Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
Published On : 2024-06-06
Mustang Panda, also known as Bronze President, is a Chinese cyber threat actor, active since 2012. This group has launched cyberattacks against organizations worldwide, targeting foreign governments, NGOs, and other entities deemed adversaries of the Chinese Communist Party. Mustang Panda is notorious for its sophisticated spear-phishing campaigns, which utilize the target’s native language and often impersonate government services.…
The SonicWall Capture Labs threat research team became aware of an exploited-in-the-wild information disclosure vulnerability affecting the Check Point Security Gateways. Identified as CVE-2024-24919 and given a CVSSv3 score of 8.6, the vulnerability is more severe than it initially appears. While labeled as a sensitive information disclosure vulnerability, it is actually a path traversal attack leading to an arbitrary read, allowing an attacker to read any file on the system.…
Threat Actor: Unknown | Unknown Victim: Facebook | Facebook Price: Not specified Exfiltrated Data Type: Full names, profiles, emails, phone numbers, DR (date of registration), and locations
Additional Information:
The leaked database allegedly contains 100,000 lines of data. Affected users are at risk of identity theft, phishing scams, and social engineering attacks.…Summary: This content discusses the sale of exploit code for a critical security vulnerability (CVE-2023-46359) by the threat actor Interpol404 on the Nuovo BreachForums.
Threat Actor: Interpol404 | Interpol404 Victim: Hardy Barth cPH2 Wallbox | Hardy Barth cPH2 Wallbox
Key Point :
Interpol404 is selling exploit code for the critical security vulnerability CVE-2023-46359 on the Nuovo BreachForums for $200.…Summary: The content discusses the creation of a new data-privacy team in Texas to enforce state privacy laws and protect Texans’ sensitive data.
Threat Actor: None mentioned.
Victim: None mentioned.
Key Point :
Texas Attorney General Ken Paxton has announced the establishment of a data-privacy team to enforce Texas’ laws on data privacy and security, identity theft, data brokers, biometric information, and consumer protection.…Summary: A security researcher discovered a timing leak in the Kyber key encapsulation mechanism, which is being adopted as a post-quantum cryptographic standard by NIST.
Threat Actor: N/A
Victim: N/A
Key Point :
A timing leak was found in the Kyber key encapsulation mechanism, which is being considered as a post-quantum cryptographic standard.…Summary: Belarusian state-sponsored hackers known as Ghostwriter targeted Ukraine’s Ministry of Defence and a military base in a cyberespionage operation by sending phishing emails with malicious attachments.
Threat Actor: Ghostwriter | Ghostwriter Victim: Ukraine’s Ministry of Defence | Ukraine’s Ministry of Defence
Key Points:
Belarusian state-sponsored hackers, Ghostwriter, targeted Ukraine’s Ministry of Defence and a military base in a cyberespionage operation.…Summary: Attackers have exploited a zero-day vulnerability in TikTok’s direct messages feature to hijack high-profile accounts belonging to companies and celebrities, including Sony, CNN, and Paris Hilton.
Threat Actor: Unknown | Unknown Victim: TikTok | TikTok
Key Point :
Attackers have hijacked high-profile TikTok accounts using a zero-day vulnerability in the platform’s direct messages feature.…The 2024 Paris Olympic Games face numerous threats due to their high-profile nature and international significance. Insikt Group's research identifies several key risks: cybercriminals targeting critical sectors with ransomware, hacktivists aiming to disrupt due to geopolitical conflicts, and state actors engaging in espionage and influence operations.…
Summary: Researchers have published a proof-of-concept exploit code for an authentication bypass vulnerability on Progress Telerik Report Servers, allowing unauthenticated attackers to gain access to restricted functionality.
Threat Actor: Unauthenticated attackers
Victim: Progress Telerik Report Servers
Key Point :
The vulnerability, tracked as CVE-2024-4358, was initially patched by Progress, but researchers found an authentication bypass shortly after the release of the patch.…Summary: A high-severity vulnerability in Azure Service Tags has been discovered, which could allow attackers to access customers’ private data.
Threat Actor: N/A
Victim: Azure customers
Key Point :
A vulnerability in Azure Service Tags could be exploited by threat actors to impersonate trusted Azure services and bypass firewall rules.…Summary: This content discusses a suspicious npm package called “glup-debugger-log” that was found to contain obfuscated files, which were part of a malware campaign aimed at compromising target machines and gaining remote access control.
Threat Actor: Unknown | Unknown Victim: Npm | Npm
Key Point :
Phylum’s automated risk detection platform identified a suspicious npm package named “glup-debugger-log” that contained obfuscated files.…Summary: The Andariel APT group, a North Korean threat actor, has been targeting Korean corporations and organizations, including educational institutions and companies in the manufacturing and construction sectors. They employ keyloggers, infostealers, and proxy tools to extract data from compromised systems.
Threat Actor: Andariel APT group | Andariel APT group Victim: Korean corporations and organizations | Korean corporations and organizations
Key Point :
The Andariel APT group, a North Korean threat actor, has been targeting Korean corporations and organizations.…Summary: Cox Communications has fixed a vulnerability that allowed remote attackers to exploit backend APIs and reset modem settings, potentially stealing customers’ personal information.
Threat Actor: Remote attackers
Victim: Cox Communications
Key Point :
A security flaw in Cox Communications’ backend APIs allowed remote attackers to reset modem settings and potentially steal customers’ personal information.…Resecurity has uncovered a cybercriminal group that is equipping fraudsters with sophisticated phishing kits to target banking customers in the EU. These kits are designed to intercept sensitive information, including credentials and OTP codes. The attackers use various social engineering tactics to trick victims into revealing their sensitive information.…
Summary: Cisco Talos researchers have discovered a previously undocumented APT group called LilacSquid that has been conducting a data theft campaign since at least 2021. The group has targeted organizations in multiple industries across different regions.
Threat Actor: LilacSquid | LilacSquid Victim: Various organizations in the information technology, industrial, energy, and pharmaceutical sectors.…
Summary: This content discusses a severe logging configuration flaw, CVE-2021-44832, in Apache Log4j2 that could have a significant impact on the financial industry.
Threat Actor: N/A
Victim: N/A
Key Point :
The vulnerability, CVE-2021-44832, allows remote attackers to execute malicious code on affected systems by exploiting a logging configuration flaw in Apache Log4j2.…We have observed active exploitation attempts targeting three high-severity CVEs: CVE-2024-2194, CVE-2023-6961, and CVE-2023-40000. These vulnerabilities are found in various WordPress plugins and are prone to unauthenticated stored cross-site scripting (XSS) attacks due to inadequate input sanitization and output escaping, making it possible for attackers to inject malicious scripts.…