnerability in the Vesta Control Panel allows attackers to take over admin accounts by exploiting the non-cryptographically secure $RANDOM variable in Bash, which is used in the …
Short Summary:
ESET researchers have identified a new China-aligned threat actor named CeranaKeeper, which has been targeting governmental institutions in Thailand since 2023. This group utilizes advanced techniques and tools, …
Silent Push research reveals that the FIN7 threat group is employing new tactics, including the use of an AI “DeepNude Generator” across multiple websites to distribute malware. The …
Summary: A UK national, Robert B. Westbrook, has been charged with a “hack-to-trade” scheme that involved breaking into the Office365 accounts of executives at publicly traded companies to obtain insider …
Short Summary:
Symantec’s Threat Hunter Team has identified ongoing financially motivated attacks by the North Korean Stonefly group against U.S. organizations. Despite an indictment and a reward for information, the …
Summary: The Taiwan Computer Emergency Response Team (TWCERT/CC) has issued security advisories regarding critical vulnerabilities in various PLANET Technology switch models, which could lead to severe security risks such as …
Summary: A critical vulnerability, CVE-2024-36435, has been identified in Supermicro enterprise products, allowing unauthenticated attackers to exploit a buffer overflow in the Baseboard Management Controller (BMC) for Remote Code Execution …
Summary: Security researcher Zach Hanley from Horizon3.ai has disclosed a critical vulnerability (CVE-2024-28987) in SolarWinds Web Help Desk software, which involves hardcoded credentials that could allow unauthorized access to sensitive …
UserSec is a pro-Russian hacktivist group that emerged in early 2023, targeting Western governments and critical infrastructure, particularly those affiliated with NATO and Ukraine. Utilizing Telegram for coordination …
Short Summary:
In July 2024, a ReliaQuest customer in the manufacturing sector experienced a data exfiltration attack. The threat actor exploited a Fortinet firewall and used a brute-force attack on …
Summary: Microsoft has reported a multi-staged attack by the threat actor Storm-0501, which compromised hybrid cloud environments leading to data exfiltration, credential theft, and ransomware deployment across various sectors in …
Summary: The National Institute of Standards and Technology (NIST) has proposed new guidelines aimed at improving password security by eliminating outdated and ineffective password requirements. The guidelines advocate for more …
Summary: DCRat, a modular remote access Trojan (RAT) offered as malware-as-a-service, has been delivered through innovative techniques such as HTML smuggling, targeting Russian-speaking users. This blog analyzes the methods used …
Short Summary:
In November 2023, a BlackCat ransomware intrusion was initiated by Nitrogen malware, which was disguised as Advanced IP Scanner. The attack involved deploying Sliver and Cobalt Strike beacons, …
In light of the escalating frequency and complexity of ransomware attacks, are security leaders confident in their organization’s defenses? According to Group-IB’s Hi-Tech Crime Trends 2023/2024 Report, ransomware will have …
Summary: Recent cyber espionage campaigns linked to China have targeted U.S. internet service providers, with the Salt Typhoon operation focusing on intelligence gathering and potential disruptions. Investigations are ongoing to …
Summary: The content discusses the malware Trammy.dll, which downloads and extracts files to establish persistence on infected systems while disguising its activities. It highlights the use of a password-protected ZIP …
Summary: Researchers have identified a malicious email campaign targeting French users that utilizes generative AI to create and deliver AsyncRAT malware. This trend highlights the increasing reliance of less technical …
Summary: The article discusses the vulnerabilities found in Automatic Tank Gauge (ATG) systems that monitor fuel storage, highlighting the risks posed by their exposure to the Internet. It emphasizes the …
Short Summary:
DCRat, a modular remote access Trojan (RAT) offered as malware-as-a-service, has been active since 2018. It is delivered through various means, including HTML smuggling, which allows it to …
Summary: The Kryptina ransomware has transitioned from a free tool to a significant player in enterprise attacks, particularly through its integration with the Mallox ransomware family. This evolution highlights the …
Summary: A new cryptojacking campaign has been discovered that targets Docker Engine API, enabling lateral movement to Docker Swarm, Kubernetes, and SSH servers. The threat actor utilizes compromised Docker hosts …
Short Summary:
Attackers are exploiting legitimate web features to send spam, utilizing automated processes and human involvement to manipulate web forms and email servers. Credential stuffing is also a significant …
Summary: Two critical vulnerabilities have been identified in the popular WordPress theme Houzez and its companion plugin, posing significant risks to users by allowing unauthorized access and potential site takeover. …
Summary: Google security researchers have highlighted the ongoing threat posed by info-stealing malware, specifically RECORDSTEALER, which specializes in stealing sensitive information like credit card data and passwords. Despite the arrest …
Short Summary:
The article investigates the Sniper Dz phishing-as-a-service (PhaaS) platform, which has gained popularity among phishers targeting social media and online services. Over the past year, more than 140,000 …
Short Summary:
A new cryptojacking campaign has been discovered, targeting Docker Engine API and capable of lateral movement to Docker Swarm, Kubernetes, and SSH servers. The threat actor utilizes Docker …
Video Summary and Key Points
Short SummaryThe video discusses an in-depth exploration of the LockBit ransomware builder and its anti-analysis techniques. The presenter aims to provide valuable insights that …
WordPress Hacking Tutorial Summary
Short SummaryThe video discusses penetration testing techniques specifically tailored for hacking WordPress sites, emphasizing the accessibility and popularity of WordPress as a platform used by …