Threatwire Summary
Threatwire SummaryThe video discusses a record-setting DDoS attack mitigated by Cloudflare, reaching peaks of 3.8 terabits per second and affecting various sectors without interrupting service. Additionally, new …
Threatwire Summary
Threatwire SummaryThe video discusses a record-setting DDoS attack mitigated by Cloudflare, reaching peaks of 3.8 terabits per second and affecting various sectors without interrupting service. Additionally, new …
Summary: A critical security vulnerability, CVE-2024-45720, has been discovered in Apache Subversion, affecting Windows platforms and allowing for command line argument injection that could lead to the execution of unintended …
Summary: Recent research has revealed that a set of four vulnerabilities in the Common Unix Printing System (CUPS) not only allows for remote code execution but also enables attackers to …
ThreatWire Summary
Summary of ThreatWire VideoThe video discusses the recent breaches in security involving Meta and a significant car hacking vulnerability related to Kia models, along with new vulnerabilities …
Short Summary:
Vulnerabilities in the Common Unix Printing System (CUPS) allow remote attackers to exploit the “cups-browsed” process, potentially executing arbitrary commands on affected systems. Four CVEs have been identified, …
Summary: Multiple critical vulnerabilities have been identified in the Common Unix Printing System (CUPS), allowing remote unauthenticated attackers to execute arbitrary commands on affected systems. Security researcher Simone Margaritelli detailed …
In March 2024, Elastic Security Labs uncovered a sophisticated Linux malware campaign targeting vulnerable servers. The attackers exploited an Apache2 web server to gain initial access and deployed …
Summary: A critical security vulnerability (CVE-2023-27584) has been identified in Dragonfly2, an open-source file distribution system, due to a hard-coded cryptographic key that allows unauthorized access. Users are urged to …
The SonicWall Capture Labs threat research team has identified a critical zero-click vulnerability, CVE-2024-20017, affecting MediaTek Wi-Fi chipsets. This vulnerability allows remote code execution without user interaction and …
Threat Actor: CyberVolk | CyberVolk Victim: University of Waterloo, Linköping University | University of Waterloo, Linköping University Price: $2,000 (per university) Exfiltrated Data Type: Databases
Key Points :
CyberVolk claims…Short Summary:
The article discusses the sophisticated cyber operations conducted by DPRK-affiliated threat groups, particularly focusing on their use of social engineering tactics and Python programming for initial access to …
Summary: Aqua Nautilus researchers have discovered a new Linux malware named Hadooken, which targets Weblogic servers and deploys a cryptominer and Tsunami malware. The attack exploits weak passwords to gain …
Short Summary:
Cado Security has identified two campaigns targeting the Selenium Grid, a popular web testing tool, to deploy a sophisticated cryptominer named “perfcc”. These campaigns exploit misconfigured instances of …
Short Summary:
Aqua Nautilus researchers have identified a new Linux malware named Hadooken, targeting Weblogic servers. The malware exploits weak passwords to gain initial access, drops Tsunami malware, and deploys …
Summary: Recent vulnerabilities in the Dovecot mail server, identified as CVE-2024-23184 and CVE-2024-23185, could allow attackers to execute denial-of-service (DoS) attacks by overwhelming the server with excessive or overly large …
Short Summary:
Head Mare is a hacktivist group that emerged in 2023, targeting organizations in Russia and Belarus. They utilize phishing campaigns exploiting vulnerabilities in WinRAR to gain initial access …
Short Summary:
The article discusses the rapid exploitation of critical vulnerabilities, particularly focusing on CVE-2024-27198 in TeamCity On-Premises. Following its disclosure, threat actors quickly attempted to exploit this vulnerability, leading …
Short Summary:
This article discusses the increasing use of Python in malicious activities within the Windows ecosystem. It highlights how attackers exploit Python’s ease of deployment, lack of integration with …
Threat Actor: ProtonMail | ProtonMail Victim: Users of ProtonMail | Users of ProtonMail Price: Free Exfiltrated Data Type: Email address validity, creation date, public key
Key Points :
ProtonMail provides…Summary: Aqua Nautilus researchers have identified PG_MEM, a new type of PostgreSQL malware that employs brute force attacks to infiltrate databases, deploys payloads for stealth operations, and mines cryptocurrency. This …
Short Summary:
The article discusses the rapid exploitation of critical vulnerabilities, particularly focusing on CVE-2024-27198, a severe authentication bypass vulnerability in TeamCity On-Premises. Following its disclosure, threat actors quickly began …
Short Summary:
Aqua Nautilus researchers have discovered PG_MEM, a new PostgreSQL malware that uses brute force attacks to gain access to databases, deploys payloads to conceal its operations, and mines …
Short Summary:
Darktrace reported the swift exploitation of a critical vulnerability (CVE-2024-27198) in JetBrains TeamCity, highlighting the urgent need for rapid detection and response to prevent supply chain attacks. Following …
eSentire’s Threat Response Unit (TRU) investigates the D3F@ck Loader malware, tracing its origins to a developer known as Sergei Panteleevich. The article details the loader’s capabilities, including its …
Short Summary:
Aqua Nautilus researchers have identified a new variant of the Gafgyt botnet that targets machines with weak SSH passwords. This botnet executes binaries from memory to expand its …
Server-Side Template Injection (SSTI) vulnerabilities allow attackers to inject malicious code into server-side templates, leading to arbitrary code execution, data theft, and potential server compromise. Recent trends show …
Summary: Wiz Research has uncovered a cryptomining campaign named “SeleniumGreed” that exploits exposed Selenium Grid services due to their lack of default authentication, allowing threat actors to deploy malicious miners. …
Wiz Research has detected an ongoing threat campaign that exploits exposed Selenium Grid services for cryptomining, dubbed “SeleniumGreed”.
Selenium is among the most commonly used testing frameworks. Our data shows …
Symantec reported a Daggerfly intrusion against a telecoms operator in Africa involving previously unseen plugins for MgBot.
Macma updateMacma is a macOS backdoor that was first documented by Google …
On May 23, 2023, the U.S., Australia, New Zealand, Canada and the U.K. issued a joint advisory about a suspected Chinese state-sponsored threat actor group that infiltrates firewalls, routers and …
Trend Micro threat hunters discovered that the Play ransomware group has been deploying a new Linux variant that targets ESXi environments. Read our blog entry to know more.
Summary:
The…This post is also available in: 日本語 (Japanese)
Executive SummaryThis article reviews container escape techniques, assesses their possible impact and reveals how to detect these escapes from the perspective …
This is Part 2 of our two-part technical deep dive into APT41’s new tooling, DodgeBox and MoonWalk. For details of DodgeBox, go to Part 1.
In Part 2 of this …
On July 11, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Advisory (CSA) detailing the Tactics, Techniques and Procedures (TTPs), mitigation strategies, and detection methods associated with …
This advisory, authored by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), the United States Cybersecurity and Infrastructure Security Agency (CISA), the United States National Security Agency (NSA), …
In early 2023, the Cybersecurity and Infrastructure Security Agency (CISA) conducted a SILENTSHIELD red team assessment against a Federal Civilian Executive Branch (FCEB) organization. During SILENTSHIELD assessments, the …
Attackers have increasingly started using Telegram as a control server (C2). One example is the Lazy Koala group, which we recently discovered and set out to study. While researching bots on Telegram, we found that …
In this blog entry, we will discuss how the Jenkins Script Console can be weaponized by attackers for cryptomining activity if not configured properly.
Summary
Attackers can leverage the Jenkins…In this article, we will analyse an APT group that has attracted a lot of attention and has recently attracted attention for its activities: “Sea Turtle“.…
Summary: The Qualys Threat Research Unit has discovered a Remote Unauthenticated Code Execution vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems, which allows unauthenticated remote code execution as root …
Summary: Gitleaks is an open-source SAST tool designed to detect and prevent hardcoded secrets in Git repositories.
Threat Actor: N/A Victim: N/A
Key Point :
Gitleaks is an open-source SAST…This blog investigates the network-based activity detected by Darktrace in compromises stemming from the exploitation of a vulnerability in Palo Alto Networks firewall devices, namely CVE-2024-3400.
IntroductionPerimeter devices such …