ALERTS HACKING
HOME APT BOTNET CAMPAIGN CRIME CRYPTOCURRENCY EXPLOIT HACKING GROUP OPERATION PHISHING RANSOM SPAM VIRUS VULNEREBILITY
DATE | NAME | CATEGORY | SUBCATE | INFO |
16.8.24 | Discovery of tools and batch scripts targeting Windows and Linux systems | HACKING | According to a recent DFIR report, a range of threat actor tools has been found that can bypass security defenses like Windows Defender and Malwarebytes, delete backups, and disable systems. Among the discovered tools were Ngrok for proxy services and SystemBC, along with two well-known command-and-control frameworks: Sliver and PoshC2. The most recent activity was detected in August 2024. | |
10.7.24 | Protection Highlight: Recent Sideloading Attacks | ALERTS | HACKING | In this bulletin however we'll talk about sideloading as it relates to the cybersecurity field. MITRE defines sideloading attacks in T1574.002 as a type of (search order) Hijack Execution Flow, which exploits the way Windows applications load DLLs. |
3.7.24 | Apple IDs Targeted in US Smishing Campaign | ALERTS | HACKING | Phishing actors continue to target Apple IDs due to their widespread use, which offers access to a vast pool of potential victims. These credentials are highly valued, providing control over devices, access to personal and financial information, and potential revenue through unauthorized purchases. Additionally, |
23.5.24 | Waltuhium Grabber | ALERTS | HACKING | Waltuhium is an open-source infostealer that has been observed being shared in dark web forums. It is claimed to have features such as keylogging, screenshot capturing, WiFi stealing, Discord injection, password stealing, credit card stealing, cryptocurrency and wallet stealing, as well as tokens from Discord and browsers, and session stealing. Additionally, it has anti-VM and anti-debug functionality. The stolen data is zipped and posted to a defined Discord webhook server. |
| 11.4.24 | Metasploit Meterpreter observed in attacks targeting vulnerable Redis servers | ALERTS | HACKING | Meterpreter is an advanced Metasploit attack payload leveraged in penetration testing that uses in-memory DLL injection stagers. The tool has been known to be exploited by various threat actors for a long while now. In a recently reported campaign, Meterpreter has been observed being deployed to vulnerable or misconfigured Redis servers. The attackers have also been using a privilege escalation tool called PrintSpoofer. Meterpreter deployment to vulnerable servers is an initial attack step that might lead to deployment of further arbitrary payloads such as cryptominers or ransomware. |
| 5.4.24 | YouTube Hijacking: Rise in Attack Campaigns Distributing Infostealers | ALERTS | Hack | An increase in attack campaigns utilizing YouTube has been observed, with threat actors hijacking existing popular YouTube accounts to distribute Vidar and LummaC2 Infostealer malwares. Users are lured with videos purporting to offer cracked versions of everyday programs like Adobe. Links provided in the comments section lead to malicious packages uploaded to MediaFire. Consequently, users unwittingly become infected by downloading and executing malicious code instead of the desired program. |