Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
Summary: This content discusses two new vulnerabilities in MOVEit Transfer and MOVEit Gateway, which can be exploited by threat actors to bypass SFTP authentication and gain unauthorized access.
Threat Actor: Unspecified | Unspecified Victim: Progress Software | Progress Software
Key Point :
Progress Software has disclosed two vulnerabilities in MOVEit Transfer and MOVEit Gateway, namely CVE-2024-5806 and CVE-2024-5805.…Threat Actor: Cybercriminals | Cybercriminals Victim: Singaporeans | Singaporeans Price: Varying prices based on source and quality of data Exfiltrated Data Type: Singpass credentials, biometric data, forged documents
Key Points :
Cybercriminals are selling stolen digital identities of Singaporeans on the Dark Web. The trade of sensitive personal information, including Singpass credentials, biometric data, and forged documents, has surged by 230% compared to the previous year.…Affected Platforms: Linux DistributionsImpacted Users: Any organizationImpact: Remote attackers gain control of the vulnerable systemsSeverity Level: High
Cybersecurity threats are increasingly leveraging cloud services to store, distribute, and establish command and control (C2) servers, such as VCRUMS stored on AWS or SYK Crypter distributed via DriveHQ.…
Summary: This content discusses a new command execution technique called ‘GrimResource’ that utilizes specially crafted MSC files and an unpatched Windows XSS flaw to execute code through the Microsoft Management Console.
Threat Actor: Unknown threat actor | Unknown threat actor Victim: Windows users | Windows users
Key Point :
A new command execution technique called ‘GrimResource’ is utilizing specially crafted MSC files and an unpatched Windows XSS flaw to perform code execution via the Microsoft Management Console.…Summary: Google has developed a framework called Project Naptime that allows a large language model (LLM) to carry out vulnerability research and improve automated discovery approaches.
Threat Actor: N/A
Victim: N/A
Key Point:
Project Naptime is a framework developed by Google that enables a large language model (LLM) to conduct vulnerability research.…Summary: This content discusses active attacks targeting end-of-life Zyxel NAS boxes after the disclosure of critical vulnerabilities.
Threat Actor: Mirai-like botnet | Mirai-like botnet Victim: Zyxel NAS devices | Zyxel NAS devices
Key Point :
Multiple remote command execution attempts by a Mirai-like botnet have been observed targeting end-of-life Zyxel NAS devices.…Summary: This article discusses a security flaw in the Ollama open-source AI infrastructure platform that could be exploited for remote code execution.
Threat Actor: Unknown | Ollama Victim: Ollama | Ollama
Key Point :
A security flaw in the Ollama open-source AI infrastructure platform has been discovered, allowing for remote code execution.…Summary: The content discusses the sanctions imposed by the US Treasury Department on twelve Kaspersky Lab executives for their role in the Russian company, highlighting the commitment to protect against cyber threats.
Threat Actor: Kaspersky Lab | Kaspersky Lab Victim: N/A
Key Point :
The US Treasury Department has sanctioned twelve Kaspersky Lab executives for their involvement in the Russian company.…Prototype Pollution is a JavaScript vulnerability where it’s possible for an attacker to control unexpected variables in JavaScript, which on the client-side can lead to Cross-Site Scripting, and on the server-side lead to Remote Code Execution.
It is caused by ‘JavaScript Weirdness’, specifically in the declaration and setting of variable names, and is exploitable because of further JavaScript weirdness with weak typing, where it’s possible to have various undeclared variables in code that can be controlled by Prototype Pollution. …
From November 2023 to April 2024, Insikt Group identified cyber-espionage activities conducted by RedJuliett, a likely Chinese state-sponsored group, primarily targeting government, academic, technology, and diplomatic organizations in Taiwan. RedJuliett exploited known vulnerabilities in network edge devices such as firewalls, virtual private networks (VPNs), and load balancers for initial access.…
DragonForce Ransomware has emerged as an intriguing adversary. Known for its prominent targets and unusual ways of communication, it has quickly gained notoriety among cybersecurity experts and victims alike. This post delves into the origins, operations, and distinctive features of the DragonForce Ransomware, shedding light on the menacing threats in the digital world today.…
Since web servers are externally exposed to provide web services to all available users, they have been major targets for threat actors since the past. AhnLab SEcurity Intelligence Center (ASEC) is monitoring attacks against vulnerable web servers that have unpatched vulnerabilities or are being poorly managed, and is sharing the attack cases that have been confirmed through its ASEC Blog.…
The research team has been analyzing a series of info-stealing malware, and they have recently come across an interesting campaign involving the PHP version of Ducktail Infostealer. This malware is being actively distributed by disguising itself as a free or cracked application installer for popular software, including games, Microsoft Office applications, and Telegram.…
CVE-2024-33001 – SAP NetWeaver and ABAP Platform VulnerabilityJune 24, 2024Donot APT Group – Active IOCsJune 24, 2024
Analysis SummaryThe Mirai botnet is a type of malware that infects Internet of Things (IoT) devices, such as routers, security cameras, and other smart devices, to launch distributed denial-of-service (DDoS) attacks.…
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats within minutes.
We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.…
Threat Actor: Newly registered threat actor | newly registered threat actor Victim: VirtualBox VME users | VirtualBox VME Price: $50,000 in XMR (Monero) Exfiltrated Data Type: Not specified
Key Points :
A newly registered threat actor is selling a zero-day exploit targeting VirtualBox VME. The exploit works on all Windows versions, including recent iterations.…The Securonix Threat Research (STR) team has identified the use of a stealthy backdoor payload likely targeting Pakistani victims via unsolicited messages.
In an attack campaign tracked by the Securonix Threat Research team as PHANTOM#SPIKE, threat actors are making use of military-related phishing documents to lure their victims into executing a simple RAT binary payload.…
Summary: The U.S. Department of Commerce has issued a ban on Kaspersky Lab’s security software in the country, citing national security risks due to the company’s ties to the Russian government and its offensive cyber capabilities.
Threat Actor: Kaspersky Lab | Kaspersky Lab Victim: United States | United States
Key Point :
The U.S.…This blog investigates the network-based activity detected by Darktrace in compromises stemming from the exploitation of a vulnerability in Palo Alto Networks firewall devices, namely CVE-2024-3400.
IntroductionPerimeter devices such as firewalls, virtual private networks (VPNs), and intrusion prevention systems (IPS), have long been the target of adversarial actors attempting to gain access to internal networks.…
ModiLoader aka DBatLoader – Active IOCsJune 21, 2024Multiple IBM i and WebSphere Application Server VulnerabilitiesJune 21, 2024
Analysis SummaryThe SideWinder APT (Advanced Persistent Threat) Group is a sophisticated cyber espionage group active since at least 2012. The group is believed to be based in India and has targeted government agencies, military organizations, and financial institutions in South Asia and the Middle East.…