2024 Annual Active Mining Trojan Review – 4hou.com
The article discusses the various threats posed by mining trojans that infiltrate victims’ computers, utilizing their resources for illegal cryptocurrency mining without their consent. It highlights the negative impacts on system performance, increased risk of failure, and potential for creating backdoors leading to further cyberattacks. The trend towards the use of sophisticated techniques like BYOVD attacks and the rise of dark web mining pools is emphasized.…
Read More
NanoCore RAT Malware Analysis
This article provides an in-depth analysis of a NanoCore Remote Access Trojan (RAT) sample identified by the hash 18B476D37244CB0B435D7B06912E9193, highlighting its behavior, obfuscation techniques, persistence methods, and communication with command-and-control (C2) servers. Affected: Cybersecurity, Victims of Data Theft

Keypoints :

NanoCore is a Remote Access Trojan used for espionage and data theft.…
Read More
Microsoft Uncovers Sandworm Subgroup’s Global Cyber Attacks Spanning 15+ Countries
Summary: A subgroup of the Russian hacking group Sandworm, known as Seashell Blizzard, has expanded its global operations through a multi-year initiative called BadPilot, targeting various sectors and regions worldwide. This group has utilized advanced malware and exploits to compromise sensitive infrastructure, supporting espionage and geopolitical objectives, particularly in relation to the Russo-Ukrainian war.…
Read More
Russian Seashell Blizzard Hackers Gain, Maintain Access to High-Value Targets: Microsoft
Summary: Microsoft reports that the Russia-linked threat actor Seashell Blizzard has intensified its operations through a subgroup focusing on initial access and long-term persistence in various organizations. This group, active since at least 2021, has employed a range of vulnerabilities to target critical infrastructure and military entities, particularly in Ukraine, while also expanding efforts to include targets in the US and UK.…
Read More
US-CERT Vulnerability Summary for the Week of February 3, 2025 – RedPacket Security
The CISA Vulnerability Bulletin reports on new vulnerabilities identified within the past week, detailing their severity and impact based on the Common Vulnerability Scoring System (CVSS). Several vulnerabilities lack CVSS scores but involve critical systems including industrial automation, cybersecurity tools, and various software applications. Affected: 2N Access Commander, ABB ASPECT-Enterprise, Advantive VeraCore, Alexandros Georgiou Bitcoin Wallets, AMD EPYC, Apache Cassandra, Apache James server, Apache ShardingSphere, Cisco Identity Services Engine, IBM Cognos Analytics, and more.…
Read More
Further insights into Ivanti CSA 4.6 vulnerabilities exploitation
This report analyzes widespread exploitation of Ivanti Cloud Service Appliance (CSA) vulnerabilities, particularly CVE-2024-8963, identified between October 2024 and January 2025. The vulnerabilities resulted in the deployment of webshells on many affected devices, with insights into the operational tactics of the threat actors. The report delves into the root causes of these vulnerabilities, the exploitation methods, and the implications for defenders responding to such attacks.…
Read More
A Beginner’s Guide to Hunting Web-Based Credit Card Skimmers
This blog post explores approaches for hunting credit card skimmers, which are malicious scripts used to steal payment information from e-commerce websites. It outlines the methods of attack, tools for detection, and shares key findings from the author’s investigations into known skimmer campaigns. The piece also highlights indicators of compromise (IoCs) related to the skimming attacks discussed.…
Read More
RST TI Report Digest: 10 Feb 2025
This report provides a comprehensive overview of recent cybersecurity threats from various actors, detailing their tactics, techniques, and indicators of compromise. The analysis covers sophisticated groups like XE Group, MuddyWater, and others, revealing their complex operations and targeting sectors affected by ongoing geopolitical tensions, particularly within financial and governmental infrastructures.…
Read More
Infostealer malware linked to Lazarus Group campaigns
The article discusses the analysis of a sophisticated Python malware script utilizing Base64 encoding and ZLIB compression. The malicious code employs multiple obfuscation stages and attempts to adapt to various operating systems. The analysis reveals the delivery methods of the malware, including a campaign called “ClickFix” which utilizes social engineering tactics to manipulate users into executing malicious scripts.…
Read More
Blackfield – HTB
Blackfield is a hard-difficulty Windows machine where attackers exploit Windows and Active Directory misconfigurations. Through anonymous SMB access, attackers enumerate users, identify those vulnerable to AS-REP Roasting, and gain further access to sensitive data. The attacks involve stealing password hashes, exploiting user permissions, and culminating in full control of the domain through various techniques.…
Read More
APT QUARTERLY HIGHLIGHTS : Q4 2024
In Q4 2024, APT groups from China, North Korea, Iran, and Russia significantly escalated their cyber operations, demonstrating advanced techniques such as cyber espionage, credential theft, and disruptive assaults. These developments highlight a persistent threat to critical sectors, including government infrastructure and financial institutions worldwide. Affected: governments, critical infrastructure, defense, financial institutions, research entities

Keypoints :

APT groups showcased increasingly sophisticated techniques across a range of cyber threats in Q4 2024.…
Read More
BadDNS: Open-source tool checks for subdomain takeovers
Summary: BadDNS is a comprehensive open-source Python tool designed for DNS auditing, specifically aimed at detecting domain and subdomain takeovers. Its unique features extend beyond basic detection, providing insights into potential vulnerabilities associated with trusted domains and resources. The tool automates signature updates to ensure it remains current with the latest vulnerabilities, streamlining the auditing process for users.…
Read More
How attackers abuse S3 Bucket Namesquatting — And How to Stop Them
Summary: AWS S3 bucket namesquatting is a significant security risk stemming from predictable naming structures that can be exploited by malicious actors. This article outlines the potential consequences of such vulnerabilities, including unauthorized access and traffic redirection, while emphasizing mitigation strategies. Varonis offers solutions to prevent and remediate S3 bucket namesquatting and related security issues in the AWS environment.…
Read More
GetSmoked: UAC-0006 Returns With SmokeLoader Targeting Ukraine’s Largest State-Owned Bank
UAC-0006 is conducting sophisticated phishing campaigns targeting PrivatBank customers in Ukraine. By utilizing password-protected files containing malicious scripts, they manage to bypass security measures effectively. The campaign shows signs of technological overlap with the tactics used by the Russian APT group FIN7, indicating possible collaborative or inspired threat activities.…
Read More