Summary: The Atlassian June 2024 Security Bulletin addressed multiple high-severity vulnerabilities in their Confluence, Crucible, and Jira products.

Threat Actor: None identified.

Victim: Atlassian.

Key Point :

The Atlassian June 2024 Security Bulletin addressed nine high-severity vulnerabilities in Confluence, Crucible, and Jira products. The most severe vulnerability was an improper authorization dependency in Confluence Data Center and Server, which received a CVSS score of 8.2.…
Read More
Overview 

The SonicWall Capture Labs threat research team became aware of an exploited-in-the-wild information disclosure vulnerability affecting the Windows-based PHP servers used in CGI mode. Identified as CVE-2024-4577 and given a CVSSv3 score of 9.8, the vulnerability is more severe than it initially appears. Labeled as an argument injection vulnerability and categorized as CWE-78 – Improper Neutralization of Special Elements used in an OS Command – this vulnerability allows an attacker to read/modify/execute any file on the system, take control and compromise affected servers. …

Read More

Summary: Cyber espionage groups associated with China have been conducting a long-running campaign targeting telecom operators in an Asian country, infiltrating their networks and attempting to steal credentials.

Threat Actor: Chinese Cyber Espionage | Chinese Cyber Espionage Victim: Telecom operators in an Asian country | telecom operators in an Asian country

Key Point :

Cyber espionage groups associated with China have been conducting a long-running campaign targeting telecom operators in an Asian country.…
Read More

Summary: This content discusses the investigation into UNC3886, a suspected China-nexus cyberespionage group targeting strategic global organizations.

Threat Actor: UNC3886 | UNC3886 Victim: Strategic global organizations | strategic global organizations

Key Point :

UNC3886 demonstrated sophisticated and cautious approaches by employing multiple layers of persistence across network devices, hypervisors, and virtual machines to maintain long-term access.…
Read More

Summary: Chinese-speaking users are being targeted by a threat actor group called Void Arachne, which uses malicious VPN files to deliver a command-and-control framework called Winos 4.0. The campaign also promotes compromised files with deepfake pornography-generating software and AI voice and facial technologies.

Threat Actor: Void Arachne | Void Arachne Victim: Chinese-speaking users | Chinese-speaking users

Key Point :

The threat actor group Void Arachne targets Chinese-speaking users with malicious VPN files.…
Read More

I am @unixfreaxjp of MalwareMustDie team. This is the English translation of APT overall analysis I made in Japanese at my Japan security blog: “#OCJP-136: 「FHAPPI」 Geocities.jpとPoison Ivy(スパイウェア)のAPT事件”, it has been translated by my buddy, a professional hacker and translator, The “El” Kentaro (he did it very good so I will not change any words he translated).…

Read More

Summary: The Federal Trade Commission (FTC) has referred a complaint against TikTok to the Department of Justice (DOJ), citing violations of the law and public interest, following a compliance review of the app’s data practices.

Threat Actor: TikTok | TikTok Victim: Users of TikTok | TikTok

Key Point :

The FTC has referred a complaint against TikTok to the DOJ, alleging violations of the law and public interest.…
Read More

Summary: China’s cybersecurity experts have become dominant players in global capture-the-flag competitions, exploit contests, and bug bounty programs, and the Chinese government is using their expertise to strengthen the nation’s cyber-offensive capabilities.

Threat Actor: China | China Victim: N/A

Key Point :

China’s cybersecurity experts have evolved from hesitant participants to dominant players in global hacking competitions and bug bounty programs.…
Read More

Summary: A suspected China-nexus cyber espionage actor, known as Velvet Ant, has been attributed to a prolonged attack against an organization in East Asia, using legacy F5 BIG-IP appliances for defense evasion purposes.

Threat Actor: Velvet Ant | Velvet Ant Victim: Unnamed organization in East Asia | Unnamed organization in East Asia

Key Point :

The attack was carried out by a sophisticated and innovative threat actor, Velvet Ant, who collected sensitive information over a long period of time, focusing on customer and financial information.…
Read More

Victim: mgfsourcing.com Country : Actor: blackbasta Source: http://stniiomyjliimcgkvdszvgen3eaaoz55hreqqx6o77yvmpwt7gklffqd.onion/?id=mgfsourcing.com Discovered: 2024-06-17 12:12:38.219842 Published: 2024-06-17 12:12:37.493476 Description : MGF Sourcing is an independent US-led global sourcing company founded in 1970. We focus on US-based specialty apparel retailers and, with our strong track record in apparel sourcing and best-in-class technical capabilities, have developed a long-standing reputation as a reliable and trustworthy partner.…

Read More

Summary: This content discusses the increase in cyber threat activities driven by major regional and global events, such as elections and military exercises.

Threat Actor: China-linked threat groups | China-linked threat groups Victim: Global government sector | global government sector

Key Point :

China-linked threat groups, like Volt Typhoon, are responsible for 68.3% of all advanced persistent threat (APT) activities, with 23% of their activity targeting the global government sector.…
Read More

Summary: The notorious cybercriminal group Smishing Triad is targeting smartphone users in Pakistan with a large-scale smishing campaign aimed at stealing personal and financial information.

Threat Actor: Smishing Triad | Smishing Triad Victim: Smartphone users in Pakistan | Pakistan

Key Point :

The Smishing Triad, originating from China, has been targeting online banking, e-commerce, and payment systems in various regions, including the US, EU, UAE, KSA, and now Pakistan.…
Read More