On July 1, 2024, a critical signal handler race condition vulnerability was disclosed in OpenSSH servers (sshd) on glibc-based Linux systems. This vulnerability, called RegreSSHion and tracked as …
Search Results for: unsafe
In March 2024, Zscaler ThreatLabz observed new activity from Kimsuky (aka APT43, Emerald Sleet, and Velvet Chollima), an advanced persistent threat actor backed by the North Korean government. This …
Prototype Pollution is a JavaScript vulnerability where it’s possible for an attacker to control unexpected variables in JavaScript, which on the client-side can lead …
This report was originally published for our customers on 2 May 2024.
As part of our critical vulnerabilities monitoring routine, Sekoia’s Threat & Detection Research (TDR) team deploys and supervises …
Summary: This content discusses a path traversal-affiliated vulnerability pattern found in multiple popular Android applications, which could lead to arbitrary code execution and token theft.
Threat Actor: Microsoft | Microsoft …
We continue covering the activities of the APT group ToddyCat. In our previous article, we described tools for collecting and exfiltrating files (LoFiSe and PcExter). This time, we have investigated …
Overview
The SonicWall Capture Labs threat research team became aware of a couple of remote code execution vulnerabilities in JumpServer, assessed their impact and developed mitigation measures. JumpServer is an …
The impact that AI has on society has steadily crept into the darkest nooks and crannies of the internet. So much so that cybercrooks are hitching free rides on the …
We are now in an era where AI and ML tools are thriving, with a new AI service popping up every week—from voice cloning apps to those perfecting digitalized art …
Written by World Watch team from CERT Orange Cyberdefense (Marine PICHON, Vincent HINDERER, Maël SARP and Ziad MASLAH) and Sekoia TDR team (Livia TIBIRNA, Amaury G. and Grégoire CLERMONT)
TL;DR…This post is also available in: 日本語 (Japanese)
Executive SummaryMuddled Libra stands at the intersection of devious social engineering and nimble technology adaptation. With an intimate knowledge of enterprise …
Background
A recent report by JFrog researchers found that some machine learning models on Hugging Face may be used to attack the user …
SonicWall Capture Labs Threat Research Team became aware of the ClamAV VirusEvent command injection vulnerability (CVE-2024-20328), assessed its impact, and developed mitigation measures for the vulnerability.
ClamAV is a notable, …
Recently, Check Point Research released a white paper titled “The Obvious, the Normal, and the Advanced: A Comprehensive Analysis of Outlook Attack Vectors”, detailing various attack vectors on Outlook …
This post is also available in: 日本語 (Japanese)
Executive SummaryUnit 42 researchers discovered a large-scale campaign we call ApateWeb that uses a network of over 130,000 domains to deliver …
Trustwave has observed a surge in attacks exploiting vulnerabilities in Apache ActiveMQ hosts. In certain cases, these host malicious Java Server Pages (JSP) web shells.…
By Oleg Zaytsev (Guardio Labs)
The Guardio Labs research team uncovered a critical zero-day vulnerability in the popular Opera …
In 2022, The DFIR Report observed an increase in the adversarial usage of Remote Management and Monitoring (RMM) tools. When compared to post-exploitation channels that heavily rely on terminals, such …
A new malvertising campaign is targeting corporate users who are downloading the popular web conferencing software Webex. Threat actors have bought an advert that impersonates Cisco’s brand and is displayed …
This report is provided “as is” for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained herein. …
LABRAT: Stealthy Cryptojacking and Proxyjacking Campaign Targeting GitLab | Sysdig
Show Table of Contents + Hide −
The Sysdig Threat Research Team (TRT) recently discovered a new, financially motivated operation, …
Since December 2022, the eSentire Threat Response Unit (TRU) has observed Aurora Stealer malware infections in the manufacturing industry. It’s distributed via fake Google Ads for Notepad++ installer. Aurora Stealer …
Have you signed up for ChatGPT yet? It’s quite possible, especially considering the new controversial language generator reached 1 billion users in March 2023. With that amount of interest, it’s …
On October 17, 2022, the Wordfence Threat Intelligence team began monitoring for activity targeting CVE-2022-42889, or “Text4Shell” on our network of 4 million websites. We started seeing activity targeting this …
Since the beginning of this year, Avast has protected more than 2,000 customers from this password stealer.
Avast researchers have found password stealer malware, disguised as a private Fortnite server, …
In December 2021, we observed an adversary exploiting the Microsoft Exchange ProxyShell vulnerabilities to gain initial access and execute code via multiple web shells. The overlap of activities and tasks …
TrickBot Bolsters Layered Defenses to Prevent Injection Research
Limor Kessem and Charlotte Hammond.
The cyber crime gang that operates the TrickBot Trojan, as well as other malware and ransomware attacks, …