Summary: Security researcher Peter Gabaldon disclosed critical vulnerabilities in TeamViewer, enabling local privilege escalation attacks on Windows systems. The flaws, CVE-2024-7479 and CVE-2024-7481, arise from improper cryptographic signature verification during …
Tag: VPN
Summary: Cisco has issued a security advisory regarding multiple vulnerabilities in its Small Business RV340 series routers, which could allow remote attackers to escalate privileges and execute arbitrary commands. These …
Summary: The APT hacking group FIN7 has created a network of fake AI-powered deepnude generator websites to distribute information-stealing malware to unsuspecting visitors. This sophisticated operation leverages controversial technology to …
Summary: A new ‘FakeUpdate’ campaign in France exploits compromised websites to deliver fake browser and application updates, distributing the WarmCookie backdoor. This cyberattack strategy, employed by the threat group ‘SocGolish’, …
Since mid-2023, the Sekoia Threat Detection & Research team has been investigating a sophisticated cyber attack infrastructure that utilizes compromised edge devices as Operational Relay Boxes (ORBs). This …
Short Summary:
This article discusses a vishing attack that targeted a remote employee in the hospitality sector, leading to unauthorized access to the customer’s network. Darktrace’s anomaly-based threat detection successfully …
Silent Push research reveals that the FIN7 threat group is employing new tactics, including the use of an AI “DeepNude Generator” across multiple websites to distribute malware. The …
Meow, a ransomware group that emerged in 2022, has gained attention for its unique operational model and rising victim count. It is often linked to Meow Leaks, which …
Summary: A UK national, Robert B. Westbrook, has been charged with a “hack-to-trade” scheme that involved breaking into the Office365 accounts of executives at publicly traded companies to obtain insider …
Short Summary:
In July 2024, a ReliaQuest customer in the manufacturing sector experienced a data exfiltration attack. The threat actor exploited a Fortinet firewall and used a brute-force attack on …
Short Summary:
This article discusses the challenges of identifying attack vectors in human-operated ransomware attacks and highlights the potential of using Windows event logs to trace ransomware activities. It details …
Short Summary:
In the first half of 2024, Darktrace Threat Research observed multiple cyber attack campaigns targeting vulnerabilities in internet-facing systems, particularly focusing on Fortinet’s FortiClient EMS. A critical SQL …
Summary: TeamViewer has disclosed two critical vulnerabilities, CVE-2024-7479 and CVE-2024-7481, affecting its Remote Client and Remote Host products for Windows, both rated with a CVSS score of 8.8. These vulnerabilities …
Threat Actor: Unknown | Unknown Victim: Prominent Telecommunications Company | Prominent Telecommunications Company Price: Negotiable Exfiltrated Data Type: Full network access, critical infrastructure
Key Points :
Threat actor claims to…Short Summary:
The article discusses the activities of IT workers operating on behalf of North Korea, specifically focusing on their tactics to gain employment in Western companies. These workers use …
Short Summary:
The article discusses the detection and response to the Poseidon Stealer malware by eSentire’s Threat Response Unit (TRU). This malware targets macOS devices and employs deceptive techniques to …
Threat Actor: Unknown | Unknown Victim: Neom Project and MiSK Foundation | Neom Project and MiSK Foundation Price: $500 billion – $1 trillion Exfiltrated Data Type: VPN and database access …
Summary: UNC1860 is an Iranian state-sponsored threat actor linked to the Ministry of Intelligence and Security, known for its sophisticated tooling and persistent access to high-priority networks in the Middle …
Short Summary:
AhnLab Security Intelligence Center (ASEC) has reported on an attack involving MS-SQL servers, where threat actors exploited weak credentials and installed GotoHTTP, a remote control tool, to gain …
Short Summary:
UNC1860 is an Iranian state-sponsored threat actor associated with espionage and cyber operations, particularly targeting government and telecommunications sectors in the Middle East. The group employs specialized tools …
Summary: Unidentified hackers are targeting companies in the construction industry by exploiting vulnerabilities in the Foundation accounting software, particularly through brute-force login attempts. Researchers from Huntress have identified numerous instances …
Threat Actor: Unknown | Unknown Victim: Major Spanish University | Major Spanish University Price: $1,000 Exfiltrated Data Type: Sensitive academic and administrative data
Key Points :
A threat actor claims…Short Summary:
The article discusses the detection and analysis of the Poseidon Stealer malware by eSentire’s Threat Response Unit (TRU). This malware specifically targets macOS devices and employs deceptive techniques …
The report from Cyfirma provides an in-depth analysis of the Gomorrah Stealer, a sophisticated information-stealing malware operating within a malware-as-a-service (MaaS) framework. It targets sensitive data from various …
Summary: ESET researchers have analyzed the activities of the CosmicBeetle threat actor, focusing on its newly developed ScRansom ransomware and its connections to other ransomware groups, including LockBit and RansomHub. …
Summary: The Quad7 botnet is evolving its operations by targeting additional SOHO devices with custom malware, including Zyxel VPN appliances and Ruckus wireless routers, while employing new tactics for stealthier …
ESET researchers have documented the activities of the CosmicBeetle threat actor, focusing on its newly developed ScRansom ransomware. This group has replaced its previous ransomware, Scarab, with ScRansom, …
Short Summary:
Repellent Scorpius is a newly emerged ransomware-as-a-service (RaaS) group distributing Cicada3301 ransomware, first identified in May 2024. The group employs a double extortion scheme, encrypting data and threatening …
Summary: The report discusses the growing trend of threat actors exploiting legitimate IT tools for malicious operations, termed CAMO (Commercial Applications, Malicious Operations), which allows them to bypass security measures …
The Sekoia TDR team has uncovered new developments related to the Quad7 botnet operators, who are compromising various SOHO routers and VPN appliances. The operators are evolving their …
Short Summary:
EclecticIQ analysts have researched ransomware operations, particularly focusing on SCATTERED SPIDER, a group targeting cloud infrastructures in the insurance and financial sectors. They employ social engineering tactics, including …
Summary: SonicWall has issued a warning regarding a critical access control vulnerability (CVE-2024-40766) in SonicOS that is potentially being exploited in the wild, urging administrators to apply patches immediately. The …
Threat Actor: Unknown | unknown Victim: Taiwanese Bank | Taiwanese Bank Price: Negotiable Exfiltrated Data Type: Unauthorized VPN Access
Key Points :
Target: Major Taiwanese bank headquartered in Taipei. Revenue:…Summary: Hackers stole approximately $27 million worth of cryptocurrency from the Penpie DeFi protocol, prompting the company to halt withdrawals and file reports with local authorities and the FBI. Despite …
Summary: The Fog Ransomware group has expanded its targeting from education and recreation sectors to the financial services sector, successfully launching an attack that was mitigated by Adlumin’s advanced security …
Short Summary:
Fog ransomware, first detected in May 2024, is a new strain targeting US educational organizations. Darktrace’s investigation revealed a rapid attack cycle, utilizing compromised VPN credentials for initial …
Cyble Research and Intelligence Labs (CRIL) has identified an ongoing spear-phishing campaign by the Gamaredon APT group, targeting Ukrainian military personnel. The campaign utilizes malicious XHTML attachments that …
Summary: Hackers are now targeting fellow cybercriminals with a deceptive OnlyFans tool that claims to assist in account theft but instead infects them with the Lumma stealer malware. This incident …
In June 2024, Zscaler ThreatLabz reported on BlindEagle, an APT actor targeting the Colombian insurance sector through phishing emails. The actor utilizes the BlotchyQuasar RAT to gain access …
Short Summary:
The Fog Ransomware group has shifted its focus from targeting educational and recreational sectors to attacking financial services. Adlumin successfully thwarted a ransomware attack in August 2024, utilizing …
Summary: Initial access brokers (IABs) are increasingly targeting large organizations, particularly in the US and business services sector, with a notable rise in listings for high-revenue companies. Despite the growing …
Summary: Version 4.0.1 of the Payment Card Industry Data Security Standard (PCI DSS) introduces significant changes aimed at enhancing security in response to evolving technologies and threats, with a focus …
Summary: Zyxel has released critical security updates for multiple models of its business routers to address a severe OS command injection vulnerability (CVE-2024-7261) that could allow unauthenticated attackers to execute …
Short Summary:
Mallox is a sophisticated ransomware family that has been actively attacking organizations globally since 2021. With over 700 samples discovered, it has evolved significantly, particularly in 2023 and …