The research team has been analyzing a series of info-stealing malware, and they have recently come across an interesting campaign involving the PHP version of Ducktail Infostealer. This malware is being actively distributed by disguising itself as a free or cracked application installer for popular software, including games, Microsoft Office applications, and Telegram.…
Tag: EXPLOIT
CVE-2024-33001 – SAP NetWeaver and ABAP Platform VulnerabilityJune 24, 2024Donot APT Group – Active IOCsJune 24, 2024
Analysis SummaryThe Mirai botnet is a type of malware that infects Internet of Things (IoT) devices, such as routers, security cameras, and other smart devices, to launch distributed denial-of-service (DDoS) attacks.…
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats within minutes.
We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.…
Threat Actor: Newly registered threat actor | newly registered threat actor Victim: VirtualBox VME users | VirtualBox VME Price: $50,000 in XMR (Monero) Exfiltrated Data Type: Not specified
Key Points :
A newly registered threat actor is selling a zero-day exploit targeting VirtualBox VME. The exploit works on all Windows versions, including recent iterations.…The Securonix Threat Research (STR) team has identified the use of a stealthy backdoor payload likely targeting Pakistani victims via unsolicited messages.
In an attack campaign tracked by the Securonix Threat Research team as PHANTOM#SPIKE, threat actors are making use of military-related phishing documents to lure their victims into executing a simple RAT binary payload.…
Summary: The U.S. Department of Commerce has issued a ban on Kaspersky Lab’s security software in the country, citing national security risks due to the company’s ties to the Russian government and its offensive cyber capabilities.
Threat Actor: Kaspersky Lab | Kaspersky Lab Victim: United States | United States
Key Point :
The U.S.…This blog investigates the network-based activity detected by Darktrace in compromises stemming from the exploitation of a vulnerability in Palo Alto Networks firewall devices, namely CVE-2024-3400.
IntroductionPerimeter devices such as firewalls, virtual private networks (VPNs), and intrusion prevention systems (IPS), have long been the target of adversarial actors attempting to gain access to internal networks.…
ModiLoader aka DBatLoader – Active IOCsJune 21, 2024Multiple IBM i and WebSphere Application Server VulnerabilitiesJune 21, 2024
Analysis SummaryThe SideWinder APT (Advanced Persistent Threat) Group is a sophisticated cyber espionage group active since at least 2012. The group is believed to be based in India and has targeted government agencies, military organizations, and financial institutions in South Asia and the Middle East.…
Winnti is a notorious adversary that has been operational since at least 2010 and is believed to be operating in coordination with or supported by the Chinese government. The group has conducted cyber espionage and financially motivated activities across various industries, including technology, healthcare, and pharmaceuticals.…
The SonicWall Capture Labs threat research team became aware of an exploited-in-the-wild information disclosure vulnerability affecting the Windows-based PHP servers used in CGI mode. Identified as CVE-2024-4577 and given a CVSSv3 score of 9.8, the vulnerability is more severe than it initially appears. Labeled as an argument injection vulnerability and categorized as CWE-78 – Improper Neutralization of Special Elements used in an OS Command – this vulnerability allows an attacker to read/modify/execute any file on the system, take control and compromise affected servers. …
Summary: There is a critical vulnerability in the command line program wget, which has a CVSS Base Score of 10.0. CERT-Bund warns of the vulnerability, which is contained in wget versions <=1.24.5.
Threat Actor: Unspecified threat actor | wget Victim: Users of wget under Linux or Windows | wget
Key Point :
A critical vulnerability (CVE-2024-38428) has been discovered in the command line program wget, which allows an attacker to carry out an unspecified attack.…Summary: This content discusses the recent series of attacks surrounding the Trump campaign, particularly focusing on donation scams impersonating the campaign and the use of malicious domains in phishing and smishing campaigns.
Threat Actor: Scammers impersonating the Trump campaign.
Victim: The Trump campaign.
Key Point:
Scammers are taking advantage of recent developments in the Trump campaign, such as the acceptance of crypto donations and the trial verdict, to launch donation scams.…Summary: This content discusses a vulnerability in RAD Data Communications’ SecFlow-2 equipment that allows remote attackers to perform path traversal and obtain files from the operating system.
Threat Actor: RAD Data Communications | RAD Data Communications Victim: Users of RAD Data Communications’ SecFlow-2 equipment | RAD Data Communications
Key Point :
The vulnerability, known as CVE-2019-6268, has a CVSS v4 score of 8.7 and allows attackers to exploit the path traversal vulnerability remotely with low attack complexity.…I am @unixfreaxjp of MalwareMustDie team. This is the English translation of APT overall analysis I made in Japanese at my Japan security blog: “#OCJP-136: 「FHAPPI」 Geocities.jpとPoison Ivy(スパイウェア)のAPT事件”, it has been translated by my buddy, a professional hacker and translator, The “El” Kentaro (he did it very good so I will not change any words he translated).…
Threat Actor: Unknown | Unknown Victim: Windows 8.1, 10, and 11 | Windows 8.1, 10, and 11 Price: $150,000 in cryptocurrency Exfiltrated Data Type: Not specified
Additional Information:
The threat actor is allegedly selling a zero-day Local Privilege Escalation (LPE) exploit targeting Windows 8.1, 10, and 11.…Summary: The content discusses the alarming increase in vulnerabilities across all enterprise software categories and emphasizes the need for alternative approaches to vulnerability monitoring due to delays in associating Common Vulnerabilities and Exposures (CVE) identifiers with Common Platform Enumeration (CPE) data.
Threat Actor: N/A Victim: N/A
Key Point :
Action1 researchers found a significant rise in the total number of vulnerabilities in enterprise software.…Summary: Threat actors are increasingly targeting load balancers, leading to a record exploitation rate for this category of devices over a three-year period.
Threat Actor: Unknown | Unknown Victim: Load balancers | Load balancers
Key Point :
Load balancers have a disproportionately high exploitation rate, with a record 17% exploitation rate over a three-year period.…Summary: This content discusses a malicious campaign targeting cryptocurrency users that involves a fake virtual meeting software called Vortax.
Threat Actor: Vortax | Vortax Victim: Cryptocurrency users | cryptocurrency users
Key Point:
Vortax is a fake virtual meeting software that is marketed as an alternative to other video chat services.…Summary: Threat actors are using free or pirated versions of commercial software to deliver a malware loader called Hijack Loader, which then deploys an information stealer known as Vidar Stealer.
Threat Actor: Unknown | Unknown Victim: Unsuspecting users | Unsuspecting users
Key Point :
Threat actors are tricking users into downloading password-protected archive files containing trojanized copies of popular software.…Manila, Philippines – Supply chain attacks have become increasingly prevalent. While large corporations and government agencies typically boast complex information security systems and robust defense infrastructure, their smaller vendor counterparts often lack comparable defensive capabilities. This discrepancy creates a significant vulnerability, allowing hackers to exploit weaker links to ultimately target larger, more secure entities.…