Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
While responding to an incident at one of our clients, the PT ESC CSIRT team discovered a previously unknown backdoor written in Go, which we attributed to a cybercrime gang dubbed ExCobalt.
ExCobalt focuses on cyberespionage and includes several members active since at least 2016 and presumably once part of the notorious Cobalt gang. Cobalt attacked financial institutions to steal funds.…
Summary: This content discusses critical-rated flaws in VMware’s vCenter Server, which could potentially lead to remote code execution if exploited by a malicious actor.
Threat Actor: Unknown | Unknown Victim: VMware | VMware
Key Point :
VMware has identified two critical-rated flaws in its vCenter Server, which are heap-overflow vulnerabilities in the implementation of the DCE/RPC protocol.…The executables and the command constitute a component of the threat actor’s attempt to hijack SSH connections with the objective of acquiring SSH credentials. Analysis of the executables and their attempts is discussed later in this report.
Malware Leveraging Trusted Third Parties as C2 ChannelThe threat actor was observed deploying malware, including MOPSLED and RIFLESPINE, that leverages trusted third parties like GitHub and Google Drive as C2 channels while relying on the rootkits for persistence.…
Threat Actor: Unknown | Unknown Victim: Windows Vista and later devices | Windows Vista and later devices Price: $5,000 USD (negotiable) Exfiltrated Data Type: Not specified
Additional Information:
The threat actor is selling an exploit for CVE-2024-30078, a Remote Code Execution (RCE) vulnerability in the WiFi driver affecting all Windows Vista and later devices.…Summary: ASUS has addressed a critical remote authentication bypass vulnerability affecting seven router models, allowing a remote attacker to log into the device without authentication.
Threat Actor: N/A
Victim: ASUS
Key Point :
The vulnerability, tracked as CVE-2024-3080, impacts several ASUS router models, including ZenWiFi XT8, RT-AX57, RT-AC86U, and RT-AC68U.…Summary: Cybersecurity researchers have identified a Chinese threat actor, known as SecShow, that has been conducting Domain Name System (DNS) probing on a global scale since June 2023.
Threat Actor: SecShow | SecShow Victim: N/A
Key Point :
Cybersecurity researchers have discovered a Chinese threat actor, SecShow, conducting DNS probing on a global scale.…Summary: This article discusses a potential breach at AI company Hugging Face, where attackers may have gained unauthorized access to secrets stored in their Spaces platform.
Threat Actor: Unknown | Hugging Face Victim: Hugging Face | Hugging Face
Key Points:
Hugging Face disclosed a potential breach where attackers may have accessed secrets stored in their Spaces platform.…FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants.…
On May 7, 2024, Devcore Principal Security Researcher Orange Tsai discovered and reported a critical Remote Code Execution (RCE) vulnerability, CVE-2024-4577, to the PHP official team. This vulnerability stems from errors in character encoding conversions, particularly affecting the “Best Fit” feature on Windows operating systems. …
Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three known exploited vulnerabilities to its catalog, including an Android Pixel Privilege Escalation Vulnerability, a Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability, and a Progress Telerik Report Server Authentication Bypass by Spoofing Vulnerability.…
Summary: This content discusses the STR RAT, a remote access trojan (RAT) written in Java, its capabilities, and its history of updates.
Threat Actor: STR RAT | STR RAT Victim: Various targets | Various targets
Key Point :
STR RAT is a Java-based remote access trojan that grants full control to threat actors upon successful installation.…Summary: A proof-of-concept exploit has been released for a critical Veeam Recovery Orchestrator authentication bypass vulnerability, increasing the risk of exploitation in attacks.
Threat Actor: Sina Kheirkha | Sina Kheirkha Victim: Veeam Recovery Orchestrator | Veeam Recovery Orchestrator
Key Point :
A proof-of-concept exploit has been developed by security researcher Sina Kheirkha for the CVE-2024-29855 vulnerability in Veeam Recovery Orchestrator.…Summary: Google has released patches for 50 security vulnerabilities.
Threat Actor: None Victim: None
Key Point :
Google has released patches for 50 security vulnerabilities, including two zero-day flaws that were exploited by forensics companies against users with apps like Wasted and Sentry. The vulnerabilities were fixed on Pixels with the June update (Android 14 QPR3) and will be fixed on other Android devices when they eventually update to Android 15.…Devcore announced a critical remote code execution (RCE) vulnerability in PHP, designated CVE-2024-4577. This flaw affects all PHP versions from 5.x onward running on Windows servers, making it a significant concern due to PHP’s widespread use. This vulnerability stems from mishandling character encoding conversions, particularly affecting systems using certain code pages for languages like Chinese or Japanese.…
AhnLab SEcurity intelligence Center (ASEC) has identified the details of the Kimsuky threat group recently exploiting a vulnerability (CVE-2017-11882) in the equation editor included in MS Office (EQNEDT32.EXE) to distribute a keylogger. The threat actor distributed the keylogger by exploiting the vulnerability to run a page with an embedded malicious script with the mshta process.…
Note: Volexity has reported the activity described in this blog and details of the impacted systems to CERT at the National Informatics Centre (NIC) in India.
In 2024, Volexity identified a cyber-espionage campaign undertaken by a suspected Pakistan-based threat actor that Volexity currently tracks under the alias UTA0137.…
Summary: Fortinet has addressed multiple vulnerabilities in its FortiOS and other products, including stack-based buffer overflow flaws that can be exploited by an authenticated attacker to achieve code or command execution.
Threat Actor: Fortinet | Fortinet Victim: Users of Fortinet products | Fortinet
Key Point :
Fortinet has addressed multiple vulnerabilities in its FortiOS and other products, including stack-based buffer overflow flaws that can be exploited by an authenticated attacker to achieve code or command execution.…Summary: This content discusses Apple security updates and provides information about recent releases and vulnerabilities.
Threat Actor: None
Victim: None
Key Point :
Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases and vulnerabilities are listed on the Apple security releases page.…Summary: This content discusses a vulnerability in Rockwell Automation controllers that could compromise the availability of the device.
Threat Actor: N/A
Victim: Rockwell Automation
Key Point:
The vulnerability, known as Always-Incorrect Control Flow Implementation, affects several Rockwell Automation controllers including ControlLogix, GuardLogix, and CompactLogix. Exploiting this vulnerability could result in a major nonrecoverable fault (MNRF/Assert) and compromise the availability of the device.…Security teams spend a lot of time chasing software vulnerabilities. The fact is, however, that their time would be better spent combating malware because the payoff is better: faster detection, response, and resolution of threats.…