Summary: This content discusses two new vulnerabilities in MOVEit Transfer and MOVEit Gateway, which can be exploited by threat actors to bypass SFTP authentication and gain unauthorized access.

Threat Actor: Unspecified | Unspecified Victim: Progress Software | Progress Software

Key Point :

Progress Software has disclosed two vulnerabilities in MOVEit Transfer and MOVEit Gateway, namely CVE-2024-5806 and CVE-2024-5805.…
Read More

Threat Actor: Cybercriminals | Cybercriminals Victim: Singaporeans | Singaporeans Price: Varying prices based on source and quality of data Exfiltrated Data Type: Singpass credentials, biometric data, forged documents

Key Points :

Cybercriminals are selling stolen digital identities of Singaporeans on the Dark Web. The trade of sensitive personal information, including Singpass credentials, biometric data, and forged documents, has surged by 230% compared to the previous year.…
Read More

Summary: This content discusses a new command execution technique called ‘GrimResource’ that utilizes specially crafted MSC files and an unpatched Windows XSS flaw to execute code through the Microsoft Management Console.

Threat Actor: Unknown threat actor | Unknown threat actor Victim: Windows users | Windows users

Key Point :

A new command execution technique called ‘GrimResource’ is utilizing specially crafted MSC files and an unpatched Windows XSS flaw to perform code execution via the Microsoft Management Console.…
Read More

Summary: The content discusses the sanctions imposed by the US Treasury Department on twelve Kaspersky Lab executives for their role in the Russian company, highlighting the commitment to protect against cyber threats.

Threat Actor: Kaspersky Lab | Kaspersky Lab Victim: N/A

Key Point :

The US Treasury Department has sanctioned twelve Kaspersky Lab executives for their involvement in the Russian company.…
Read More
Intro – What is Prototype Pollution?

Prototype Pollution is a JavaScript vulnerability where it’s possible for an attacker to control unexpected variables in JavaScript, which on the client-side can lead to Cross-Site Scripting, and on the server-side lead to Remote Code Execution. 

It is caused by ‘JavaScript Weirdness’, specifically in the declaration and setting of variable names, and is exploitable because of further JavaScript weirdness with weak typing, where it’s possible to have various undeclared variables in code that can be controlled by Prototype Pollution. …

Read More

From November 2023 to April 2024, Insikt Group identified cyber-espionage activities conducted by RedJuliett, a likely Chinese state-sponsored group, primarily targeting government, academic, technology, and diplomatic organizations in Taiwan. RedJuliett exploited known vulnerabilities in network edge devices such as firewalls, virtual private networks (VPNs), and load balancers for initial access.…

Read More

DragonForce Ransomware has emerged as an intriguing adversary. Known for its prominent targets and unusual ways of communication, it has quickly gained notoriety among cybersecurity experts and victims alike. This post delves into the origins, operations, and distinctive features of the DragonForce Ransomware, shedding light on the menacing threats in the digital world today.…

Read More

Since web servers are externally exposed to provide web services to all available users, they have been major targets for threat actors since the past. AhnLab SEcurity Intelligence Center (ASEC) is monitoring attacks against vulnerable web servers that have unpatched vulnerabilities or are being poorly managed, and is sharing the attack cases that have been confirmed through its ASEC Blog.…

Read More
Securonix Threat Research Security Advisory By Securonix Threat Research: D.Iuzvyk, T. Peck, O.Kolesnikov

The Securonix Threat Research (STR) team has identified the use of a stealthy backdoor payload likely targeting Pakistani victims via unsolicited messages.

In an attack campaign tracked by the Securonix Threat Research team as PHANTOM#SPIKE, threat actors are making use of military-related phishing documents to lure their victims into executing a simple RAT binary payload.…

Read More

This blog investigates the network-based activity detected by Darktrace in compromises stemming from the exploitation of a vulnerability in Palo Alto Networks firewall devices, namely CVE-2024-3400.

Introduction

Perimeter devices such as firewalls, virtual private networks (VPNs), and intrusion prevention systems (IPS), have long been the target of adversarial actors attempting to gain access to internal networks.…

Read More

ModiLoader aka DBatLoader – Active IOCsJune 21, 2024Multiple IBM i and WebSphere Application Server VulnerabilitiesJune 21, 2024

Analysis Summary

The SideWinder APT (Advanced Persistent Threat) Group is a sophisticated cyber espionage group active since at least 2012. The group is believed to be based in India and has targeted government agencies, military organizations, and financial institutions in South Asia and the Middle East.…

Read More