Cyble – Page 4 – Cybersecurity News Everyday

WarzoneRAT Returns With Multi-Stage Attack Post FBI Seizure – Cyble

March 28, 2024March 28, 2024 Cyble

Key Takeaways In February, the FBI took down the WarzoneRAT malware operation, seizing its infrastructure and arrested two individuals linked to the cybercrime operation. Recently, Cyble Research and Intelligence Labs (CRIL) observed few samples of malware campaign possibly distributed via tax-themed spam emails, deploying WarzoneRAT (Avemaria) as the final payload. …

Threat Research

CGSI Probes: ShadowSyndicate Group’s Possible Exploitation of Aiohttp Vulnerability (CVE-2024-23334)

March 15, 2024March 28, 2024 Cyble

Executive Summary

In the last week of January 2024, a patch was released to address a vulnerability found in aiohttp. This security issue impacts aiohttp versions prior to 3.9.2. The security flaw (CVE-2024-23334) is a directory traversal vulnerability in aiohttp that allows unauthenticated, remote attackers to access sensitive information from arbitrary files on the server if exploited. …

Threat Research

Xehook Stealer: Evolution of Cinoshi’s Project Targeting Over 100 Cryptocurrencies and 2FA Extensions

March 12, 2024 Cyble

Key Takeaways

Xehook Stealer, discovered by CRIL in January 2024, is a .NET-based malware targeting Windows operating systems.

The Stealer boasts dynamic data collection capabilities from Chromium and Gecko-based browsers, supporting over 110 cryptocurrencies and 2FA extensions. It also includes an API for creating custom traffic bots and a feature for recovering dead Google cookies. …

Threat Research

The Spreading Wave of Pig-Butchering Scams in India

March 7, 2024March 28, 2024 Cyble

Key Takeaways

In India, there has been a noticeable surge in pig-butchering scam, specifically aimed at investors and propagated through counterfeit trading applications.

Counterfeit trading applications are being distributed via the Google Play Store and App Store, alongside phishing sites, as part of this fraudulent scheme. …

Threat Research

JetBrains TeamCity Authentication Bypass vulnerability under Active Exploitation

March 7, 2024March 28, 2024 Cyble

Publicly available exploits incite unwarranted chaos

Executive Summary

On March 4, 2024, JetBrains released a blog post detailing the security patch for TeamCity, which is a Continuous Integration and Continuous Delivery (CI/CD) server developed by JetBrains and plays a crucial role within organizations across the globe. …

Threat Research

SapphireStealer Sneaks In: Deceptive Legal Documents Prey on Russians

March 6, 2024 Cyble

Key Takeaways

Cyble Research and Intelligence Labs (CRIL) encountered an executable file obtained from a deceptive URL masquerading as a fake Russian government site, possibly distributed via spam emails.

The downloaded executable file is identified as SapphireStealer, disguised with a PDF icon, designed to deceive users into believing it is a PDF document. …

Author: Cyble

WarzoneRAT Returns With Multi-Stage Attack Post FBI Seizure – Cyble

CGSI Probes: ShadowSyndicate Group’s Possible Exploitation of Aiohttp Vulnerability (CVE-2024-23334)

Xehook Stealer: Evolution of Cinoshi’s Project Targeting Over 100 Cryptocurrencies and 2FA Extensions

The Spreading Wave of Pig-Butchering Scams in India

JetBrains TeamCity Authentication Bypass vulnerability under Active Exploitation

SapphireStealer Sneaks In: Deceptive Legal Documents Prey on Russians