Tag: DNS

Inside APT34 OilRig: Tools Techniques and Global Cyber Threats
APT34, a sophisticated Iranian cyber threat group, targets critical infrastructure in various sectors globally, particularly in the Middle East. The group employs advanced techniques and operates with support from state-sponsored entities, showcasing their adaptability and persistent threat. Affected: finance, energy, telecommunications, government, aviation, defense, education, oil and gas sectors

Keypoints :

APT34, also known as OilRig, has been active since 2012 and is believed to operate on behalf of the Iranian government.…
Read More
Hackers are hijacking WordPress sites to push Windows and Mac malware | TechCrunch
Summary: Hackers are exploiting outdated WordPress sites and plugins, altering thousands of websites to trick visitors into downloading malware for password and personal information theft. This ongoing campaign targets both Windows and Mac users, affecting popular sites across the internet. Security researchers have identified over 10,000 compromised websites and reported the incident to Automattic, the parent company of WordPress.…
Read More
Kubernetes CVE-2024-10220 Attack and Defense
A new vulnerability in the Kubernetes `gitRepo` volume, disclosed on November 22, 2024, allows attackers to execute arbitrary code and escalate privileges, leading to potential container escapes. By exploiting this flaw, an attacker can execute code as the root user on the Kubernetes node. The vulnerability leverages a specifically crafted Git repository and can be exploited via supply chain attacks or compromised cluster service accounts.…
Read More
Network traffic analysis: Koi Loader Stealer
This article discusses an analysis of network traffic captured during a Koi Loader/Koi Stealer malware incident. Utilizing tools such as TShark and Wireshark, the author examines the captured PCAP file to identify indicators of compromise (IoCs) and malicious traffic patterns. The findings reveal suspicious HTTP requests and notable file activities, suggesting the presence of advanced threats and potential data exfiltration.…
Read More
1Peering into Midnight Blizzard’s DNS Footprint
Thousands of individuals in public, academic, and defense sectors are being targeted by spear-phishing attacks from the threat group “Midnight Blizzard,” utilizing a new method involving signed RDP configuration files. Microsoft has identified numerous indicators of compromise (IoCs) linked to this activity. Affected: Microsoft, WhoisXML API

Keypoints :

Midnight Blizzard has been active for decades, now using signed RDP config files to access victims’ devices.…
Read More
A New Era in Cyber Defense: Unpacking the Impacts of Biden’s Cybersecurity Directive – ThreatMon
Summary: President Biden’s Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity aims to enhance the United States’ cybersecurity in response to increasing threats from nations like China, Russia, Iran, and North Korea. The order introduces stringent cybersecurity measures for federal entities and contractors while fostering innovation through advanced technologies.…
Read More
10,000 WordPress Websites Found Delivering MacOS and Microsoft Malware – c/side
This week’s discovery revealed over 10,000 compromised WordPress sites displaying deceptive Google browser update pages. The malware, targeting both Apple and Microsoft users, includes AMOS and SocGholish variants. The exploitation occurred through client-side attacks utilizing outdated WordPress plugins, notably the RocketLazyLoadScript. This incident highlights vulnerabilities in the web supply chain and reiterates the importance of timely software updates.…
Read More
US-CERT Vulnerability Summary for the Week of January 20, 2025 – RedPacket Security
The CISA Vulnerability Bulletin has highlighted several new vulnerabilities identified within various software products, primarily focusing on vulnerabilities that pose risks of arbitrary code execution, cross-site scripting, and SQL injection among others. The vulnerabilities are categorized based on their severity. High-profile examples include serious security weaknesses in software from Enrich Technology, Apache Software Foundation, and WordPress plugins.…
Read More
Reconnaissance in Cybersecurity: Overview and Essential Tools What is Reconnaissance?

Reconnaissance is the first phase of the cyberattack lifecycle, where attackers gather as much information as possible about their target (individuals, networks, or organizations) before launching an attack. This stage involves collecting details such as IP addresses, domains, emails, servers, and potential vulnerabilities that can be exploited.…

Read More
The article discusses a security breach at CyberHaven, where a phishing attack led to the deployment of a trojanized Chrome extension. The malicious extension was used to exfiltrate sensitive data from users by manipulating Chrome’s storage and communication mechanisms. This incident highlights the risks associated with browser-based threats and the growing relevance of malicious browser extensions.…
Read More
Cobalt Strike and a Pair of SOCKS Lead to LockBit Ransomware
This report details a significant security intrusion that began with the execution of a malicious file masquerading as a legitimate Windows utility, leading to the deployment of LockBit ransomware. The threat actor employed various techniques including data exfiltration through Rclone and significant lateral movement within the network using proxies and process injection methods.…
Read More
Reeling in RedLine Stealer
This article discusses the author’s experience with harvesting phishing emails using a catch-all domain. The author emphasizes the importance of recognizing phishing attempts and outlines the process of analyzing a suspicious email that contained a potential threat. Key insights include examining IP addresses and file hashes to uncover associations with known malware, specifically RedLine Stealer.…
Read More
Global Domain Activity Trends Seen in Q4 2024
This report analyzes domain registration trends from Q4 2024, revealing an 11.0% increase in newly registered domains (NRDs) compared to the previous quarter. It highlights the rise in cyber attacks and the prevalence of malicious domains, particularly in the .com gTLD. Affected: Newly Registered Domains, Mail Exchange Domains, Name Server Domains

Keypoints :

11.0% increase in newly registered domains (NRDs) in Q4 2024 compared to Q3 2024.…
Read More
CTI REPORT – LockBit 3.0
LockBit 3.0 ransomware primarily targets Windows systems, exploiting vulnerabilities in Active Directory and Microsoft Exchange Server. It employs various tactics for initial access, data encryption, and data exfiltration, threatening victims with public data leaks unless ransoms are paid. LockBit has been particularly active in sectors such as healthcare, finance, and critical infrastructure, leveraging advanced techniques to evade detection.…
Read More