BLOG 2024 AI blog APT blog Attack blog BigBrother blog BotNet blog Cyber blog Cryptocurrency blog Exploit blog Hacking blog ICS blog Incident blog IoT blog Malware blog OS Blog Phishing blog Ransom blog Safety blog Security blog Social blog Spam blog Vulnerebility blog 2024 2023H January(21) February(46) H January(21) February(46) March(44) April(33) May(35) June(67) July(84) August(73) September(0) October(0) November(0) December(0) 2025 January() February() March()
DATE |
NAME |
Info |
CATEG. |
WEB |
31.8.24 |
Silent Intrusions: Godzilla Fileless Backdoors Targeting Atlassian Confluence |
Trend Micro discovered that old Atlassian Confluence versions that were affected by CVE-2023-22527 are being exploited using a new in-memory fileless backdoor. |
||
31.8.24 |
This issue of AI Pulse is all about agentic AI: what it is, how it works, and why security needs to be baked in from the start to prevent agentic AI systems from going rogue once they’re deployed. |
|||
31.8.24 |
Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool |
Threat actors are targeting users in the Middle East by distributing sophisticated malware disguised as the Palo Alto GlobalProtect tool. |
||
31.8.24 |
Cryptojacking via CVE-2023-22527: Dissecting a Full-Scale Cryptomining Ecosystem |
A technical analysis on how CVE-2023-22527 can be exploited by malicious actors for cryptojacking attacks that can spread across the victim’s system. |
||
31.8.24 |
CVE-2024-7928: FastAdmin Unauthenticated Path Traversal Vulnerability |
The SonicWall Capture Labs threat research team became aware of an unauthenticated directory traversal vulnerability affecting FastAdmin installations. Identified as CVE-2024-7928 and with a moderate score of 5.3 CVSSv3, the vulnerability is more severe than it initially appears. |
||
31.8.24 |
This week, the SonicWall Capture Labs threat research team observed an AutoIT-compiled executable that attempts to open Gmail login pages via MS Edge, Google Chrome and Mozilla Firefox. |
|||
31.8.24 |
TLD Tracker: Exploring Newly Released Top-Level Domains |
We investigated 19 new top-level domains (TLDs) released in the past year, which revealed large-scale phishing campaigns, distribution of potentially unwanted programs, torrenting websites, and even pranking and meme campaigns. |
||
31.8.24 |
The Emerging Dynamics of Deepfake Scam Campaigns on the Web |
Our researchers discovered dozens of scam campaigns using deepfake videos featuring the likeness of various public figures, including CEOs, news anchors and top government officials. |
||
31.8.24 |
Autoencoder Is All You Need: Profiling and Detecting Malicious DNS Traffic |
To improve our detection of suspicious network activity, we leveraged a deep learning method to profile and detect malicious DNS traffic patterns. |
||
31.8.24 |
Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environments |
Unit 42 researchers found an extortion campaign's cloud operation that successfully compromised and extorted multiple victim organizations. It did so by leveraging exposed environment variable files (.env files) that contained sensitive variables such as credentials belonging to various applications. |
||
31.8.24 |
ArtiPACKED: Hacking Giants Through a Race Condition in GitHub Actions Artifacts |
This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments. |
||
31.8.24 |
Unmasking ViperSoftX: In-Depth Defense Strategies Against AutoIt-Powered Threats |
Explore in-depth defense strategies against ViperSoftX with the Trellix suite, and unpack why AutoIt is an increasingly popular tool for malware authors |
||
31.8.24 |
August 2024 Bug Report: Explore seven critical vulnerabilities—Ivanti vTM, Windows CLFS, Apache OFBiz, and more. Stay ahead of the threats, patch now! |
|||
31.8.24 |
In recent investigations, Talos Incident Response has observed the BlackByte ransomware group using techniques that depart from their established tradecraft. Read the full analysis. |
|||
31.8.24 |
As we head into the final third of 2024, we caught up with Talos' Nick Biasini to ask him about the biggest shifts and trends in the threat landscape so far. Turns out, he has two major areas of concern. |
|||
31.8.24 |
The vulnerabilities we uncovered by fuzzing µC/OS protocol stacks |
Fuzzing has long been one of our favorite ways to search for security issues or vulnerabilities in software, but when it comes to fuzzing popular systems used in ICS environments, it traditionally involved a custom hardware setup to fuzz the code in its native environment. |
||
31.8.24 |
Any vulnerability in an RTOS has the potential to affect many devices across multiple industries. |
|||
31.8.24 |
Fuzzing µCOS protocol stacks, Part 2: Handling multiple requests per test case |
This time, I’ll discuss why this approach is more challenging than simply substituting a socket file descriptor with a typical file descriptor. |
||
31.8.24 |
Fuzzing µC/OS protocol stacks, Part 3: TCP/IP server fuzzing, implementing a TAP driver |
This is the final post in the three-part series that details techniques I used to fuzz two µC/OS protocol stacks: µC/TCP-IP and µC/HTTP-server. |
||
31.8.24 |
It’s not unusual for a threat actor to exaggerate the extent of a hack or breach to drum up interest, and hopefully, the eventual purchase or ransom price. |
|||
31.8.24 |
Stealing cash using NFC relay – Week in Security with Tony Anscombe |
The discovery of the NGate malware by ESET Research is another example of how sophisticated Android threats have become |
||
31.8.24 |
Analysis of two arbitrary code execution vulnerabilities affecting WPS Office |
|||
31.8.24 |
||||
31.8.24 |
Exploring Android threats and ways to mitigate them | Unlocked 403 cybersecurity podcast (ep. 5) |
|||
24.8.24 |
How Trend Micro Managed Detection and Response Pressed Pause on a Play Ransomware Attack |
Using the Trend Micro Vision One platform, our MDR team was able to quickly identify and contain a Play ransomware intrusion attempt. |
||
24.8.24 |
Enterprises have gone all-in on GenAI, but the more they depend on AI models, the more risks they face. Trend Vision One™ – Zero Trust Secure Access (ZTSA) – AI Service Access bridges the gap between access control and GenAI services to protect the user journey. |
|||
24.8.24 |
Explore how generative AI is transforming cybersecurity and enterprise resilience |
|||
24.8.24 |
This is the first blog in a series on Rogue AI. Later articles will include technical guidance, case studies and more. |
|||
24.8.24 |
The SonicWall Capture Labs threat research team became aware of an account takeover vulnerability in Cisco’s Smart Software Manager (SSM), assessed its impact and developed mitigation measures for the vulnerability. |
|||
24.8.24 |
Understanding CVE-2024-38063: How SonicWall Prevents Exploitation |
CVE-2024-38063 is a critical remote code execution vulnerability in Windows systems with the IPv6 stack, carrying a CVSS score of 9.8. This zero-click, wormable flaw allows attackers to execute arbitrary code remotely via specially crafted IPv6 packets, potentially leading to full system compromise. |
||
24.8.24 |
MoonPeak malware from North Korean actors unveils new details on attacker infrastructure |
Cisco Talos has uncovered a new remote access trojan (RAT) family we are calling “MoonPeak.” This a XenoRAT-based malware, which is under active development by a North Korean nexus cluster we are calling “UAT-5394.” |
||
24.8.24 |
How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions |
An adversary could exploit these vulnerabilities by injecting malicious libraries into Microsoft's applications to gain their entitlements and user-granted permissions. |
||
24.8.24 |
PWA phishing on Android and iOS – Week in security with Tony Anscombe |
Phishing using PWAs? ESET Research's latest discovery might just ruin some users' assumptions about their preferred platform's security |
||
24.8.24 |
||||
24.8.24 |
How regulatory standards and cyber insurance inform each other |
|||
24.8.24 |
Be careful what you pwish for – Phishing in PWA applications |
ESET analysts dissect a novel phishing method tailored to Android and iOS users |
||
17.8.24 |
Mario movie malware might maliciously mess with your machine |
There are probably few among us who, never have they ever, downloaded questionable content. Whether it was a hit song in the Napster era or a Blockbuster movie you found on a “special” site online, you can probably think of at least one occasion when you got access to something from a, shall we say, less than reputable source. |
||
17.8.24 |
Microsoft’s 2024 Patch Tuesday has 87 vulnerabilities, 36 of which are Elevation of Privilege vulnerabilities. The SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of 2024 and has produced coverage for ten of the reported vulnerabilities |
|||
17.8.24 |
This post presents our research on a methodology we call BOLABuster, which uses large language models (LLMs) to detect broken object level authorization (BOLA) vulnerabilities. By automating BOLA detection at scale, we will show promising results in identifying these vulnerabilities in open-source projects. |
|||
17.8.24 |
Server-Side Template Injection: Transforming Web Applications from Assets to Liabilities |
Server-Side Template Injection (SSTI) vulnerabilities refer to weaknesses in web applications which attackers can exploit to inject malicious code into server-side templates. This allows them to execute arbitrary commands on the server, potentially leading to unauthorized data access, server compromise, or exploitation of additional vulnerabilities. |
||
17.8.24 |
Unmasking Styx Stealer: How a Hacker’s Slip Led to an Intelligence Treasure Trove |
Check Point Research (CPR) recently uncovered Styx Stealer, a new malware capable of stealing browser data, instant messenger sessions from Telegram and Discord, and cryptocurrency. Even though it only recently appeared, it has already been noticed in attacks, including those targeting our customers. |
||
17.8.24 |
Talos discovers 11 vulnerabilities between Microsoft, Adobe software disclosed on Patch Tuesday |
Eight of the vulnerabilities affect the license update feature for CLIPSP.SYS, a driver used to implement Client License System Policy on Windows 10 and 11. |
||
17.8.24 |
How a BEC scam cost a company $60 Million – Week in security with Tony Anscombe |
Business email compromise (BEC) has once again proven to be a costly issue, with a company losing $60 million in a wire transfer fraud scheme |
||
17.8.24 |
||||
17.8.24 |
||||
17.8.24 |
||||
10.8.24 |
60 Hurts per Second – How We Got Access to Enough Solar Power to Run the United States |
The electricity grid – the buzzing, crackling marvel that supplies the lifeblood of modernity - is by far the largest structure humanity ever built. It’s so big, in fact, that few people even notice it, like a fish can’t see the ocean. |
||
10.8.24 |
A Russian threat actor we track as Fighting Ursa advertised a car for sale as a lure to distribute HeadLace backdoor malware. The campaign likely targeted diplomats and began as early as March 2024. Fighting Ursa (aka APT28, Fancy Bear and Sofacy) has been associated with Russian military intelligence and classified as an advanced persistent threat (APT). |
|||
10.8.24 |
Unit 42 monitors ransomware and extortion leak sites closely to keep tabs on threat activity. We reviewed compromise announcements from 53 dedicated leak sites in the first half of 2024 and found 1,762 new posts. This averages to approximately 294 posts a month and almost 68 posts a week. Of the 53 ransomware groups whose leak sites we monitored, six of the groups accounted for more than half of the compromises observed. |
|||
10.8.24 |
Sustained Campaign Using Chinese Espionage Tools Targets Telcos |
Attackers were heavily focused on telecoms operators in a single Asian country. |
||
10.8.24 |
Cloud Cover: How Malicious Actors Are Leveraging Cloud Services |
In the past year, there has been a marked increase in the use of legitimate cloud services by attackers, including nation-state actors. |
||
10.8.24 |
A fake website seemingly distributing WinRar, a data compression, encryption, and archiving tool for Windows, has been seen also hosting malware. This fake website closely resembles the official website, uses typosquatting, and capitalizes on internet users who might incorrectly type the URL of this well-known archiving application. |
|||
10.8.24 |
SonicWall Discovers Second Critical Apache OFBiz Zero-Day Vulnerability |
The SonicWall Capture Labs threat research team has discovered a pre-authentication remote code execution vulnerability in Apache OFBiz being tracked as CVE-2024-38856 with a CVSS score of 9.8. This is the second major flaw SonicWall has discovered in Apache OFBiz in recent months, the first coming in December 2023. |
||
10.8.24 |
Protecting SmartPLC Devices from Critical Hardcoded Credential Vulnerability CVE-2024-28747 |
Protecting SmartPLC Devices from Critical Hardcoded Credential Vulnerability CVE-2024-28747 |
||
10.8.24 |
Protect Your Network: Mitigating the Latest Vulnerability (CVE-2024-5008) in Progress WhatsUp Gold |
The SonicWall Capture Labs threat research team became aware of an arbitrary file upload vulnerability in Progress WhatsUp Gold, assessed its impact and developed mitigation measures. WhatsUp Gold is a software that monitors every connected device in the network, providing visibility into the IT infrastructure. It also has the functionality to swiftly pinpoint and resolve issues in the infrastructure by utilizing its intuitive workflows and system integrations. |
||
10.8.24 |
This blog will share a tried and tested method for dealing with thousands of unknown functions in a given file to significantly decrease the time spent on analysis while improving accuracy. Once all theory is covered, an instance of the Golang based qBit stealer is analyzed with the demonstrated techniques to show what happens when the theory is put into practice. |
|||
10.8.24 |
Resilient Security Requires Mature Cyber Threat Intelligence Capabilities |
We recently had the opportunity to support an important industry effort to advance threat intelligence, led by our partners at Intel 471. Trellix, along with 25+ cyber leaders, launched a new maturity model for cyber threat intelligence (CTI). |
||
10.8.24 |
Black Hat USA 2024 recap – Week in security with Tony Anscombe |
Unsurprisingly, many discussions focused on the implications of the recent CrowdStrike outage, including the lessons it may have offered for bad actors |
||
10.8.24 |
||||
10.8.24 |
Black Hat USA 2024: How cyber insurance is shaping cybersecurity strategies |
|||
10.8.24 |
Why tech-savvy leadership is key to cyber insurance readiness |
|||
3.8.24 |
GeoServer RCE Vulnerability (CVE-2024-36401) Being Exploited In the Wild |
The SonicWall Capture Labs threat research team became aware of a remote code execution vulnerability in GeoServer, assessed its impact and developed mitigation measures. GeoServer is a community-driven project that allows users to share and edit geospatial data |
||
3.8.24 |
Protecting SmartPLC Devices from Critical Hardcoded Credential Vulnerability CVE-2024-28747 |
The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-28747, a vulnerability in SmartPLC devices, assessed its impact and developed mitigation measures for this vulnerability. |
||
3.8.24 |
Phishing campaign exploits Microsoft OneDrive users with sophisticated social engineering, manipulating them into executing a malicious PowerShell script. |
|||
3.8.24 |
ShadowPad, widely considered the successor of PlugX, is a modular remote access trojan (RAT) only seen sold to Chinese hacking groups. |
|||
3.8.24 |
In this first Deep Dive with NTDR, we explore how defenders can leverage Snort for the detection of evasive malware threats. |
|||
3.8.24 |
There is no real fix to the security issues recently found in GitHub and other similar software |
The lesson for users, especially if you’re a private company that primarily uses GitHub, is just to understand the inherent dangers of using open-source software. |
||
3.8.24 |
This year marks the 10th anniversary of Cisco Talos, as the Talos brand was officially launched in August 2014 at Black Hat. |
|||
3.8.24 |
A binary in Apple macOS could allow an adversary to execute an arbitrary binary that bypasses SIP. |
|||
3.8.24 |
AI and automation reducing breach costs – Week in security with Tony Anscombe |
Organizations that leveraged AI and automation in security prevention cut the cost of a data breach by US$2.22 million compared to those that didn't deploy these technologies, according to IBM |
||
3.8.24 |
The cyberthreat that drives businesses towards cyber risk insurance |
|||
3.8.24 |
||||
3.8.24 |
||||