Summary: This content discusses a critical SQL injection vulnerability in Fortra FileCatalyst Workflow (CVE-2024-5276) and the availability of a proof-of-concept exploit online.

Threat Actor: N/A

Victim: Enterprise admins using Fortra FileCatalyst Workflow

Key Point:

A critical SQL injection vulnerability (CVE-2024-5276) has been discovered in the Workflow component of Fortra FileCatalyst.…
Read More

Summary: A novel malware strain called Snowblind is targeting banking customers in Southeast Asia, using a technique that disables Android banking apps’ ability to detect malicious modifications, leading to financial losses and fraud.

Threat Actor: Snowblind | Snowblind Victim: Banking customers in Southeast Asia | banking customers in Southeast Asia

Key Point :

The newly discovered malware strain, Snowblind, is targeting banking customers in Southeast Asia.…
Read More

Summary: This content discusses multiple vulnerabilities in ADOdb, a PHP database abstraction layer library, and emphasizes the importance of updating the library to mitigate potential security risks.

Threat Actor: N/A

Victim: N/A

Key Point :

Multiple vulnerabilities have been addressed in ADOdb, including SQL injection attacks, cross-site scripting (XSS) attacks, and authentication bypasses.…
Read More
Executive Summary

In this article, Unit 42 researchers detail recent findings of malicious Cobalt Strike infrastructure. We also share examples of malicious Cobalt Strike samples that use Malleable C2 configuration profiles derived from the same profile hosted on a public code repository.

Cobalt Strike is a commercial software framework that enables security professionals like red team members to simulate attackers embedding themselves in a network environment.…

Read More

Summary: Apple has released a firmware update for AirPods to address an authentication issue that could allow unauthorized access to the headphones, potentially enabling eavesdropping on private conversations.

Threat Actor: N/A

Victim: AirPods users

Key Point :

An authentication issue in AirPods could allow a malicious actor to gain unauthorized access to the headphones.…
Read More

Summary: This content discusses two new vulnerabilities in MOVEit Transfer and MOVEit Gateway, which can be exploited by threat actors to bypass SFTP authentication and gain unauthorized access.

Threat Actor: Unspecified | Unspecified Victim: Progress Software | Progress Software

Key Point :

Progress Software has disclosed two vulnerabilities in MOVEit Transfer and MOVEit Gateway, namely CVE-2024-5806 and CVE-2024-5805.…
Read More

Threat Actor: Cybercriminals | Cybercriminals Victim: Singaporeans | Singaporeans Price: Varying prices based on source and quality of data Exfiltrated Data Type: Singpass credentials, biometric data, forged documents

Key Points :

Cybercriminals are selling stolen digital identities of Singaporeans on the Dark Web. The trade of sensitive personal information, including Singpass credentials, biometric data, and forged documents, has surged by 230% compared to the previous year.…
Read More

Summary: This content discusses a new command execution technique called ‘GrimResource’ that utilizes specially crafted MSC files and an unpatched Windows XSS flaw to execute code through the Microsoft Management Console.

Threat Actor: Unknown threat actor | Unknown threat actor Victim: Windows users | Windows users

Key Point :

A new command execution technique called ‘GrimResource’ is utilizing specially crafted MSC files and an unpatched Windows XSS flaw to perform code execution via the Microsoft Management Console.…
Read More

Summary: The content discusses the sanctions imposed by the US Treasury Department on twelve Kaspersky Lab executives for their role in the Russian company, highlighting the commitment to protect against cyber threats.

Threat Actor: Kaspersky Lab | Kaspersky Lab Victim: N/A

Key Point :

The US Treasury Department has sanctioned twelve Kaspersky Lab executives for their involvement in the Russian company.…
Read More
Intro – What is Prototype Pollution?

Prototype Pollution is a JavaScript vulnerability where it’s possible for an attacker to control unexpected variables in JavaScript, which on the client-side can lead to Cross-Site Scripting, and on the server-side lead to Remote Code Execution. 

It is caused by ‘JavaScript Weirdness’, specifically in the declaration and setting of variable names, and is exploitable because of further JavaScript weirdness with weak typing, where it’s possible to have various undeclared variables in code that can be controlled by Prototype Pollution. …

Read More

From November 2023 to April 2024, Insikt Group identified cyber-espionage activities conducted by RedJuliett, a likely Chinese state-sponsored group, primarily targeting government, academic, technology, and diplomatic organizations in Taiwan. RedJuliett exploited known vulnerabilities in network edge devices such as firewalls, virtual private networks (VPNs), and load balancers for initial access.…

Read More

DragonForce Ransomware has emerged as an intriguing adversary. Known for its prominent targets and unusual ways of communication, it has quickly gained notoriety among cybersecurity experts and victims alike. This post delves into the origins, operations, and distinctive features of the DragonForce Ransomware, shedding light on the menacing threats in the digital world today.…

Read More

Since web servers are externally exposed to provide web services to all available users, they have been major targets for threat actors since the past. AhnLab SEcurity Intelligence Center (ASEC) is monitoring attacks against vulnerable web servers that have unpatched vulnerabilities or are being poorly managed, and is sharing the attack cases that have been confirmed through its ASEC Blog.…

Read More