Summary: Attackers are exploiting a critical remote code execution vulnerability (CVE-2024-45519) in Zimbra’s SMTP server, prompting urgent patching by affected organizations. The vulnerability allows unauthenticated remote attackers to execute arbitrary …
Tag: SMTP
Short Summary:
Attackers are exploiting legitimate web features to send spam, utilizing automated processes and human involvement to manipulate web forms and email servers. Credential stuffing is also a significant …
Short Summary:
This article discusses a series of malicious email campaigns that occurred in August 2024, targeting various users with different types of email payloads, including attachments and links. The …
Summary: Fortinet’s FortiGuard Labs has identified a new variant of the Snake Keylogger, delivered through a malicious Excel document in a phishing campaign that exploits a known vulnerability. This sophisticated …
Short Summary:
The article discusses a phishing campaign that delivers a new variant of the Snake Keylogger through a malicious Excel document. This keylogger is capable of collecting sensitive information …
Short Summary:
The article discusses a phishing campaign that delivers a new variant of the Snake Keylogger through a malicious Excel document. This keylogger is capable of stealing sensitive information …
Threat Actor: Dark Web Threat Actor | Dark Web Threat Actor Victim: Popular E-commerce Website | Popular E-commerce Website Price: Available for Sale Exfiltrated Data Type: Admin accounts, database access, …
Short Summary:
The article discusses a phishing attack that led to a malware infection involving the 0bj3ctivity Stealer, facilitated by the Ande Loader. eSentire’s Threat Response Unit (TRU) details their …
Kimsuky is a North Korean APT group focused on intelligence collection, particularly targeting South Korean entities, as well as the U.S. and Europe. Active since at least 2012, …
Summary: A surge in SnakeKeylogger infections targeting Windows users has been reported, with the malware capable of stealing credentials, taking screenshots, and exfiltrating sensitive data. Fortinet’s FortiGuard Labs has identified …
“`html
Short Summary: AhnLab Security Intelligence Center has reported the distribution of SnakeKeylogger malware via phishing emails. This Infostealer malware, developed in .NET, exfiltrates sensitive data through various channels, including…“`html Short Summary:
Cisco Talos is monitoring multiple malware campaigns utilizing NetSupport RAT for persistent infections. These campaigns employ obfuscation and updates to evade detection. The article discusses how Snort …
Summary: Recent vulnerabilities in hosted outbound SMTP servers allow authenticated users to spoof sender information, undermining email security protocols like SPF, DKIM, and DMARC. This exploitation poses significant risks of …
Summary: ESET Research identified multiple phishing campaigns targeting small and medium-sized businesses in Poland during May 2024, utilizing ModiLoader to distribute various malware families. The campaigns exploited compromised email accounts …
Summary: Guardio Labs has identified a critical exploit in Proofpoint’s email protection service, allowing threat actors to send millions of spoofed phishing emails that appear to come from reputable brands. …
“`html Short Summary:
ESET Research identified multiple phishing campaigns targeting small and medium-sized businesses in Poland during May 2024, utilizing ModiLoader to distribute various malware families, including Rescoms, Agent Tesla, …
“`html
Short SummaryThe article discusses a significant phishing campaign named “EchoSpoofing,” which exploits Proofpoint’s email protection service to send millions of perfectly spoofed emails from well-known brands like Disney, …
Key Findings
In March, Proofpoint researchers identified spam campaigns being relayed through a small number of Proofpoint customers’ email infrastructure by sending spam from Microsoft 365 tenants All analyses indicate …
“`html Short Summary:
Guardio Labs has identified a significant exploit known as “EchoSpoofing” affecting Proofpoint’s email protection service. This vulnerability allowed threat actors to send millions of spoofed phishing emails, …
On July 23, 2024, CrowdStrike Intelligence identified a malicious ZIP file containing a Python-based information stealer now tracked as Connecio. A threat actor distributed this file days after the …
Summary: Microsoft is launching inbound SMTP DANE with DNSSEC for Exchange Online in public preview to enhance email security and integrity. This new capability aims to protect against various attacks, …
[This is a Guest Diary by Michael Gallant, an ISC intern as part of the SANS.edu BACS program]
…
Summary: Forcepoint X-Labs has discovered a new ransomware strain called “ShadowRoot” that specifically targets Turkish businesses. The attack starts with phishing emails containing malicious PDF attachments disguised as invoices, originating …
Summary: More than 1.5 million email servers running vulnerable versions of the Exim mail transfer agent are at risk of attacks that can deliver executable attachments to user accounts, allowing …
Summary: This content discusses a malicious NuGet campaign that uses homoglyphs and IL weaving to deceive developers.
Threat Actor: Unknown | Unknown Victim: Developers | Developers
Key Point :
A…Threat Actor: Unknown | Unknown Victim: True Line Solution India | True Line Solution India Price: Not specified Exfiltrated Data Type: Company information, SMTP details, API keys, customer information, user …
1. Overview
AhnLab Security intelligence Center (ASEC) confirmed that botnets trending since 2019 have been continuously used to install NiceRAT malware. A botnet is a group of devices infected by …
Written by: Kristen Dennesen, Luke McNamara, Dmitrij Lenz, Adam Weidemann, Aline Bueno
Individuals and organizations in Brazil face a unique cyber threat landscape because it is a complex interplay of …
Affected Platforms: Microsoft WindowsImpacted Users: Windows UsersImpact: Collects sensitive information from a victim’s computerSeverity Level: Critical
A new phishing campaign was recently captured by our FortiGuard Labs that spreads a new Agent …
The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. This edition of the …
In so many penetration tests or assessments, the client gives you a set of subnets and says “go for it”. This all seems reasonable, until you realize that if you …
Email forensics involves the examination, extraction, and analysis of email data to gather digital evidence crucial for resolving crimes and specific incidents, ensuring the integrity of the …
Threat Actor: IntelBroker | IntelBroker Victim: Europol | Europol Price: $20,000 in cryptocurrency Exfiltrated Data Type: FOUO (For Official Use Only) and other classified data, Alliance employees, files related to …
Threat Actor: IntelBroker | IntelBroker Victim: Major Cybersecurity Company | Major Cybersecurity Company Price: $20,000 Exfiltrated Data Type: Confidential and highly critical logs, credentials, SMTP access, PAuth Pointer Auth access, …
Welcome to Picus Security‘s weekly cyber threat intelligence roundup! …
Summary: A new campaign conducted by the TA558 hacking group is using steganography to hide malicious code inside images and deliver various malware tools onto targeted systems.
Threat Actor: TA558 …
Key Point : —————————— – The Manipulaters, a cybercrime group, have attempted to rebrand themselves as legitimate but still engage in illegal activities. – The core brand of The Manipulaters …
Formbook is a type of malware that specializes in stealing sensitive information from infected systems, primarily focusing on capturing keystrokes, clipboard data, and form data from web browsers.
Figure 1:…Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
Google recently announced the release of Magika, an “AI-powered file-type identification system”. I tested this on a corpus of nearly 125k files to see how it fared.
Why?File type …
Malware loaders, critical for deploying malware, enable threat actors to deliver and execute malicious payloads, facilitating criminal activities like data theft and ransomware. Utilizing advanced evasion techniques, loaders bypass security …
In order to understand malware comprehensively, it is essential to employ various analysis techniques and examine …
AndroxGh0st is a Python-based malware designed to target Laravel applications. It works by scanning and taking out important information from .env files, revealing login details linked to AWS and Twilio. …
Web browsers are some of the programs most commonly and frequently used by PC users. Users generally use browsers to look up information, send and receive emails, and use web …
Cybersecurity researchers have found a number of GitHub repositories offering cracked software that are used to deliver an information stealer called RisePro.
The campaign, codenamed gitgub, includes 17 repositories associated …
Snake Keylogger is a Trojan Stealer that emerged as a significant threat in November 2020, showcasing a fusion of credential theft and keylogging functionalities. Developed using .NET, its arsenal includes …
This post is also available in: 日本語 (Japanese)
Executive SummaryWhen reviewing a packet capture (pcap) of suspicious activity, security professionals may need to export objects from the pcap for …
Overview
SonicWall Capture Labs Threat Research Team became aware of the MonikerLink Remote Code Execution vulnerability (CVE-2024-21413) in Microsoft Outlook, assessed its impact and developed mitigation measures for the vulnerability.…
More than 8,000 domains and 13,000 subdomains belonging to legitimate brands and institutions have been hijacked as part of a sophisticated distribution architecture for spam proliferation and click monetization.
Guardio …