|
January(137) February(207) March(430) April(317) May(278) June(204) |
i |
|
DATE |
NAME |
CATEGORY |
SUBCATE |
INFO |
|
30.6.24 | Unfurling Hemlock | GROUP | GROUP | Unfurling Hemlock: New threat group uses cluster bomb campaign to distribute malware |
|
30.6.24 | KADOKAWA | GROUP | GROUP | Service Outages on Multiple Websites of the KADOKAWA Gro |
| 28.6.24 | Unfurling Hemlock: Deploying malware cluster bomb for multi-malware infections | ALERTS | VIRUS | The threat actor known as Unfurling Hemlock has been identified employing a method called "malware cluster bomb" to infect target systems with multiple malwares simultaneously. |
| 28.6.24 | Latrodectus malware campaign: Phishing with Firebase URLs and remote access tactics | ALERTS | PHISHING | Latrodectus is a popular loader utilized by threat actors to download payloads and execute arbitrary commands. Phishing emails are the most common attack vector for distributing the Latrodectus malware. |
| 28.6.24 | Ransomware used as cover for suspected China-backed APT group ChamelGang activities | ALERTS | RANSOM | According to a recently published report, a suspected China-backed APT group named ChamelGang (aka CamoFei) has been disguising its cyberespionage operations by also incorporating ransomware. |
| 28.6.24 | Threat Actor UAC-0184 using XWorm RAT | ALERTS | VIRUS | Threat Actor group UAC-0184 has targeted Ukraine using a malware campaign to deliver a RAT known as XWorm. Using evasive techniques and through the use of Python-related files the XWorm malware compromises systems. |
| 28.6.24 | 0bj3ctivity infostealer targeting Italy | ALERTS | VIRUS | 0bj3ctivity is an infostealer variant first observed last year in campaigns targeting Italy. A new campaign delivering this malware yet again to Italian users has been reported by CERT-AGID. |
| 28.6.24 | Latest P2Pinfect malware variant spreads ransomware and coinminers | ALERTS | VIRUS | A new P2Pinfect variant has been reported to spread both ransomware and Monero coinminer payloads in recent campaigns. P2Pinfect is a Rust-based botnet leveraging peer-to-peer (P2P) communication as C&C mechanism. |
| 28.6.24 | CVE-2024-4358 & CVE-2024-1800 - vulnerabilities in Telerik Report Server | ALERTS | VULNEREBILITY | CVE-2024-4358 and CVE-2024-1800 are two recently disclosed vulnerabilities affecting the Telerik Report Server. |
| 28.6.24 | Threat actor Boolka compromising websites with BMANAGER malware | ALERTS | VIRUS | Threat actor Boolka has been carrying out opportunistic SQL inection attacks against websites. When unsuspecting visitors land on the infected site(s) the JS inserted into the site(s) collects and exfiltrates the users inputs and interactions (such as credentials and other personal information). |
| 28.6.24 | New Medusa Android malware variant | ALERTS | VIRUS | Medusa malware for Android, also known as Tanglebot, has re-emerged in a new distribution campaign. The activity has been reported to target various countries across the world including he United States, Canada, France, Italy, Spain, the United Kingdom, and Turkey. |
| 26.6.24 | New Medusa Android malware variant | ALERTS | VIRUS | Medusa malware for Android, also known as Tanglebot, has re-emerged in a new distribution campaign. The activity has been reported to target various countries across the world including he United States, Canada, France, Italy, Spain, the United Kingdom, and Turkey. |
| 26.6.24 | Unstable and Condi botnets abusing cloud services for malicious activities | ALERTS | VIRUS | As recently reported by researchers from Fortinet, Unstable and Condi botnets have been abusing various cloud services for storage and distribution of malware binaries as well as C2 communication purposes |
| 26.6.24 | CVE-2024-23692 - Rejetto HTTP File Server Server Side Template Injection vulnerability | ALERTS | VULNEREBILITY | CVE-2024-23692 is a recently disclosed critical template injection vulnerability affecting Rejetto HTTP File Server (HFS) version 2.3m. Rejetto HFS is a web-based file sharing solution allowing sending and receiving files over HTTP. |
| 26.6.24 | ClickFix: Exploiting social engineering via PowerShell for malware deployment | ALERTS | VIRUS | There is a growing cybersecurity trend where users are deceived into copying and pasting malicious PowerShell scripts into an administrative PowerShell terminal window, leading to malware installation. |
| 26.6.24 | Stego-Campaign exploiting documents to deploy Remcos RAT | ALERTS | VIRUS | A phishing email campaign utilizing a URL shortener in a Microsoft Word file attachment, exploiting the CVE-2017-0199 vulnerability, has been reported in the wild. The URL redirect enticed users to download a variant of Equation Editor malware in RTF format. |
| 26.6.24 | SpiceRAT malware | ALERTS | VIRUS | SpiceRAT is a new malware variant identified by Cisco Talos. The malware has been attributed to a threat actor known as SneakyChef that has been conducting malicious campaigns against governmental entities in EMEA. |
| 26.6.24 | SpyMax mobile malware targets Telegram users | ALERTS | VIRUS | A new variant of the Android malware SpyMax has been observed in recent campaigns targeting Telegram users. The malicious .apk binaries are spread via a website masqueraded as a legitimate Telegram app download portal. |
| 26.6.24 | ExCobalt cyber espionage campaign targets Russian organizations with GoRed backdoor | ALERTS | CAMPAIGN | A cyber espionage campaign targeting Russian organizations by the ExCobalt threat actor has been observed. This campaign specifically targets government entities and IT firms. |
| 26.6.24 | CVE-2024-29824 - SQL Injection Vulnerability in Ivanti Endpoint Manager | ALERTS | VULNEREBILITY | CVE-2024-29824 is a critical SQL Injection vulnerability in Core server of Ivanti Endpoint Manager, which is an enterprise endpoint management solution that allows for centralized management of devices within an organization. |
| 26.6.24 | PHANTOM#SPIKE campaign makes use of .chm files to deliver custom backdoors | ALERTS | CAMPAIGN | PHANTOM#SPIKE is a recent malicious campaign identified in the wild. The attackers leverage phishing lures with password protected .rar and .zip archives. |
| 26.6.24 | Red Mongoose Daemon malware | ALERTS | VIRUS | Red Mongoose Daemon is a new banking malware variant identified by researchers from Scitum. The malware has been observed in campaigns targeting banking users and organizations in Brazil. |
| 26.6.24 | Apache HTTP Server CVE-2021-41773 vulnerability under active exploitation | ALERTS | VULNEREBILITY | CVE-2021-41773 is a critical (CVSS score 7.5) path traversal and file disclosure vulnerability affecting Apache HTTP Server. If successfully exploited, this vulnerability enables unauthorized access of sensitive information. |
| 26.6.24 | Web Shell attack used for deployment of XMrig coinminer | ALERTS | CRYPTOCURRENCY | Web shell attacks are a common technique used by attackers to maintain persistence and remotely access web servers during cyberattacks. |
| 26.6.24 | Rafel RAT mobile malware | ALERTS | VIRUS | Rafel RAT is an open-source mobile malware observed in some recent campaigns targeting Android users. As reported by Checkpoint, the malware is a versatile tool that allows the attackers both data exfiltration as well as remote control over the infected device. |
| 26.6.24 | Satanstealer Infostealer | ALERTS | VIRUS | Satanstealer is a new open source infostealing malware shared on GitHub. |
| 26.6.24 | QR Code-Embedded PDFs exploit Financial Institutions via ONNX Store | ALERTS | EXPLOIT | A new phishing campaign involving embedded QR codes in PDF attachments has been reported. ONNX Store, a known Phishing-as-a-Service (PhaaS) platform, has been used to orchestrate this campaign targeting financial institutions. |
| 26.6.24 | SquidLoader - new loader in the threat landscape | ALERTS | VIRUS | A new loader malware dubbed SquidLoader has been reported as being active distributed via phishing campaigns targeting Chinese-speaking users. The malware employs various evasion and decoy techniques in order to stay under the radar and avoid detection. |
| 26.6.24 | Fake Employee evaluation reports from Human Resources (HR) appear in new phish run | ALERTS | PHISHING | Threat actors continue masquerading as members of Human resources (HR) department in efforts to spread a new wave of phish emails. |
| 26.6.24 | Telcos in Asian country targeted by Chinese espionage tools | ALERTS | CAMPAIGN | In a newly released report, Symantec’s Threat Hunter Team provide an analysis of activity observed impacting telecommunications operators in a specific Asian country. |
| 26.6.24 | TA571 slips malicious scripts on to user's clipboards | ALERTS | GROUP | TA571 has recently been observed utilizing malicious HTML files in malspam campaigns. These files, once opened, copy a malicious PowerShell script to the user's clipboard while displaying an image that states the attached document is broken, |
| 26.6.24 | Fickle Stealer | ALERTS | VIRUS | Fickle Stealer is a recently observed malware written in Rust. Attackers leverage multiple delivery methods in a multi-stage attack chain to distribute the payload. |
| 27.6.24 | ChamelGang | Group | Gang | ChamelGang & Friends | Cyberespionage Groups Attacking Critical Infrastructure with Ransomware |
| 26.6.24 | FIN9 | GROUP | APT | Inside the DEA Tool Hackers Allegedly Used to Extort Targets |
| 26.6.24 | ExCobalt | GROUP | Cyber Gang | ExCobalt: GoRed, the hidden-tunnel technique |
| 20.6.24 | Sustained | CAMPAIGN | CAMPAIGN | Sustained Campaign Using Chinese Espionage Tools Targets Telcos |
| 19.6.24 | markopolo | CRYPTOCURRENCY | Scam | The Travels of “markopolo”: Self-Proclaimed Meeting Software Vortax Spreads Infostealers, Unveils Expansive Network of Malicious macOS Applications |
| 19.6.24 | AzzaSec Ransomware | ALERTS | RANSOM | AzzaSec is another run-of-the-mill ransomware variant found being distributed in the wild. The malware encrypts user files and appends .AzzaSec extension to them. The attackers behind this variant leave a ransom note demanding payment in Bitcoin for the file decryption. |
| 19.6.24 | New strain of Diamorphine Linux rootkit | ALERTS | VIRUS | A new variant of an open-source LKM (Loadable Kernel Module) rootkit dubbed Diamorphine has been found in the wild. |
| 19.6.24 | Malvertising Campaign Targets Users With Fake Software Installers | ALERTS | VIRUS | A malvertising campaign has been observed, enticing users to download masqueraded installers disguised as popular software such as Google Chrome and Microsoft Teams. |
| 19.6.24 | Hijack Loader and Vidar Stealer targeting Cisco Webex users | ALERTS | VIRUS | Malware campaigns affecting users in Latin America and the Asia Pacific regions have recently been reported. These campaigns target users of popular commercial software such as the Cisco Webex Meetings App, enticing them to download password-protected archive files containing trojanized software copies. |
| 19.6.24 | Rogue Raticate Malspam Campaign: Malicious PDFs Lead to NetSupport RAT | ALERTS | VIRUS | The cybercriminal group known as Rogue Raticate (aka RATicate) has been active for a few years now and is well-known for targeting enterprises using malicious emails and remote access trojans. This week another one of their campaigns was observed. |
| 19.6.24 | UNC3886 | GROUP | CAMPAIGN | Cloaked and Covert: Uncovering UNC3886 Espionage Operations |
| 19.6.24 | Void Arachne | CAMPAIGN | Malware | Behind the Great Wall: Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework |
| 19.6.24 | markopolo | CRYPTOCURRENCY | Scam | The Travels of “markopolo”: Self-Proclaimed Meeting Software Vortax Spreads Infostealers, Unveils Expansive Network of Malicious macOS Applications |
| 18.6.24 | PowerShell Self-Pwn | HACKING | PowerShell | Proofpoint researchers identified an increasingly popular technique leveraging unique social engineering to run PowerShell and install malware. |
| 18.6.24 | Vortax: MacOS Malware Campaign Unveiled | ALERTS | VIRUS | A recent malware campaign targeting macOS vulnerabilities to distribute infostealers has surfaced. The threat actor, identified as markopolo, is actively aiming at cryptocurrency users. |
| 18.6.24 | Cryptojacking campaign exploiting Docker engine vulnerabilities | ALERTS | CRYPTOCURRENCY | A new cryptojacking campaign targeting publicly exposed Docker Engine hosts has been observed. It is presumed to be associated with the threat actors behind the previously seen malware campaign dubbed Spinning YARN. The attack vector starts by scanning for open port 2375 and deploying an Alpine Linux container. |
| 18.6.24 | Rapax Ransomware | ALERTS | RANSOM | Rapax is a ransomware whose binaries have recently been submitted to a public malware analysis and detection platform. The ransom note found on compromised machines (instruction.txt) reveals that the author focuses solely on encrypting files rather than employing exfiltration and double-extortion tactics, demanding a ransom of 5,000 US dollars in Bitcoin for decryption. |
| 18.6.24 | Hijack Loader | MALWARE | Loader | Info Stealing Campaign Uses DLL Sideloading Through Legitimate Cisco Webex’s Binaries for Initial Execution and Defense Evasion |
| 18.6.24 | Spinning YARN | CAMPAIGN | Malware | Spinning YARN - A New Linux Malware Campaign Targets Docker, Apache Hadoop, Redis and Confluence |
| 18.6.24 | CVE-2024-37081 |
CVE |
Multiple VMware vCenter Server Flaws Allow Remote Code Execution | |
| 17.6.24 | COATHANGER | MALWARE | RAT | Ministry of Defence of the Netherlands uncovers COATHANGER,a stealthy Chinese FortiGate RAT |
| 17.6.24 | Limpopo ransomware targets ESXi servers | ALERTS | RANSOM | Limpopo is new ransomware variant targeting the vulnerable ESXi servers, as reported by Fortinet. |
| 17.6.24 | CVE-2024-28995 - SolarWinds Serv-U Directory Traversal vulnerability | ALERTS | VULNEREBILITY | CVE-2024-28995 is a recently disclosed Directory Traversal vulnerability affecting Serv-U managed file transfer (MFT) server solution. |
| 17.6.24 | Unfading Sea Haze | REPORT | REPORT | Deep Dive into the Unfading Sea Haze A technical look at a threat actor’s ever-evolving tools and tactics |
| 17.6.24 | Mass exploitation | PAPERS | PAPERS | The vulnerable edge of enterprise security |
| 17.6.24 | Velvet Ant | OPERATION | OPERATION | China-Nexus Threat Group ‘Velvet Ant’ Abuses F5 Load Balancers for Persistence |
| 17.6.24 | Unfading Sea Haze | OPERATION | OPERATION | Unfading Sea Haze: New Espionage Campaign in the South China Sea |
| 17.6.24 | CVE-2024-3079 |
CVE |
Certain models of ASUS routers have buffer overflow vulnerabilities, allowing remote attackers with administrative privileges to execute arbitrary commands on the device. | |
| 17.6.24 | CVE-2024-3080 |
CVE |
Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device. | |
| 17.6.24 | ARM 'TIKTAG' attack | PAPERS | PAPERS | TIKTAG: Breaking ARM’s Memory Tagging Extension with Speculative Executi |
| 17.6.24 | ARM 'TIKTAG' attack | ATTACK | ARM CPU | TIKTAG: Breaking ARM’s Memory Tagging Extension with Speculative Executi |
| 17.6.24 | BadSpace | MALWARE | Backdoor | Backdoor BadSpace delivered by high-ranking infected websites |
| 17.6.24 | NiceRAT | MALWARE | RAT | Botnet Installing NiceRAT Malware |
| 16.6.24 | Boelter Blue System Management 1.3 - SQL Injection | WebApps | PHP | |
| 16.6.24 | Rebar3 3.13.2 - Command Injection | WebApps | Multiple | |
| 16.6.24 | ZwiiCMS 12.2.04 - Remote Code Execution (Authenticated) | WebApps | PHP | |
| 16.6.24 | Zyxel IKE Packet Decoder - Unauthenticated Remote Code Execution (Metasploit) | Remote | Hardware | |
| 16.6.24 | WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS) (Authenticated) | WebApps | PHP | |
| 16.6.24 | PHP < 8.3.8 - Remote Code Execution (Unauthenticated) (Windows) | Exploit | WebApps | PHP |
| 16.6.24 | AEGON LIFE v1.0 Life Insurance Management System - SQL injection vulnerability. | WebApps | PHP | |
| 16.6.24 | AEGON LIFE v1.0 Life Insurance Management System - Unauthenticated Remote Code Execution (RCE) | WebApps | PHP | |
| 16.6.24 | XMB 1.9.12.06 - Stored XSS | Exploit | WebApps | PHP |
| 16.6.24 | Carbon Forum 5.9.0 - Stored XSS | WebApps | PHP | |
| 16.6.24 | AEGON LIFE v1.0 Life Insurance Management System - Stored cross-site scripting (XSS) | WebApps | PHP | |
| 15.6.24 | KoiLoader/KoiStealer infection | MALWARE TRAFFIC | MALWARE TRAFFIC | Zip files are password-protected. Of note, this site has a new password scheme. For the password, see the "about" page of this website. |
| 15.6.24 | Traffic example of a CVE-2024-4577 probe | MALWARE TRAFFIC | MALWARE TRAFFIC | Zip files are password-protected. Of note, this site has a new password scheme. For the password, see the "about" page of this website. |
| 15.6.24 | Malspam pushing OriginLogger (AgentTesla) | MALWARE TRAFFIC | MALWARE TRAFFIC | Zip files are password-protected. Of note, this site has a new password scheme. For the password, see the "about" page of this website. |
| 15.6.24 | Three days of server scans and probes | MALWARE TRAFFIC | MALWARE TRAFFIC | Zip files are password-protected. Of note, this site has a new password scheme. For the password, see the "about" page of this website. |
| 15.6.24 | DarkGate activity | MALWARE TRAFFIC | MALWARE TRAFFIC | Zip files are password-protected. Of note, this site has a new password scheme. For the password, see the "about" page of this website. |
| 15.6.24 | DISGOMOJI | MALWARE | Linux | DISGOMOJI Malware Used to Target Indian Government |
| 15.6.24 | Grandoreiro | MALWARE | Banking | Smishing Triad Is Targeting Pakistan To Defraud Banking Customers At Scale |
| 14.6.24 | CVE-2023-3938 |
CVE |
(CVSS score: 4.6) - An SQL injection flaw when displaying a QR code into the device's camera by passing a specially crafted request containing a quotation mark, thereby allowing an attacker to authenticate as any user in the database | |
| 14.6.24 | CVE-2023-3939 |
CVE |
(CVSS score: 10.0) - A set of command injection flaws that allows for execution of arbitrary OS commands with root privileges | |
| 14.6.24 | CVE-2023-3940 |
CVE |
(CVSS score: 7.5) - A set of arbitrary file read flaws that allows an attacker to bypass security checks and access any file on the system, including sensitive user data and system settings | |
| 14.6.24 | CVE-2023-3941 |
CVE |
(CVSS score: 10.0) - A set of arbitrary file write flaws that allows an attacker to write any file on the system with root privileges, including altering the user database to add rogue users | |
| 14.6.24 | CVE-2023-3942 |
CVE |
(CVSS score: 7.5) - A set of SQL injection flaws that allows an attacker to inject malicious SQL code and perform unauthorized database operations and siphon sensitive data | |
| 14.6.24 | CVE-2023-3943 |
CVE |
(CVSS score: 10.0) - A set of stack-based buffer overflow flaws that allows an attacker to execute arbitrary code | |
| 14.6.24 | UNC4899 | GROUP | GROUP | Insights on Cyber Threats Targeting Users and Enterprises in Brazil |
| 14.6.24 | Sleepy Pickle Part 2 | HACKING | ML | Exploiting ML models with pickle file attacks: Part 2 |
| 14.6.24 | Sleepy Pickle Part 1 | HACKING | ML | Exploiting ML models with pickle file attacks: Part 1 |
| 14.6.24 | Arid Viper | APT | APT | Arid Viper poisons Android apps with AridSpy |
| 14.6.24 | Arid Viper | APT | APT | Arid Viper | APT’s Nest of SpyC23 Malware Continues to Target Android Devices |
| 14.6.24 | Celestial Force | OPERATION | OPERATION | Operation Celestial Force employs mobile and desktop malware to target Indian entities |
| 14.6.24 | Script RAT | MALWARE | RAT | In Bad Company: JScript RAT and CobaltStrike |
| 14.6.24 | SSLoad Malware | MALWARE | Loader | Dissecting SSLoad Malware: A Comprehensive Technical Analysis |
| 14.6.24 | CVE-2024-32896 |
CVE |
there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |
| 14.6.24 | OPIX Ransomware | ALERTS | RANSOM | OPIX is a newly discovered ransomware variant typically spread through social engineering tactics such as phishing emails and drive-by downloads. The malware modifies user files by encrypting them with a random character string and appending a ".OPIX" extension. For example, a file called "test.txt" becomes something like "B532D3Q9.OPIX". |
| 14.6.24 | Malspam Campaign Delivering Koi Loader/Koi Stealer | ALERTS | Virus | In a recent malspam campaign attackers appear to have altered their tactics in order to avoid detection. Instead of the typical approach of sending direct emails with malicious links, in this case they began with benign emails discussing a random scenario. |
| 14.6.24 | El Dorado Ransomware: Increased Attacks | ALERTS | RANSOM | El Dorado is a double-extortion ransomware actor who has recently claimed multiple victims on their website. Once they gain access to a company, they search for machines with valuable data to exfiltrate and encrypt, appending .00000001 to encrypted files. |
| 14.6.24 | Operation Celestial Force | ALERTS | OPERATION | A new malicious campaign dubbed 'Operation Celestial Force' has been reported by the researchers from Cisco Talos. The campaign has been active since at least 2018 and targeting Indian organizations from the defense, government and technology sectors. |
| 14.6.24 | ALERTS | VULNEREBILITY | As part of June's patch Tuesday, Microsoft has patched a critical (CVSS score 9.8) Message Queuing (MSMQ) vulnerability CVE-2024-30080. By sending specially crafted malicious MSMQ packets to the vulnerable servers and thus exploiting the vulnerability, the attackers might achieve remote code execution and take over the unpatched server. | |
| 14.6.24 | CVE-2024-4701 - Netflix Genie job orchestration engine vulnerability | ALERTS | VULNEREBILITY | CVE-2024-4701 is a recently disclosed critical (CVSS score 9.9) path traversal vulnerability affecting Netflix' Genie job orchestration engine for big data applications. If successfully exploited the vulnerability might allow remote attackers arbitrary code execution within the vulnerable applications as well as sensitive information exposure. The vulnerability has been already patched in Genie OSS version 4.3.18. |
| 14.6.24 | CVE-2024-2194 - WP Statistics Plugin XSS vulnerability | ALERTS | VULNEREBILITY | CVE-2024-2194 is a recently disclosed stored cross-site scripting vulnerability affecting WP Statistics plugin for WordPress in versions up to 14.5. If successfully exploited the vulnerability might allow unauthenticated attackers to inject arbitrary web scripts in pages. |
| 13.6.24 | Noodle RAT | MALWARE | RAT | Noodle RAT: Reviewing the Backdoor Used by Chinese-Speaking Groups |
| 13.6.24 | DERO cryptojacking | CRYPTOCURRENCY | CRYPTOCURRENCY | Pause off my cluster: DERO cryptojacking takes a new shape |
| 13.6.24 | Black Basta | RANSOMWARE | RANSOMWARE | Ransomware Attackers May Have Used Privilege Escalation Vulnerability as Zero-day |
| 13.6.24 | CVE-2024-26169 |
CVE |
Windows Error Reporting Service Elevation of Privilege Vulnerability | |
| 13.6.24 | WARMCOOKIE | MALWARE | Backdoor | Dipping into Danger: The WARMCOOKIE backdoor |
| 13.6.24 | Noodle RAT malware supports both Windows and Linux deployments | ALERTS | Virus | Noodle RAT is a malware variant recently identified by researchers from Trend Micro. This RAT has been reported as being used in targeted campaigns in the Asia-Pacific region. Noodle RAT is a modular malware with relatively straightforward capabilities and displays several code overlaps with Gh0st RAT and Rekoobe malware families. |
| 13.6.24 | Adwind (aka jRAT) distributed in recent campaigns targeting users in Italy | ALERTS | Virus | Adwind malware (also known as jRAT or njRAT) has been observed in recent campaigns targeting users in Italy. The attack chain includes malspam emails containing .zip attachments. Upon extraction the user is served with .HTML files such as INVOICE.html or DOCUMENT.html that lead to malicious .jar files. |
| 13.6.24 | WarmCookie backdoor | ALERTS | Virus | WarmCookie is a new backdoor variant distributed in phishing campaigns advertising fake job offers. The attack chain leverages malicious JS scripts executing PowerShell commands that in turn lead to the download of WarmCookie DLL payloads. The attackers abuse the Background Intelligent Transfer Service (BITS) to download the malicious payloads. |
| 13.6.24 | Black Basta attackers leveraging CVE-2024-26169 vulnerability as a Zero-day | ALERTS | Virus | In a newly released report, Symantec’s Threat Hunter Team reviewed evidence that suggests that attackers linked to Black Basta ransomware compiled CVE-2024-26169 exploit prior to patching. The vulnerability CVE-2024-26169 is a Windows Error Reporting Service exploit that can permit an attacker to elevate their privileges. |
| 13.6.24 | Malware campaign unveils new ValleyRAT variant | ALERTS | Virus | A malware campaign has been observed delivering a newer version of ValleyRAT as the final payload. The attack vector involves a downloader with an injected shellcode that dynamically resolves APIs and establishes a connection with the C2 server to download the next stage malware. |
| 12.6.24 | Remcos RAT delivered via UUEncoding (UUE) File | ALERTS | Virus | A recent phishing campaign spreading Remcos RAT employs themed documents related to shipping or quotations. The attack commences with a UUE-encoded VBS script, leading to the another obfuscated VBS script upon decoding. This script facilitates the saving and execution of a PowerShell script, which in turn connects to a link to download an additional obfuscated PowerShell script. The purpose of this obfuscation chain is to evade detection. |
| 12.6.24 | Protection Highlight: Phishers Ramp Up Exploitation of Telegram Bot API | ALERTS | PHISHING | Over the past few months, more and more phishing actors via malicious HTML have been following in the footsteps of Infostealers and RATs, and are now also abusing the Telegram Bot API to harvest users' credentials and other sensitive information such as credit cards details. |
| 12.6.24 | TellYouThePass ransomware exploiting CVE-2024-4577 Argument Injection Vulnerability in PHP | ALERTS | VULNEREBILITY | CVE-2024-4577 - is a high-severity (CVSS: 9.8) argument injection vulnerability in PHP, which is a popular scripting tool. This vulnerability affects PHP when it runs in CGI mode. A successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary code on the vulnerable PHP server, leading to complete system compromise and deliver malware including ransomware. |
| 12.6.24 | Fog Ransomware | ALERTS | RANSOM | A new ransomware variant dubbed Fog has been recently distributed in the wild. The attackers behind this malware have been leveraging compromised VPN credentials to attack vulnerable networks of US organizations from the education and recreation sector. |
| 12.6.24 | AZStealer - a Python-based infostealer | ALERTS | Virus | AZStealer is a recently discovered Python-based infostealer variant. It has the functionality to steal a wide variety of information from the compromised endpoints including: data stored in browsers (cookies, history, bookmarks, passwords, saved credit card info and autofill data), Discord tokens, login sessions from miscellaneous applications including Steam, Uplay, Tiktok, Telegram, Twitch, Spotify, Reddit or Roblox. |
| 12.6.24 | Fireant APT targets Vietnamese entities with LNK file malware campaign | ALERTS | APT | A malware campaign conducted by the Fireant (also known as Mustang Panda) APT group using Windows shortcut (LNK) files has been reported. The threat actor targets Vietnamese entities with lures related to the education sector and tax compliance. The attack vector involves phishing emails with archive (zip, rar) attachments containing malicious LNK files. The final payload is believed to be the PlugX RAT, which helps the attackers to remotely execute various commands on the compromised system. |
| 12.6.24 | Beware of malicious Python packages on PyPI repository | ALERTS | Virus | Numerous malicious Python packages have been observed on the Python Package Index (PyPI) repository, aimed at exploiting typosquatting to target users of legitimate packages. For instance one such package, 'crytic-compilers', masquerades as the legitimate library 'crytic-compile' and is designed to distribute the Lumma stealer. Similarly, another malicious PyPI package, 'pytoileur', is capable of downloading and installing trojanized Windows binaries for purposes such as surveillance, persistence, and crypto theft. |
| 12.6.24 | DERO cryptojacking operation targeting Kubernetes infrastructure | CRYPTOCURRENCY | Dero, a cryptocurrency, offers better privacy, anonymity and faster rewards than Monero, and is often used in cryptojacking according to a March 2023 report. A recent report from a threat researcher discussed the cryptojacking campaign's evolution, where the attack vector involves exploiting an externally accessible Kubernetes API server with anonymous authentication enabled. | |
| 12.6.24 | CVE-2024-30082 |
CVE |
Win32k Elevation of Privilege Vulnerability | |
| 12.6.24 | CVE-2024-30085 |
CVE |
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | |
| 12.6.24 | CVE-2024-30086 |
CVE |
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | |
| 12.6.24 | CVE-2024-30078 |
CVE |
Windows Wi-Fi Driver Remote Code Execution Vulnerability | |
| 12.6.24 | CVE-2024-30103 |
CVE |
Microsoft Outlook Remote Code Execution Vulnerability | |
| 12.6.24 | CVE-2024-30080 |
CVE |
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability New | |
| 12.6.24 | CVE-2023-50868 |
CVE |
The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. | |
| 12.6.24 | DNS PROBING OPERATION | OPERATION | OPERATION | WHAT A SHOW! AN AMPLIFIED INTERNET SCALE DNS PROBING OPERATION |
| 12.6.24 | ValleyRAT | MALWARE | RAT | Technical Analysis of the Latest Variant of ValleyRAT |
| 11.6.24 | More_eggs | MALWARE | Backdoor | More_eggs Activity Persists Via Fake Job Applicant Lures |
| 11.6.24 | UNC5537 | GROUP | GROUP | UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion |
| 11.6.24 | CVE-2024-4610 |
CVE |
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0; Valhall GPU Kernel Driver: from r34p0 through r40p0. | |
| 11.6.24 | SSLoader malware using PhantomLoader | ALERTS | Virus | SSLoader malware uses PhantomLoader (an effective tool for deploying malware) to enhance its elusive and stealthy behavior. This malware infiltrates via phishing mail campaigns, performs reconnaissance while evading detection, and exfiltrates data back to threat actors while delivering payloads through various techniques. |
| 11.6.24 | Yet another JScript RAT spreads via phishing campaign | ALERTS | Virus | It is generally known that JScript-based RATs are often spread via phishing campaigns, and a recent attack was spotted using the same technique as former runs where an initial loader script connects to a C&C server triggering the transmission of a new malicious script, known as the second stage loader. This loader then fetches a JScript RAT component from the server, enabling persistent operation and execution of commands received from the server. |
| 11.6.24 | Abusing Google Ads to distribute backdoor malware masquerading as Advanced IP Scanner | ALERTS | Virus | A malicious backdoor malware, masquerading as an Advanced IP Scanner, has been observed in the wild. Advanced IP Scanner is a free network scanner for Windows, primarily used by IT administrators to analyze local area networks (LANs) and gather information about connected devices. |
| 11.6.24 | New Grandoreiro banking trojan campaign masquerading as government entities through spear-phishing | ALERTS | Virus | A new campaign involving the Grandoreiro banking trojan has been observed in the wild. The threat actors are leveraging spear-phishing emails masquerading as correspondence from government entities to lure recipients into downloading ZIP files infected with malware. |
| 11.6.24 | Agent Tesla sending malicious XLA files | ALERTS | Virus | Agent Tesla, an infostealing .Net based RAT, has recently been observed sending Spanish language malspam with attached XLA files. These files are crafted to take advantage of multiple old vulnerabilities in Office documents (CVE-2017-11882 and CVE-2017-0199) which causes Excel to automatically download and open remotely stored malicious RTF and JS files, which eventually leads to an Agent Tesla infection. |
| 10.6.24 | Fake 'KMSPico Activator Tool' Utilized to Deliver Vidar InfoStealer | ALERTS | GROUP | Researchers recently identified another drive-by download campaign, wherein users are deceived into downloading a malware-laden application named 'KMSPico activator tool.' This tool, is marketed as a "universal activator" for Windows, but no longer maintained. |
| 10.6.24 | Sticky Werewolf | GROUP | GROUP | Howling at the Inbox: Sticky Werewolf's Latest Malicious Aviation Attacks |
| 9.6.24 | CVE-2024-4577 |
CVE |
CVE-2024-4577: Proof of Concept Available for PHP-CGI Argument Injection Vulnerability | |
| 8.6.24 | Sticky Werewolf APT | ALERTS | APT | Sticky Werewolf is a threat group initially discovered over a year ago. The attackers have been known to target various organizations, most recently the pharmaceutical and aviation sectors. In their attacks the threat actors leverage malicious .lnk files disguised as .docx documents, decoy .pdf files, malicious Batch and AutoIT scripts, among others. |
| 8.6.24 | Seidr Stealer | ALERTS | Virus | Seidr is another recent infostealer variant found in the wild and sold via illicit marketplaces. The malware is C++ based with modular architecture. Functionality-wise Seidr steals various information from the compromised endpoints including, OS-related information, data collected from system browsers via keylogging, cryptocurrency wallets etc. |
| 8.6.24 | DORRA Ransomware | ALERTS | RANSOM | DORRA is a recently found ransomware variant from the Makop malware family. The malware encrypts user files, appending the ".DORRA" extension, a unique ID and the developer's email address to them. The ransomware drops a ransom note as a text file called "README-WARNING.txt" where the victims are asked to contact the attackers via provided email for further instructions regarding the data decryption. |
| 8.6.24 | Apache RocketMQ targeted in Muhstik botnet campaign | ALERTS | BOTNET | A recent campaign targeting Apache RocketMQ platforms, exploiting a known vulnerability (CVE-2023-33246) for remote code execution, has been observed. As part of the campaign, threat actors are deploying the Muhstik botnet, known for denial-of-service (DDoS) attacks. Muhstik provides persistence, evades detection, performs lateral movement, and communicates through an IRC command-and-control server. The malware can be used for cryptocurrency mining and launching distributed denial-of-service attacks. |
| 8.6.24 | Enhanced version of Vidar Stealer emerges | ALERTS | Virus | An updated version of the Vidar Stealer has been observed in the wild. This customizable malware is being sold on the dark web and Telegram channels as malware-as-a-service, leveraging social media platforms as part of its command-and-control infrastructure, and collaborating with other malware strains such as STOP/Djvu ransomware and SmokeLoader backdoor. |
| 8.6.24 | CashRansomware - a new arrival to the threat landscape | ALERTS | RANSOM | CashRansomware (aka CashCrypt) is a newly identified Ransomware‑as‑a‑Service (RaaS) variant. As reported by researchers from Tehtris, the malware appears to be still in active development. CashRansomware is C#-based malware that leverages time‑stomping techniques to detect its execution within a sandbox or a virtualized environment. |
| 8.6.24 | UNC1151 APT targets the Ukrainian Ministry of Defence with malicious Excel campaign | ALERTS | APT | The UNC1151 APT group has been observed conducting a malware campaign utilizing a malicious Excel document. This group is known for targeting Eastern European countries. In the recent campaign, UNC1151 has been observed targeting the Ukrainian Ministry of Defence, utilizing a malicious Excel document as a lure. |
| 7.6.24 | appRain CMF 4.0.5 - Remote Code Execution (RCE) (Authenticated) | WebApps | PHP | |
| 7.6.24 | CMSimple 5.15 - Remote Code Execution (RCE) (Authenticated) | WebApps | PHP | |
| 7.6.24 | WBCE CMS v1.6.2 - Remote Code Execution (RCE) | WebApps | PHP | |
| 7.6.24 | Monstra CMS 3.0.4 - Remote Code Execution (RCE) | WebApps | PHP | |
| 7.6.24 | Dotclear 2.29 - Remote Code Execution (RCE) | WebApps | PHP | |
| 7.6.24 | Serendipity 2.5.0 - Remote Code Execution (RCE) | Exploit | WebApps | PHP |
| 7.6.24 | Sitefinity 15.0 - Cross-Site Scripting (XSS) | WebApps | Multiple | |
|
7.6.24 |
REPORT |
Veeam’s goal is to relentlessly advance data and cyber resilience to keep your business running. |
||
|
7.6.24 |
CAMPAIGN |
Renewed Info Stealer Campaign Targets Ukrainian Military |
||
|
7.6.24 |
Stealer |
SPECTR Malware Targets Ukraine Defense Forces in SickSync Campaign |
||
|
7.6.24 |
GROUP |
Ghostwriter is referred as an 'activity set', with various incidents tied together by overlapping behavioral characteristics and personas, rather than as an actor or group in itself. |
||
|
7.6.24 |
Cryptojacking |
Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers |
||
|
7.6.24 |
Trojan |
Muhstik Malware Targets Message Queuing Services Applications |
||
|
6.6.24 |
App |
BoxedApp products are general packers built on top of its SDK, which provides the ability to create Virtual Storage (Virtual File System, Virtual Registry), Virtual Processes, and a universal instrumentation system (WIN/NT API hooking). |
||
|
6.6.24 |
Stealer |
Russia-linked 'Lumma' crypto stealer now targets Python devs |
||
|
6.6.24 |
CVE-2024-32113 - Path Traversal vulnerability in Apache OFBiz | ALERTS | VULNEREBILITY | CVE-2024-32113 is a recently disclosed path traversal vulnerability affecting Apache OFBiz, which is an open source enterprise resource planning (ERP) system. If successfully exploited the vulnerability might lead to remote code execution in the context of the affected service account. The vulnerability has been patched in Apache OFBiz product version 18.12.13 or above. |
|
6.6.24 |
Rising trend of exploiting Packer apps in targeted attacks | ALERTS | Virus | An increasing trend of abusing Packer apps as a technique to deploy malware payloads has been observed in the wild. Numerous known malware families, primarily related to RATs and stealers, have been exploiting commercial Packer apps, targeting financial institutions and government organizations. BoxedApp packer is one such utility that offers features like virtual storage, virtual processes, and a virtual registry, making it harder for endpoint protection systems to detect or analyze malware. |
|
6.6.24 |
The rise of Kiteshield packer in the ever-evolving landscape of Linux malware | ALERTS | Virus | Threat actors are constantly seeking out new tactics and platforms to evade detection and carry out their espionage activities. Most recently, an increasing trend in targeting the Linux platform has been observed, resulting in a surge of Linux malware. Threat actors are leveraging the Kiteshield packer to evade detection on Linux platforms. |
|
6.6.24 |
CoinMiner's Proxy Server Suffers Unlucky Ransomware Attack | ALERTS | RANSOM | Reports have described what seems to be an accidental cyber threat activity where a CoinMiner's proxy server was exposed to the Internet and became the target of a ransomware threat actor's RDP scan attack. This kind of practice, if it becomes more common, may complicate threat analysis as it blurs the lines between different attack groups and their intentions. |
|
6.6.24 |
SenSayQ: Emerging Ransomware Group | ALERTS | RANSOM | SenSayQ is an emerging ransomware actor who has recently been observed in the threat landscape. At this time, their modus operandi remains shrouded, but they employ double-extortion tactics, exfiltrating data from companies' environments and encrypting their files. This group uses a Lockbit variant to conduct encryption and it drops ransom notes in most folders ([randomID].README.txt) whose content starts with "---Welcome! Your are locked by SenSayQ!---". Similar to other ransomware actors, victims are pressured to make contact within 72 hours or else their stolen data will be published on the attacker’s website. |
|
6.6.24 |
New Linux variant of the TargetCompany ransomware | ALERTS | RANSOM | A new Linux variant belonging to the TargetRansomware (aka Mallox) malware family has been found in the wild. As called out in the recent report published by Trend Micro, the threat group leveraging this latest Linux variant is actively conducting attacks against ESXi environments. The attackers are also using a custom shell script for the purpose of payload delivery and victim's information exfiltration. The malware encrypts user data and appends .locked extension to the encrypted files. Upon completed encryption a ransom note in form of a text file called "HOW TO DECRYPT.txt" is dropped onto the victim's machine. |
|
6.6.24 |
Updated Cuckoo malware variant spotted in the wild | ALERTS | Virus | Cuckoo is an infostealing macOS malware initially discovered earlier this year. A new variant of it has just recently been observed in the wild. This variant has been distributed via a fake Homebrew macOS package manager website. The malware has the usual infostealing features allowing it to steal confidential information, credentials, browser cookies, cryptocurrency wallets and exfiltrate the collected data to C2 servers controlled by the attackers. The new Cuckoo variant has also added some VM environment detection capabilities. |
|
6.6.24 |
RansomHub Ransomware | ALERTS | RANSOM | In a newly released report, Symantec’s Threat Hunter Team provide an analysis of the highly active RansomHub ransomware and its similarity to the now defunct Knight ransomware. Analysis indicates that the developers of RansomHub are different from those that developed Knight, but based on a significant overlap of code, it's assumed the RansomHub developers likely purchased Knight source code which was offered for sale in early 2024. As with others, RansomHub attacks involve vulnerability exploitation and dual-use tools to aid in distribution. |
|
6.6.24 |
DarkCrystal RAT Delivered via Signal Messenger | ALERTS | Virus | The messaging application 'Signal' is famous among the military and is currently being exploited to deliver DarkCrystal RAT malware to government officials, military personnel, and representatives of defense enterprises in Ukraine. The infection chain begins when the victim receives a message with an archive, password, and instructions to open it. Inside the archive is an executable file (".pif" or ".exe"), which is a RARSFX archive containing a VBE file, a BAT file, and an EXE file. Running these files infects the computer with DarkCrystal RAT malware, granting attackers unauthorized access. |
|
6.6.24 |
Cobalt Strike campaign targets Ukraine using malicious Excel files | ALERTS | CAMPAIGN | A new campaign targeting Ukraine with Cobalt Strike payloads has been observed by researchers from Fortinet. The attackers leverage a multi-staged approach while delivering Excel files containing malicious VBA macros, as well as DLL downloaders and injectors in later attack stages. The Cobalt Strike payloads allow the attackers to establish communication with command and control (C2) servers and execute arbitrary commands. |
|
6.6.24 |
Android Spyware Targets Brazilian Mobile Users in Nubank Masquerade | ALERTS | Virus | Nubank, a leading digital bank in Latin America known for its no-fee credit card and mobile banking services, has been one of the latest financial companies to have its brand abused in social engineering schemes aimed at luring mobile users in Brazil. An actor has fabricated malicious Android applications (Nubank.apk) to appear related to Nubank. These applications are likely being distributed via malicious SMS or other social platforms. If a user is successfully lured and installs the fake Nubank app on their mobile device, they will end up with a well-known remote access trojan known as SpyNote. |
|
6.6.24 |
CVE-2024-24919 - Check Point Security Gateway Information Disclosure Vulnerability | ALERTS | VULNEREBILITY | CVE-2024-24919 is an information disclosure vulnerability in Check Point Security Gateway. Check Point Security Gateway is an integrated software solution that connects corporate networks, branch offices, and business partners via a secure channel. Successful exploitation of this vulnerability may allow an attacker to access certain information on internet-connected Gateways, which have been configured with IPSec VPN, remote access VPN, or mobile access software blade. Symantec's network protection technology, Intrusion Prevention System (IPS), blocks these vulnerability exploitation attempts to prevent further infection/damage to the system. |
|
6.6.24 |
CVE-2024–27348 - Remote Code Execution vulnerability in Apache HugeGraph Server | ALERTS | VULNEREBILITY | Recently, a critical remote code execution (RCE) vulnerability has been discovered in Apache HugeGraph-Server, identified as CVE-2024-27348 (CVSS: 9.8). Apache HugeGraph-Server is an open-source graph database that provides a scalable and high-performance solution for managing and analyzing large-scale graph data. It is commonly used in Java8 and Java11 environments. The vulnerability affects versions 1.0.0 to 1.3.0 in Java8 and Java11. This vulnerability allows an attacker to execute arbitrary commands on the server. If successfully exploited, the impact of this vulnerability can be severe, as it can allow unauthorized access to attackers to gain full control over the server, data manipulation, and potential compromise of the entire system. Symantec's network protection technology, Intrusion Prevention System (IPS) blocks these vulnerability exploitation attempts to prevent further infection/damage to the system. |
|
6.6.24 |
Underground Ransomware Remains Active | ALERTS | RANSOM | Over the past year the Ransomware actor known as "Underground" has been less active than other groups, yet they remain in the threat landscape and continue to target industries of various size. They are known to generate a lengthy ransom note (!!READ_ME!!.txt) with detailed information that has been exfiltrated. Victims are provided with an ID and a password that allow them to connect with the ransomware group through a website on the TOR network. |
|
6.6.24 |
Botnet malware campaign distributing NiceRAT malware | ALERTS | Virus | A botnet malware campaign has been reported distributing the NiceRAT malware, disguising itself as Windows or Office genuine authentication tools or free game servers, through domestic file-sharing sites or blogs. NiceRAT is a Python-based open-source program with anti-debugging and anti-virtual machine capabilities. It collects system information, browser information, and cryptocurrency data from compromised systems and exfiltrates the collected data to threat actors' Discord channel, used as a Command and Control (C&C) server. |
|
6.6.24 |
LummaC2 Infostealer Delivered via a Recent ClearFake Campaign | ALERTS | Virus | ClearFake, a JavaScript framework, utilizes both drive-by-downloads and social engineering tactics, often in fake "browser update" campaigns. Recently, researchers uncovered a new strategy by ClearFake, where users are deceived into manually executing malicious code in PowerShell. This differs from previous tactics where users were typically lured into unwittingly downloading a malicious payload. The change aims to evade security measures and eventually install LummaC2 infostealer malware. |
|
6.6.24 |
Brazilian banking trojan CarnavalHeist | ALERTS | Virus | A recent campaign has seen Brazilian users being targeted by a banking Trojan dubbed CarnavalHeist. The infection chain begins with a financial themed mail through which the recipient is lured into downloading an invoice (named as "Nota Fiscal" which is Portuguese for invoice). The actual download is a malicious LNK file which leads to further downloads and executions of script components which are responsible for delivering the final malicious payload. Details regarding the campaign and suspected attacker information were made available in a newly published report by Cisco Talos. |
|
6.6.24 |
RedTail cryptomining malware exploiting PAN-OS vulnerability | ALERTS | CRYPTOCURRENCY | RedTail cryptocurrency mining malware has added PAN-OS vulnerability to its exploit arsenal. PAN-OS CVE-2024-3400 is a now patched vulnerability that allows an attacker to execute an arbitrary code file with root user privileges. Exploiting this PAN-OS vulnerability and executing the commands successfully can lead to the downloading of the RedTail payload. This malware employs advanced evasion and persistence techniques. RedTail has also used other propagation mechanisms involving other vulnerability exploits (such as CVE-2023-46805 and CVE-2024-21887). |
|
5.6.24 |
Operation Crimson Palace | OPERATION | OPERATION | Operation Crimson Palace: Sophos threat hunting unveils multiple clusters of Chinese state-sponsored activity targeting Southeast Asian government |
|
5.6.24 |
Excel File Deploys | HACKING | HACKING | FortiGuard Labs has recently identified a sophisticated cyberattack involving an Excel file embedded with a VBA macro designed to deploy a DLL file. |
|
5.6.24 |
RansomHub |
RANSOMWARE |
RansomHub: New Ransomware has Origins in Older Knight | |
|
5.6.24 |
CVE-2024-29972 |
CVE |
This command injection vulnerability in the CGI program “remote_help-cgi” in Zyxel NAS326 and NAS542 devices could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request. | |
|
5.6.24 |
CVE |
This command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 and NAS542 devices could allow an unauthenticated attacker to execute some OS commands by sending a crafted HTTP POST request. | ||
|
5.6.24 |
CVE |
This remote code execution vulnerability in the CGI program “file_upload-cgi” in Zyxel NAS326 and NAS542 devices could allow an unauthenticated attacker to execute arbitrary code by uploading a crafted configuration file to a vulnerable device. | ||
|
5.6.24 |
CVE |
This improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 and NAS542 devices could allow an authenticated local attacker with administrator privileges to execute some system commands as the “root” user on a vulnerable device. | ||
|
5.6.24 |
CVE |
This improper privilege management vulnerability in the command “show_allsessions” in Zyxel NAS326 and NAS542 devices could allow an authenticated attacker to obtain a logged-in administrator’s session information containing cookies on an affected device. | ||
|
5.6.24 |
Decoy Dog 2 | OPERATION | RAT | Hellhounds: operation Lahat |
|
5.6.24 |
Decoy Dog 1 | OPERATION | RAT | Hellhounds: operation Lahat |
|
5.6.24 |
CVE-2024-4358 |
CVE |
In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability. | |
|
5.6.24 |
DarkGate | Malware | RAT | During 2023, DarkGate made a comeback with a version full of new features, becoming one of the most preferred Remote Access Trojans (RATs) by malicious actors. |
|
5.6.24 |
CVE-2017-3506 |
CVE |
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2. | |
|
5.6.24 |
Sophisticated RAT | Malware | RAT | Sophisticated RAT Targeting Gulp Projects on npm |
|
3.6.24 |
IT threat evolution in Q1 2024. Mobile statistics | ANALÝZA | Malware | Mobile malware statistics for Q1 2024: most common threats for Android, mobile banking Trojans, and ransomware Trojans. |
| 3.6.24 | IT threat evolution Q1 2024 | ANALÝZA | Malware | Last June, we published a series of reports on Operation Triangulation, a previously unknown iOS malware platform distributed via zero-click iMessage exploits that allowed an attacker to browse and modify device files, get passwords and credentials stored in the keychain, retrieve geo-location information and execute additional modules that extended their control over compromised devices. |
|
3.6.24 |
IT threat evolution in Q1 2024. Non-mobile statistics | ANALÝZA | Malware | Kaspersky solutions blocked more than 658 million attacks from various online resources. |
|
3.6.24 |
Cox modems hack | HACKING | Hardware | Hacking Millions of Modems (and Investigating Who Hacked My Modem) |
| 3.6.24 | Andariel | GROUP | APT | Analysis of APT Attack Cases Using Dora RAT Against Korean Companies (Andariel Group) |
|
3.6.24 |
Lumma Stealer | Malware | Stealer | Fake Browser Updates delivering BitRAT and Lumma Stealer |
| 3.6.24 | BitRAT | Malware | RAT | Fake Browser Updates delivering BitRAT and Lumma Stealer |
|
1.6.24 |
Craft CMS Logs Plugin 3.0.3 - Path Traversal (Authenticated) | WebApps | PHP | |
|
1.6.24 |
ASUS ASMB8 iKVM 1.14.51 - Remote Code Execution (RCE) & SSH Access | Remote | Hardware | |
|
1.6.24 |
Wipro Holmes Orchestrator 20.4.1 - Log File Disclosure | Remote | Windows | |
|
1.6.24 |
FreePBX 16 - Remote Code Execution (RCE) (Authenticated) | WebApps | PHP | |
|
1.6.24 |
Akaunting 3.1.8 - Server-Side Template Injection (SSTI) | WebApps | PHP | |
|
1.6.24 |
Check Point Security Gateway - Information Disclosure (Unauthenticated) | Exploit | WebApps | Hardware |
|
1.6.24 |
Aquatronica Control System 5.1.6 - Information Disclosure | WebApps | Hardware | |
|
1.6.24 |
changedetection < 0.45.20 - Remote Code Execution (RCE) | WebApps | Multiple | |
|
1.6.24 |
ElkArte Forum 1.1.9 - Remote Code Execution (RCE) (Authenticated) | WebApps | PHP | |
|
1.6.24 |
iMLog < 1.307 - Persistent Cross Site Scripting (XSS) | Exploit | WebApps | PHP |
|
1.6.24 |
BWL Advanced FAQ Manager 2.0.3 - Authenticated SQL Injection | Exploit | WebApps | PHP |
|
1.6.24 |
Pumpkin Eclipse | HACKING | Hardware | Lumen Technologies’ Black Lotus Labs identified a destructive event, as over 600,000 small office/home office (SOHO) routers were taken offline belonging to a single internet service provider (ISP). |