BLOG 2024 AI blog APT blog Attack blog BigBrother blog BotNet blog Cyber blog Cryptocurrency blog Exploit blog Hacking blog ICS blog Incident blog IoT blog Malware blog OS Blog Phishing blog Ransom blog Safety blog Security blog Social blog Spam blog Vulnerebility blog 2024 2023
H January(21) February(46) March(44) April(33) May(35) June(67) July(84) August(0) September(0) October(0) November(0) December(0)
DATE | NAME |
Info |
CATEG. |
WEB |
|
27.7.24 |
Security awareness and measures to detect and prevent sophisticated risks associated with QR code-based phishing attacks (quishing) | |||
|
27.7.24 |
Trend Experts Weigh in on Global IT Outage Caused by CrowdStrike |
On July 19, 2024, a large-scale outage emerged affecting Windows computers for many industries across the globe from financial institutions to hospitals to airlines. The source of this outage came from a single content update from CrowdStrike. | ||
|
27.7.24 |
Play Ransomware Group’s New Linux Variant Targets ESXi, Shows Ties With Prolific Puma |
Trend Micro threat hunters discovered that the Play ransomware group has been deploying a new Linux variant that targets ESXi environments. Read our blog entry to know more. | ||
|
27.7.24 |
The Potential Impact of the OpenSSH Vulnerabilities CVE-2024–6387 and CVE-2024-6409 |
We check the OpenSSH vulnerabilities CVE-2024–6387 and CVE-2024-6409, examining their potential real-world impact and the possibility of exploitation for CVE-2024–6387 in x64 systems. | ||
|
27.7.24 |
This blog will focus on the threat actor’s background and previous actions, the attack chain, and the wiper’s internals and reused code. | |||
|
27.7.24 |
Cuckoo Spear – the latest Nation-state Threat Actor targeting Japanese companies |
Highly sophisticated, well-funded, and strategically motivated nation-state cybersecurity threats are complex and challenging, requiring advanced cybersecurity measures, threat intelligence, and international cooperation. | ||
|
27.7.24 |
Proactive Protection: How SonicWall's security operations center (SOC) safeguards MSPs around the clock. | |||
|
27.7.24 |
Critical Splunk Vulnerability CVE-2024-36991: Patch Now to Prevent Arbitrary File Reads |
The SonicWall Capture Labs threat research team became aware of an arbitrary file read vulnerability affecting Splunk Enterprise installations. Identified as CVE-2024-36991 and given a CVSSv3 score of 7.5, the vulnerability is more severe than it initially appeared. | ||
|
27.7.24 |
Volcano Demon Group Targets Idealease Inc. Using LukaLocker Ransomware |
The SonicWall Capture Labs threats research team has recently been tracking new ransomware known as LukaLocker. | ||
|
27.7.24 |
When tackling a new vulnerability research target, especially a closed-source one, I prioritize gathering as much information about it as possible. This gets especially interesting when it's a subsystem as old and fundamental as the Windows registry. | |||
|
27.7.24 |
Researchers from Palo Alto Networks have identified two vulnerabilities in LangChain, a popular open source generative AI framework with over 81,000 stars on GitHub: | |||
|
27.7.24 |
The ransomware group RA Group, now known as RA World, showed a noticeable uptick in their activity since March 2024. About 37% of all posts on their dark web leak site have appeared since March, suggesting this is an emerging group to watch. This article describes the tactics, techniques and procedures (TTPs) used by RA World. | |||
|
27.7.24 |
This network is a highly sophisticated operation that acts as a Distribution as a Service (DaaS). It allows threat actors to share malicious links or malware for distribution through highly victim-oriented phishing repositories. | |||
|
27.7.24 |
We propose a new injection technique: Thread Name-Calling, and offer the advisory related to implementing protection. | |||
|
27.7.24 |
Seeing a “blue screen of death,” often with code that looks indecipherable, has been ingrained into our heads that it’s a “hack." | |||
|
27.7.24 |
Telegram for Android hit by a zero-day exploit – Week in security with Tony Anscombe |
Attackers abusing the "EvilVideo" vulnerability could share malicious Android payloads via Telegram channels, groups, and chats, all while making them appear as legitimate multimedia files | ||
|
27.7.24 |
Building cyber-resilience: Lessons learned from the CrowdStrike incident | |||
|
27.7.24 |
ESET researchers have discovered threats abusing the success of the Hamster Kombat clicker game | |||
|
27.7.24 |
Cursed tapes: Exploiting the EvilVideo vulnerability on Telegram for Android | |||
|
27.7.24 |
How a signed driver exposed users to kernel-level threats – Week in Security with Tony Anscombe | |||
|
27.7.24 |
Beyond the blue screen of death: Why software updates matter | |||
|
27.7.24 | ||||
|
20.7.24 | ClickFix Deception: A Social Engineering Tactic to Deploy Malware | McAfee Labs has discovered a highly unusual method of malware delivery, referred to by researchers as the “Clickfix” infection chain. The attack chain begins with users being lured to visit seemingly legitimate but compromised websites. Upon visiting, victims are redirected to domains hosting fake popup windows that instruct them to paste a script into a PowerShell terminal. | Malware blog | McAfee |
|
20.7.24 | CVE-2024-38112: Void Banshee Targets Windows Users Through Zombie Internet Explorer in Zero-Day Attacks | Our threat hunters discovered CVE-2024-38112, which was used as a zero-day by APT group Void Banshee, to access and execute files through the disabled Internet Explorer using MSHTML. We promptly identified and reported this zero-day vulnerability to Microsoft, and it has been patched. | Vulnerebility blog | Trend Micro |
|
20.7.24 | Trend Experts Weigh in on Global IT Outage Caused by CrowdStrike | On July 19, 2024, a large-scale outage emerged affecting Windows computers for many industries across the globe from financial institutions to hospitals to airlines. The source of this outage came from a single content update from CrowdStrike. | Cyber blog | Trend Micro |
|
20.7.24 | Play Ransomware Group’s New Linux Variant Targets ESXi, Shows Ties With Prolific Puma | Trend Micro threat hunters discovered that the Play ransomware group has been deploying a new Linux variant that targets ESXi environments. Read our blog entry to know more. | Ransom blog | Trend Micro |
|
20.7.24 | The Potential Impact of the OpenSSH Vulnerabilities CVE-2024–6387 and CVE-2024-6409 | We check the OpenSSH vulnerabilities CVE-2024–6387 and CVE-2024-6409, examining their potential real-world impact and the possibility of exploitation for CVE-2024–6387 in x64 systems. | Vulnerebility blog | Trend Micro |
|
20.7.24 | Teaming up with IBM to secure critical SAP workloads | Trend Micro partners with IBM to offer advanced threat detection and response for protecting critical infrastructures running on IBM Power servers | Cyber blog | Trend Micro |
|
20.7.24 | An In-Depth Look at Crypto-Crime in 2023 Part 2 | In 2023, the cryptocurrency industry faced a significant increase in illicit activities, including money laundering, fraud, and ransomware attacks. Ransomware attacks were especially prevalent and profitable for attackers. However, other forms of criminal activity also saw a rise. | Cryptocurrency blog | Trend Micro |
|
20.7.24 | Container Breakouts: Escape Techniques in Cloud Environments | Container escapes are a notable security risk for organizations, because they can be a critical step of an attack chain that can allow malicious threat actors access. We previously published one such attack chain in an article about a runC vulnerability. | Vulnerebility blog | Palo Alto |
|
20.7.24 | Beware of BadPack: One Weird Trick Being Used Against Android Devices | This article discusses recent samples of BadPack Android malware and examines how this threat’s tampered headers can obstruct malware analysis. We also review the effectiveness of various freely available tools for analyzing BadPack Android Package Kit (APK) files. | Malware blog | Palo Alto |
|
20.7.24 | NEW BUGSLEEP BACKDOOR DEPLOYED IN RECENT MUDDYWATER CAMPAIGNS | MuddyWater, an Iranian threat group affiliated with the Ministry of Intelligence and Security (MOIS), has significantly increased its activities in Israel since the beginning of the Israel-Hamas war in October 2023. This parallels with activities against targets in Saudi Arabia, Turkey, Azerbaijan, India and Portugal. | Malware blog | Checkpoint |
|
20.7.24 | It's best to just assume you’ve been involved in a data breach somehow | Telecommunications provider AT&T disclosed earlier this month that adversaries stole a cache of data that contained the phone numbers and call records of “nearly all” of its customers. | Incident blog | Cisco Blog |
|
20.7.24 | HotPage: Story of a signed, vulnerable, ad-injecting driver | A study of a sophisticated Chinese browser injector that leaves more doors open! | Malware blog | Eset |
|
20.7.24 | Small but mighty: Top 5 pocket-sized gadgets to boost your ethical hacking skills | These five formidable bits of kit that can assist cyber-defenders in spotting chinks in corporate armors and help hobbyist hackers deepen their understanding of cybersecurity | Cyber blog | Eset |
|
20.7.24 | Hello, is it me you’re looking for? How scammers get your phone number | Your humble phone number is more valuable than you may think. Here’s how it could fall into the wrong hands – and how you can help keep it out of the reach of fraudsters. | Security blog | Eset |
|
20.7.24 | Should ransomware payments be banned? – Week in security with Tony Anscombe | Blanket bans on ransomware payments are a much-debated topic in cybersecurity and policy circles. What are the implications of outlawing the payments, and would the ban be effective? | Ransom blog | Eset |
|
13.7.24 | Application Security report: 2024 update | Cloudflare’s updated 2024 view on Internet cyber security trends spanning global traffic insights, bot traffic insights, API traffic insights, and client-side risks... | Cyber blog | Cloudflare |
|
13.7.24 | Euro 2024’s impact on Internet traffic: a closer look at finalists Spain and England | Here we examine how UEFA Euro 2024 football matches have influenced Internet traffic patterns in participating countries, with a special focus on the two finalists, Spain and England, on their journey to the final... | BigBrother blog | Cloudflare |
|
13.7.24 | Cloudflare Zaraz adds support for server-side rendering of X and Instagram embeds | We are thrilled to announce Cloudflare Zaraz support for server-side rendering of embeds from X and Instagram. This allows for secure, privacy-preserving, and performant embedding without third-party JavaScript or cookies, enhancing security, privacy, and performance on your website... | Social blog | Cloudflare |
|
13.7.24 | DDoS threat report for 2024 Q2 | Welcome to the 18th edition of the Cloudflare DDoS Threat Report. Released quarterly, these reports provide an in-depth analysis of the DDoS threat landscape as observed across the Cloudflare network. This edition focuses on the second quarter of 2024... | Attack blog | Cloudflare |
|
13.7.24 | RADIUS/UDP vulnerable to improved MD5 collision attack | The RADIUS protocol is commonly used to control administrative access to networking gear. Despite its importance, RADIUS hasn’t changed much in decades. We discuss an attack on RADIUS as a case study for why it’s important for legacy protocols to keep up with advancements in cryptography... | Attack blog | Cloudflare |
|
13.7.24 | French elections: political cyber attacks and Internet traffic shifts | Check the dynamics of the 2024 French legislative elections, the surprising election results’ impact on Internet traffic changes, and the cyber attacks targeting political parties... | BigBrother blog | Cloudflare |
|
13.7.24 | UK election day 2024: traffic trends and attacks on political parties | Here, we explore the dynamics of Internet traffic and cybersecurity during the UK’s 2024 general election, highlighting late-day traffic changes and a post-vote attack on a political party... | BigBrother blog | Cloudflare |
|
13.7.24 | Cloudflare 1.1.1.1 incident on June 27, 2024 | On June 27, 2024, a small number of users globally may have noticed that 1.1.1.1 was unreachable or degraded. The root cause was a mix of BGP (Border Gateway Protocol) hijacking and a route leak... | Incident blog | Cloudflare |
|
13.7.24 | First round of French election: party attacks and a modest traffic dip | How Cloudflare mitigated DDoS attacks targeting French political parties during the 2024 legislative elections, as detailed in our ongoing election coverage... | Attack blog | Cloudflare |
|
13.7.24 | Declare your AIndependence: block AI bots, scrapers and crawlers with a single click | To help preserve a safe Internet for content creators, we’ve just launched a brand new “easy button” to block all AI bots. It’s available for all customers, including those on our free tier... | AI blog | Cloudflare |
|
13.7.24 | HardBit Ransomware version 4.0 | In this Threat Analysis report, Cybereason Security Services investigates HardBit Ransomware version 4.0, a new version observed in the wild. | Ransom blog | Cybereason |
|
13.7.24 | Cactus Ransomware: New strain in the market | Cactus is another variant in the ransomware family. It exploits VPN vulnerability(CVE-2023-38035) to enter into an internal organization network and deploys varies payloads for persistence(Scheduled Task/Job), C2 connection via RMM tools(Anydesk.exe) and encryption. | Ransom blog | Trelix |
|
13.7.24 | The Mechanics of ViperSoftX: Exploiting AutoIt and CLR for Stealthy PowerShell Execution | ViperSoftX uses CLR to embed and execute PowerShell commands within AutoIt, seamlessly integrating malicious functions while evading detection with an AMSI bypass. | Malware blog | Trelix |
|
13.7.24 | Cracking Cobalt Strike: Taking Down Malicious Cybercriminal Infrastructure with Threat Intelligence | Trellix and global law enforcement dismantle malicious Cobalt Strike infrastructure, enhancing cybersecurity and protecting critical sectors. Learn about our fight against cybercrime. | APT blog | Trelix |
|
13.7.24 | Disarming DarkGate: A Deep Dive into Thwarting the Latest DarkGate Variant | The SonicWall RTDMI ™ engine has recently protected users against the distribution of the “6.6” variant of DarkGate malware by a phishing email campaign containing PDF files as an attachment. DarkGate is an advanced Remote Access Trojan that has been widely active since 2018. The RAT has been marketed as Malware-as-a-Service in underground forums, and threat actors are actively updating its code. The malware supports a wide range of features, including (Anti-VM Anti-AV Delay Execution multi-variant support and process hollowing, etc.), which are controlled by flags in the configuration data. | Malware blog | SonicWall |
|
13.7.24 | Microsoft Security Bulletin Coverage for July 2024 | Microsoft’s July 2024 Patch Tuesday has 138 vulnerabilities, 59 of which are Remote Code Execution. The SonicWall Capture Lab’s threat research team has analyzed and addressed Microsoft’s security advisories for the month of July 2024 and has produced coverage for 7 of the reported vulnerabilities. | Vulnerebility blog | SonicWall |
|
13.7.24 | Adobe Commerce Unauthorized XXE Vulnerability | The SonicWall Capture Labs threat research team became aware of an XML External Entity Reference vulnerability affecting Adobe Commerce and Magento Open Source. It is identified as CVE-2024-34102 and given a critical CVSSv3 score of 9.8. Labeled as an Improper Restriction of XML External Entity Reference (‘XXE’) vulnerability and categorized as CWE-611, this vulnerability allows an attacker unauthorized access to private files, such as those containing passwords. Successful exploitation could lead to arbitrary code execution, security feature bypass, and privilege escalation. | Vulnerebility blog | SonicWall |
|
13.7.24 | An In-Depth Look at Crypto-Crime in 2023 Part 2 | In 2023, the cryptocurrency industry faced a significant increase in illicit activities, including money laundering, fraud, and ransomware attacks. Ransomware attacks were especially prevalent and profitable for attackers. However, other forms of criminal activity also saw a rise. | Cryptocurrency blog | Trend Micro |
|
13.7.24 | Network detection & response: the SOC stress reliever | Cybersecurity teams are well-equipped to handle threats to technology assets that they manage. But with unmanaged devices providing ideal spots for attackers to lurk unseen, network detection and response capabilities have become vitally important. | Cyber blog | Trend Micro |
|
13.7.24 | An In-Depth Look at Crypto-Crime in 2023 Part 1 | Cybersecurity is a growing concern in today's digital age, as more sensitive information is stored and transmitted online. With the rise of cryptocurrencies, there has also been a rise in crypto-crimes, which pose a significant threat to the security of both individuals and businesses. | Cryptocurrency blog | Trend Micro |
|
13.7.24 | The Top 10 AI Security Risks Every Business Should Know | With every week bringing news of another AI advance, it’s becoming increasingly important for organizations to understand the risks before adopting AI tools. This look at 10 key areas of concern identified by the Open Worldwide Application Security Project (OWASP) flags risks enterprises should keep in mind through the back half of the year. | AI blog | Trend Micro |
|
13.7.24 | DarkGate: Dancing the Samba With Alluring Excel Files | This article reviews a DarkGate malware campaign from March-April 2024 that uses Microsoft Excel files to download a malicious software package from public-facing SMB file shares. This was a relatively short-lived campaign that illustrates how threat actors can creatively abuse legitimate tools and services to distribute their malware. | Malware blog | Palo Alto |
|
13.7.24 | Dissecting GootLoader With Node.js | This article shows how to circumvent anti-analysis techniques from GootLoader malware while using Node.js debugging in Visual Studio Code. This evasion technique used by GootLoader JavaScript files can present a formidable challenge for sandboxes attempting to analyze the malware. | Malware blog | Palo Alto |
|
13.7.24 | The Contrastive Credibility Propagation Algorithm in Action: Improving ML-powered Data Loss Prevention | The Contrastive Credibility Propagation (CCP) algorithm is a novel approach to semi-supervised learning (SSL) developed by AI researchers at Palo Alto Networks to improve model task performance with imbalanced and noisy labeled and unlabeled data. | AI blog | Palo Alto |
|
13.7.24 | EXPLORING COMPILED V8 JAVASCRIPT USAGE IN MALWARE | In recent months, CPR has been investigating the usage of compiled V8 JavaScript by malware authors. Compiled V8 JavaScript is a lesser-known feature in V8, Google’s JavaScript engine, that enables the compilation of JavaScript into low-level bytecode. This technique assists attackers in evading static detections and hiding their original source code, rendering it almost impossible to analyze statically. | Exploit blog | Checkpoint |
|
13.7.24 | RESURRECTING INTERNET EXPLORER: THREAT ACTORS USING ZERO-DAY TRICKS IN INTERNET SHORTCUT FILE TO LURE VICTIMS (CVE-2024-38112) | Check Point Research recently discovered that threat actors have been using novel (or previously unknown) tricks to lure Windows users for remote code execution. | Vulnerebility blog | Checkpoint |
|
13.7.24 | Inside the ransomware playbook: Analyzing attack chains and mapping common TTPs | Based on a comprehensive review of more than a dozen prominent ransomware groups, we identified several commonalities in TTPs, along with several notable differences and outliers. | Ransom blog | Cisco Blog |
|
13.7.24 | Impact of data breaches is fueling scam campaigns | Data breaches have become one of the most crucial threats to organizations across the globe, and they’ve only become more prevalent and serious over time. | Incident blog | Cisco Blog |
|
13.7.24 | Hidden between the tags: Insights into spammers’ evasion techniques in HTML Smuggling | Talos is releasing a new list of CyberChef recipes that enable faster and easier reversal of encoded JavaScript code contained in the observed HTML attachments. | Spam blog | Cisco Blog |
|
13.7.24 | How do cryptocurrency drainer phishing scams work? | In recent months, a surge in cryptodrainer phishing attacks has been observed, targeting cryptocurrency holders with sophisticated schemes aimed at tricking them into divulging their valuable credentials. | Cryptocurrency blog | Cisco Blog |
|
13.7.24 | Checking in on the state of cybersecurity and the Olympics | Even if a threat actor isn’t successful in some widespread breach that makes international headlines, even smaller-scale threats and actors are just hoping to cause chaos. | Cyber blog | Cisco Blog |
|
13.7.24 | 15 vulnerabilities discovered in software development kit for wireless routers | Talos researchers discovered these vulnerabilities in the Jungle SDK while researching other vulnerabilities in the LevelOne WBR-6013 wireless router. | Vulnerebility blog | Cisco Blog |
|
13.7.24 | Largest Patch Tuesday in 3 months includes 5 critical vulnerabilities | This is the largest Patch Tuesday since April, when Microsoft patched 150 vulnerabilities. | Vulnerebility blog | Cisco Blog |
|
13.7.24 | Understanding IoT security risks and how to mitigate them | Cybersecurity podcast | As security challenges loom large on the IoT landscape, how can we effectively counter the risks of integrating our physical and digital worlds? | IoT blog | Eset |
|
13.7.24 | 5 common Ticketmaster scams: How fraudsters steal the show | Scammers gonna scam scam scam, so before hunting for your tickets to a Taylor Swift gig or other in-demand events, learn how to stop fraudsters from leaving a blank space in your bank account | Spam blog | Eset |
|
6.7.24 | Turning Jenkins Into a Cryptomining Machine From an Attacker's Perspective | In this blog entry, we will discuss how the Jenkins Script Console can be weaponized by attackers for cryptomining activity if not configured properly. | Cryptocurrency blog | Trend Micro |
|
6.7.24 | Mekotio Banking Trojan Threatens Financial Systems in Latin America | We’ve recently seen a surge in attacks involving the Mekotio banking trojan. In this blog entry, we'll provide an overview of the trojan and what it does. | Malware blog | Trend Micro |
|
6.7.24 | High-Risk Path Traversal in SolarWinds Serv-U | The SonicWall Capture Labs threat research team became aware of a path traversal vulnerability in SolarWinds Serv-U, assessed its impact and developed mitigation measures. | Vulnerebility blog | SonicWall |
|
6.7.24 | Not If, But When: The Need for a SOC and Introducing the SonicWall European SOC | When you think about cyber threats or attacks, what comes to mind? It’s easy to associate cyberattacks with large enterprises since those are the attacks that frequently make the news. | Security blog | SonicWall |
|
6.7.24 | The Hidden Danger of PDF Files with Embedded QR Codes | The SonicWall Capture Labs threat research team has been observing PDF files with QR codes being abused by malware authors to deceive users for a long time. | Malware blog | SonicWall |
|
6.7.24 | Attackers Exploiting Public Cobalt Strike Profiles | In this article, Unit 42 researchers detail recent findings of malicious Cobalt Strike infrastructure. We also share examples of malicious Cobalt Strike samples that use Malleable C2 configuration profiles derived from the same profile hosted on a public code repository. | Exploit blog | Palo Alto |
|
6.7.24 | MODERN CRYPTOGRAPHIC ATTACKS: A GUIDE FOR THE PERPLEXED | Cryptographic attacks, even more advanced ones, are often made more difficult to understand than they need to be. Sometimes it’s because the explanation is “too much too soon” — it skips the simple general idea and goes straight to real world attacks with all their messy details. | Attack blog | Checkpoint |
|
6.7.24 |
Social media and teen mental health – Week in security with Tony Anscombe | Social media sites are designed to make their users come back for more. Do laws restricting children's exposure to addictive social media feeds have teeth or are they a political gimmick? | Social blog | Eset |
|
6.7.24 | No room for error: Don’t get stung by these common Booking.com scams | From sending phishing emails to posting fake listings, here’s how fraudsters hunt for victims while you’re booking your well-earned vacation | Phishing blog | Eset |
|
6.7.24 | AI in the workplace: The good, the bad, and the algorithmic | While AI can liberate us from tedious tasks and even eliminate human error, it's crucial to remember its weaknesses and the unique capabilities that humans bring to the table | AI blog | Eset |
|
6.7.24 | Hijacked: How hacked YouTube channels spread scams and malware | Here’s how cybercriminals go after YouTube channels and use them as conduits for fraud – and what you should watch out for when watching videos on the platform | Malware blog | Eset |
|
6.7.24 | Key trends shaping the threat landscape in H1 2024 – Week in security with Tony Anscombe | Learn about the types of threats that 'topped the charts' and the kinds of techniques that bad actors leveraged most commonly in the first half of this year | Security blog | Eset |