Tag: EXPLOIT

Cloudforce One is publishing the results of our investigation and real-time effort to detect, deny, degrade, disrupt, and delay threat activity by the Russia-aligned threat actor FlyingYeti during their latest phishing campaign targeting Ukraine. At the onset of Russia’s invasion of Ukraine on February 24, 2022, Ukraine introduced a moratorium on evictions and termination of utility services for unpaid debt.…

Read More

Estimated reading time: 5 minutes

AsukaStealer, marketed on a Russian-language cybercrime forum by the alias ‘breakcore,’ has been exposed. The perpetrator offers its services for a monthly fee of $80, targeting individuals and organizations seeking to exploit its capabilities for malicious purposes.Written in C++, AsukaStealer features customizable configurations and an intuitive web-based interface, enhancing its usability for cybercriminals seeking to deploy and manage malware efficiently.It…

Read More

In October 2023 we posted our research about the notorious surveillance framework LightSpy2. In our research, we proved with a high degree of confidence that both implants for Android and iOS came from the same developer and shared the same network infrastructure, but also that they were just a small part of a larger framework.…

Read More

Threat Actor: Blackout Ransomware Group | Blackout Ransomware Group Victim: MCM Telecom | MCM Telecom Price: Not specified Exfiltrated Data Type: Customer information, business details, additional information

Additional Information:

Data Size: Approximately 15 GB Uploaded: 25 May 2024, 11:35:44 UTC Customer Information: ID, name, number, key, status, category code, class code, type, primary sales representative ID, SIC code, tax reference, tax code Business Details: FOB point, shipping method, GSA indicator, partial shipment status, taxpayer ID, price list ID, freight terms, order type ID, sales channel code, warehouse ID Additional Information: Mission statement, number of employees, potential revenue for the current and next fiscal years, fiscal year-end month

In a recent announcement, the notorious Blackout Ransomware Group has claimed responsibility for a significant cyberattack on MCM Telecom, a B2B telecommunications provider based in Mexico.…

Read More

In this blog we examine how Darktrace was able to detect and block malicious phishing emails sent via Microsoft Teams that were impersonating an international hotel chain.

Social Engineering in Phishing Attacks

Faced with increasingly cyber-aware endpoint users and vigilant security teams, more and more threat actors are forced to think psychologically about the individuals they are targeting with their phishing attacks. Social…

Read More

This time, we’re not revealing a new cyber threat investigation or analysis, but I want to share some insights about the team behind all Sekoia Threat Intelligence and Detection Engineering reports. Let me introduce you to the Sekoia TDR team.

TL;DRSekoia Threat Detection & Research (TDR) is a multidisciplinary team dedicated to Cyber Threat Intelligence and Detection Engineering for the Sekoia SOC Platform.…
Read More

Summary: This article discusses a critical vulnerability in the TP-Link Archer C5400X gaming router that allows remote command execution, posing a risk to users.

Threat Actor: N/A

Victim: TP-Link Archer C5400X gaming router users

Key Point:

A critical vulnerability in the TP-Link Archer C5400X gaming router has been disclosed, allowing remote command execution.…
Read More

Summary: Security researchers have released a proof-of-concept exploit for a remote code execution vulnerability in Fortinet’s SIEM solution, which allows executing commands as root on Internet-facing FortiSIEM appliances.

Threat Actor: Horizon3’s Attack Team | Horizon3’s Attack Team Victim: Fortinet | Fortinet

Key Point :

A proof-of-concept exploit has been released for a remote code execution vulnerability in Fortinet’s SIEM solution.…
Read More

This blog delves into Darktrace’s investigation into the exploitation of the Citrix Bleed vulnerability on the network of a customer in late 2024. Darktrace’s Self-Learning AI ensured the customer was well equipped to track the post-compromise activity and identify affected devices.

What is Citrix Bleed?

Since August 2023, cyber threat actors have been actively exploiting one of the most significant critical vulnerabilities disclosed in recent years: Citrix Bleed.…

Read More

Published On : 2024-05-29

EXECUTIVE SUMMARY

A critical vulnerability, identified as CVE-2024-3273, has been discovered in certain end-of-life (EOL) D-Link NAS devices, presenting a severe threat due to the lack of ongoing support and their high susceptibility to attacks. With a CVSS base score of 9.8, this vulnerability is extremely serious, potentially allowing unauthorized access, data theft, system modifications, or denial of service attacks.…

Read More

During a recent red team operation, NetSPI discovered a local privilege escalation path in the default installation of Microsoft Service Fabric Runtime, a software commonly used for local application development. This vulnerability would allow a low privilege user, with a foothold on a host running the service fabric deployment, to elevate their privileges up to System.  …

Read More

Summary: This article discusses a recent ransomware attack by the Ransomhub group on an Industrial Control Systems (ICS) of a Spanish bioenergy plant, highlighting the dangers of cyberattacks on ICS.

Threat Actor: Ransomhub | Ransomhub Victim: Spanish bioenergy plant | Spanish bioenergy plant

Key Point :

The recent ransomware attack by the Ransomhub group targeted the Supervisory Control and Data Acquisition (SCADA) system of a Spanish bioenergy plant, highlighting the vulnerability of Industrial Control Systems (ICS) to cyberattacks.…
Read More

Summary: This content discusses the cybersecurity implications of using Dynamic DNS (DDNS) services embedded in appliances, such as those provided by vendors like Fortinet or QNAP, which increases the discoverability of customer devices by attackers.

Threat Actor: Attackers

Victim: Customers using appliances with embedded Dynamic DNS (DDNS) services, such as those provided by vendors like Fortinet or QNAP.…

Read More
Background

Cloud cryptomining has become an emerging trend in recent years, powered by the scalability and flexibility of cloud platforms. Unlike traditional on-premises infrastructure, cloud infrastructure allows attackers to quickly deploy resources for cryptomining, making it easier to exploit. One of the most common cryptomining threats for cloud environments is the Kinsing malware.…

Read More

Summary: This article discusses how hackers could exploit a bug on the Replicate artificial intelligence platform to steal data and manipulate AI models.

Threat Actor: Hackers | Hackers Victim: Replicate artificial intelligence platform | Replicate artificial intelligence platform

Key Point :

Attackers could have exploited a critical vulnerability in the Replicate artificial intelligence platform to access private AI models and steal data.…
Read More

Summary: Cisco has addressed a vulnerability in the web-based management interface of the Firepower Management Center (FMC) Software, which could allow an attacker to conduct SQL injection attacks and potentially gain root privileges.

Threat Actor: N/A

Victim: Cisco

Key Point:

Cisco has patched a vulnerability in its Firepower Management Center (FMC) Software that could allow an attacker to conduct SQL injection attacks.…
Read More