Published On : 2024-06-06

Mustang Panda, also known as Bronze President, is a Chinese cyber threat actor, active since 2012. This group has launched cyberattacks against organizations worldwide, targeting foreign governments, NGOs, and other entities deemed adversaries of the Chinese Communist Party. Mustang Panda is notorious for its sophisticated spear-phishing campaigns, which utilize the target’s native language and often impersonate government services.…

Read More
Overview

The SonicWall Capture Labs threat research team became aware of an exploited-in-the-wild information disclosure vulnerability affecting the Check Point Security Gateways. Identified as CVE-2024-24919 and given a CVSSv3 score of 8.6, the vulnerability is more severe than it initially appears. While labeled as a sensitive information disclosure vulnerability, it is actually a path traversal attack leading to an arbitrary read, allowing an attacker to read any file on the system.…

Read More

Summary: This content discusses the sale of exploit code for a critical security vulnerability (CVE-2023-46359) by the threat actor Interpol404 on the Nuovo BreachForums.

Threat Actor: Interpol404 | Interpol404 Victim: Hardy Barth cPH2 Wallbox | Hardy Barth cPH2 Wallbox

Key Point :

Interpol404 is selling exploit code for the critical security vulnerability CVE-2023-46359 on the Nuovo BreachForums for $200.…
Read More

Summary: The content discusses the creation of a new data-privacy team in Texas to enforce state privacy laws and protect Texans’ sensitive data.

Threat Actor: None mentioned.

Victim: None mentioned.

Key Point :

Texas Attorney General Ken Paxton has announced the establishment of a data-privacy team to enforce Texas’ laws on data privacy and security, identity theft, data brokers, biometric information, and consumer protection.…
Read More

Summary: Belarusian state-sponsored hackers known as Ghostwriter targeted Ukraine’s Ministry of Defence and a military base in a cyberespionage operation by sending phishing emails with malicious attachments.

Threat Actor: Ghostwriter | Ghostwriter Victim: Ukraine’s Ministry of Defence | Ukraine’s Ministry of Defence

Key Points:

Belarusian state-sponsored hackers, Ghostwriter, targeted Ukraine’s Ministry of Defence and a military base in a cyberespionage operation.…
Read More

Summary: Attackers have exploited a zero-day vulnerability in TikTok’s direct messages feature to hijack high-profile accounts belonging to companies and celebrities, including Sony, CNN, and Paris Hilton.

Threat Actor: Unknown | Unknown Victim: TikTok | TikTok

Key Point :

Attackers have hijacked high-profile TikTok accounts using a zero-day vulnerability in the platform’s direct messages feature.…
Read More

Summary: Researchers have published a proof-of-concept exploit code for an authentication bypass vulnerability on Progress Telerik Report Servers, allowing unauthenticated attackers to gain access to restricted functionality.

Threat Actor: Unauthenticated attackers

Victim: Progress Telerik Report Servers

Key Point :

The vulnerability, tracked as CVE-2024-4358, was initially patched by Progress, but researchers found an authentication bypass shortly after the release of the patch.…
Read More

Summary: This content discusses a suspicious npm package called “glup-debugger-log” that was found to contain obfuscated files, which were part of a malware campaign aimed at compromising target machines and gaining remote access control.

Threat Actor: Unknown | Unknown Victim: Npm | Npm

Key Point :

Phylum’s automated risk detection platform identified a suspicious npm package named “glup-debugger-log” that contained obfuscated files.…
Read More

Key Takeaways 

Cyble Research and Intelligence Labs (CRIL) recently encountered a campaign using a malicious Excel document linked to the UNC1151 APT group.  

The UNC1151 APT group, originating from Belarus, is notorious for targeting Eastern European countries, including Ukraine, Lithuania, Latvia, Poland, and others. 

In the recent campaign, there are indications that the group is possibly targeting Ukraine, with a potential focus on the Ministry of Defence based on the lure document. …
Read More

Summary: The Andariel APT group, a North Korean threat actor, has been targeting Korean corporations and organizations, including educational institutions and companies in the manufacturing and construction sectors. They employ keyloggers, infostealers, and proxy tools to extract data from compromised systems.

Threat Actor: Andariel APT group | Andariel APT group Victim: Korean corporations and organizations | Korean corporations and organizations

Key Point :

The Andariel APT group, a North Korean threat actor, has been targeting Korean corporations and organizations.…
Read More

Summary: Cox Communications has fixed a vulnerability that allowed remote attackers to exploit backend APIs and reset modem settings, potentially stealing customers’ personal information.

Threat Actor: Remote attackers

Victim: Cox Communications

Key Point :

A security flaw in Cox Communications’ backend APIs allowed remote attackers to reset modem settings and potentially steal customers’ personal information.…
Read More
Executive summaryExpanded arsenal: Threat actors behind the RedTail cryptomining malware, initially reported in early 2024, have incorporated the recent Palo Alto PAN-OS CVE-2024-3400 vulnerability into their toolkit.Private cryptomining pools: The attackers have taken a step forward by employing private cryptomining pools for greater control over mining outcomes despite the increased operational and financial costs.…
Read More

Summary: Cisco Talos researchers have discovered a previously undocumented APT group called LilacSquid that has been conducting a data theft campaign since at least 2021. The group has targeted organizations in multiple industries across different regions.

Threat Actor: LilacSquid | LilacSquid Victim: Various organizations in the information technology, industrial, energy, and pharmaceutical sectors.…

Read More

Summary: This content discusses a severe logging configuration flaw, CVE-2021-44832, in Apache Log4j2 that could have a significant impact on the financial industry.

Threat Actor: N/A

Victim: N/A

Key Point :

The vulnerability, CVE-2021-44832, allows remote attackers to execute malicious code on affected systems by exploiting a logging configuration flaw in Apache Log4j2.…
Read More

We have observed active exploitation attempts targeting three high-severity CVEs: CVE-2024-2194, CVE-2023-6961, and CVE-2023-40000. These vulnerabilities are found in various WordPress plugins and are prone to unauthenticated stored cross-site scripting (XSS) attacks due to inadequate input sanitization and output escaping, making it possible for attackers to inject malicious scripts.…

Read More