The next Olympic Games hosted in Paris will take place from 26 July to 11 August 2024, while the Paralympic Games will be carried out from 28 August to 8 September 2024. The Olympic and Paralympic Games, which bring together all the nations around sport competitions every two years, is a showcase for States in front of the world.…
Resecurity has uncovered a cybercriminal group known as “GXC Team“, which specializes in crafting tools for online banking theft, ecommerce fraud, and internet scams. Around November 11th, 2023, the group’s leader, operating under the alias “googleXcoder“, made multiple announcements on the Dark Web.…
JANUARY 4th, 2024:
On 12/29/2023, version 0.66 of Spreadsheet::ParseExcel was published. This release fixes CVE-2023-7101.
https://metacpan.org/dist/Spreadsheet-ParseExcel/changes
For organizations utilizing Spreadsheet::ParseExcel in their own products or services, we recommend reviewing CVE-2023-7101 and upgrading to the latest version of Spreadsheet::ParseExcel.
DECEMBER 24th, 2023:
In our ongoing investigation, Barracuda has determined that a threat actor has utilized an Arbitrary Code Execution (ACE) vulnerability within a third party library, Spreadsheet::ParseExcel, to deploy a specially crafted Excel email attachment to target a limited number of ESG devices.…
The Black Lotus Labs team at Lumen Technologies is tracking a small office/home office (SOHO) router botnet that forms a covert data transfer network for advanced threat actors. We are calling this the KV-botnet, based upon artifacts in the malware left by the authors.…
In the vast world of cybersecurity, as technologies evolve, so do the methods attackers employ to compromise systems. One such intriguing method that recently surfaced is MySQL servers, leveraging SQL commands to stealthily infiltrate, deploy, and activate malicious payloads. Let’s delve deeper into the MySQL bot infection process and explore the intricacies of its operation.…
High
Analysis SummaryAPT37, also known as ScarCruft or Red Eyes, is a state-sponsored cyber espionage group originating from North Korea. The group has been active since at least 2012 and primarily targets victims in South Korea. However, it has also conducted operations against entities in other countries, including Japan, Vietnam, Russia, Nepal, China, India, Romania, Kuwait, and various parts of the Middle East.…
By Aleksandar Milenkoski, Bendik Hagen (PwC), and Microsoft Threat Intelligence
Executive Summary The Sandman APT is likely associated with suspected China-based threat clusters known to use the KEYPLUG backdoor, in particular a cluster jointly presented by PwC and Microsoft at Labscon 2023 – STORM-0866/Red Dev 40.…The Lab52 team has analysed a cyber campaign in which attackers deploy a new variant of the PlugX malware. Both the infection chain and the various artefacts used in the cyberattack share multiple similarities with the SmugX campaign, attributed to threat actors Red Delta and Mustang Panda, allegedly linked to the Chinese government.…
Earlier this year, we reported on a new variant of SystemBC called DroxiDat that was deployed against a critical infrastructure target in South Africa. This proxy-capable backdoor was deployed alongside Cobalt Strike beacons.…
Affected Platforms: Any OS running Apache Active MQ versions prior to 5.15.16, 5.16.7, 5.17.6, and 5.18.3Impacted Parties: Any organizationImpact: Remote attackers gain control of the vulnerable systemsSeverity Level: Critical
This past October, Apache issued a critical advisory addressing CVE-2023-46604, a vulnerability involving the deserialization of untrusted data in Apache.…
[Update] February 01, 2024: U.S. Government Actions Against Volt Typhoon
As cyber currents ebb and flow, a storm named Volt Typhoon surges from the digital depths. This isn’t your typical tempest from the sea but a state-sponsored maelstrom with a tendency for espionage. Volt Typhoon, believed to be backed by the Chinese government, stands out for its sophisticated tactics and high-profile targets.…
Authors: Shilpesh Trivedi and Nisarga C M
In April 2023, the cybersecurity community faced a significant challenge with the discovery of CVE-2023-38831, a vulnerability affecting versions of WinRAR prior to 6.23. This security flaw has become a critical concern due to its exploitation by various advanced persistent threat (APT) groups, who have used it to gain control of victim systems through deceptive methods.…
This post is also available in: 日本語 (Japanese)
Executive SummaryTensions between China and the Philippines have risen sharply over the past several months. In early August, a Chinese Coast Guard vessel fired its water cannon at a Philippine vessel that was performing a resupply mission to the disputed Second Thomas Shoal in the Spratly Islands.…
In this blog post, we delve into the notable trends shaping the cyber threat landscape over the past month. Hot topics this month revolve around the expanding use of generative AIs by cybercriminals, the ongoing surge of ransomware campaigns, and the latest developments in cyber warfare related to the Israel-Hamas war.…
AhnLab Security Emergency response Center (ASEC) observed the distribution of malicious shortcut (*.lnk) files impersonating a public organization. The threat actor seems to be distributing a malicious script (HTML) file disguised as a security email by attaching it to emails. These usually target individuals in the field of Korean reunification and national security.…
Author: NCSC Cyber Threat Analysis Team(NIS· ESTSecurity · SK shieldus · S2W · WINS)
Photo by Zhimai Zhang on Unsplash
1. OverviewNCSC Cyber Threat Analysis Team, including ‘National Intelligence Service’, ‘ESTsecurity’, ‘WINS’, ‘SK Shieldus’ has confirmed recent instances of Chinese media relations companies disguising news websites as outlets and disseminating content in Korea.…
The AhnLab Security Emergency response Center’s (ASEC) analysis team is constantly monitoring malware distributed to vulnerable database servers. MySQL server is one of the main database servers that provides the feature of managing large amounts of data in a corporate or user environment. Typically, in Windows environments, MS-SQL is primarily installed for database services, while in Linux environments, database services like MySQL and PostgreSQL are used.…
In 2022, NSFOCUS Research Labs revealed a large-scale APT attack campaign called DarkCasino and identified an active and dangerous aggressive threat actor. By continuously tracking and in-depth study of the attacker’s activities, NSFOCUS Research Labs has ruled out its link with known APT groups, confirmed its high-level persistent threat nature, and following the operational name, named this APT group DarkCasino.…
We analyzed a phishing campaign involving malicious emails containing a link to a file-sharing solution, which further leads to a PDF document with a secondary link designed to steal login info and session cookies.
We recently uncovered a phishing campaign involving threat actors sending socially engineered emails containing a link to DRACOON.team,…
Over the past five years, Chinese state-sponsored cyber operations have evolved into a more mature and coordinated threat, focusing on exploiting both known and zero-day vulnerabilities in public-facing security and network appliances. They have also placed a strong emphasis on operational security and anonymity, making it harder to detect their activities.…