ALERTS EXPLOIT

HOME  APT  BOTNET  CAMPAIGN  CRIME  CRYPTOCURRENCY  EXPLOIT  HACKING  GROUP  OPERATION  PHISHING  RANSOM  SPAM  VIRUS  VULNEREBILITY 

DATE

NAME

CATEGORY

SUBCATE

INFO

8.8.24

SbaProxy leveraged to hijack legitimate antivirus software

ALERTS

EXPLOITA recent report detailed how threat actors are leveraging a tool dubbed 'SbaProxy' disguised as a legitimate anti-virus software component to be able to create a proxy connection through a C2 server. The tool is distributed with malicious intent and in multiple formats such as DLLs, EXEs, and PowerShell scripts, which makes it challenging to detect due to its authentic look and advanced functionality. 

27.7.24

Malware campaign exploits SEO poisoning to target W2 Form seekersALERTSEXPLOITA malware campaign has been reported targeting users searching for W2 forms through SEO poisoning techniques. Victims are redirected to spoofed IRS websites, where they are lured into downloading a masqueraded JS file disguised as a W2 form.

19.7.24

Zero-Day Exploit: Malicious .url Files Leveraging CVE-2024-38112 on WindowsALERTSEXPLOITAn ongoing campaign targeting Windows users has been observed. Threat actors distribute phishing emails containing Windows Internet Shortcut files with a .url extension.

10.5.24

Exploitation of Ivanti Pulse Secure vulnerabilities for Mirai botnet deliveryALERTSEXPLOITIn January of this year, Ivanti reported two vulnerabilities, CVE-2023-46805 (Authentication Bypass) & CVE-2024-21887 (Command Injection), affecting Ivanti Connect Secure and Ivanti Policy Secure Gateways.

10.5.24

Russian bulletproof hosting services exploited for malicious activities, SocGholish malware campaignsALERTSEXPLOITThe use of Russian bulletproof hosting services for hosting malicious activities, including command-and-control (C2) servers and phishing pages distributing SocGholish malware, has been reported. Multiple malware campaigns in recent months have utilized the Matanbuchus loader, with their C2 infrastructure hosted on bulletproof hosting services like "Proton66 OOO".