Wordfence Threat Intelligence reports spike patterns in exploits targeting two WordPress plugins, Kaswara Modern VC Addons (
Tag: THREAT INTELLIGENCE
Wordfence Threat Intelligence monitored exploit attempts targeting CVE-2022-42889, aka Text4Shell, across millions of sites and observed payloads in DNS, script, and URL prefixes aimed at remote code execution. Most activity leverages DNS prefix probes to cont…
Malware is increasingly distributed via ISO files, with multiple families adopting the method. Qakbot has shifted from Excel macros to ISO-based delivery, alongside AsyncRAT, IcedID, and BumbleBee. #Qakbot #ISOFiles
Attackers continue to abuse Google Sites and Microsoft Azure Web Apps to host cryptocurrency phishing campaigns targeting major wallets and exchanges, with new pages and targets emerging over time. The operation relies on two stages—SEO-driven first pages and …
Proofpoint’s Threat Research Team links a long-running TA423/Red Ladon espionage operation to a 2022 ScanBox phishing campaign targeting Australian government, offshore energy, and international entities in the South China Sea. The operation impersonates Austr…
Follina (CVE-2022-30190) is a remote-code-execution vulnerability in Microsoft’s MSDT exploited via Word documents that load a remote template containing a payload. Researchers show how attackers used remote templates and base64-encoded PowerShell to run code,…
Woody Rat is a new feature-rich Remote Access Trojan active in the wild for at least a year, attributed to a threat actor targeting Russian entities. It spreads via archive file spearphishing and weaponized Office documents using the Follina vulnerability (CVE…
AhnLab ASEC reports ClipBanker being distributed as a malware-creation tool on a site called “Russia black hat,” with attackers bundling both malware and the tool (Quasar RAT builder). The dropper uses crack.exe to launch ClipBanker, which then runs in the bac…
BlackBerry Threat Intelligence identifies LokiLocker as a new RaaS ransomware family that encrypts Windows files using AES-256 and RSA-2048, with virtualization protection via KoiVM/NETGuard to hinder analysis. The campaign also features a possible false-flag …
eSentire documented a TunnelVision-linked intrusion into a VMware Horizon server, exploiting Log4Shell to harvest credentials and establish access. The operation included a backdoor DomainAdmin, PSExec/RDP lateral movement, C2 via activate-microsoft.cf, and Ng…
Phishing is increasingly a preliminary step in multi-stage ransomware campaigns: attackers use phishing to gain initial access, then deploy loaders/RATs to perform reconnaissance, lateral movement, persistence and finally deliver ransomware. Detecting and bloc…
Operation Dianxun Overview In a recent report the McAfee Advanced Threat Research (ATR) Strategic Intelligence team disclosed an espionage campaign,…
The post McAfee Defender’s Blog: Operation Dianxun appeared first on McAfee Blog….
This article explains the categories of cookie consent and technical storage/access purposes used to process user data, including necessary, preference, statistical, and marketing uses. It notes that refusing consent may limit some site features and that certain statistical or advertising uses can persist without personally identifying users. #cookies #consent…