Securonix Threat Research Security Advisory By Securonix Threat Research: D.Iuzvyk, T. Peck, O.Kolesnikov

The Securonix Threat Research (STR) team has identified the use of a stealthy backdoor payload likely targeting Pakistani victims via unsolicited messages.

In an attack campaign tracked by the Securonix Threat Research team as PHANTOM#SPIKE, threat actors are making use of military-related phishing documents to lure their victims into executing a simple RAT binary payload.…

Read More

This blog investigates the network-based activity detected by Darktrace in compromises stemming from the exploitation of a vulnerability in Palo Alto Networks firewall devices, namely CVE-2024-3400.

Introduction

Perimeter devices such as firewalls, virtual private networks (VPNs), and intrusion prevention systems (IPS), have long been the target of adversarial actors attempting to gain access to internal networks.…

Read More

ModiLoader aka DBatLoader – Active IOCsJune 21, 2024Multiple IBM i and WebSphere Application Server VulnerabilitiesJune 21, 2024

Analysis Summary

The SideWinder APT (Advanced Persistent Threat) Group is a sophisticated cyber espionage group active since at least 2012. The group is believed to be based in India and has targeted government agencies, military organizations, and financial institutions in South Asia and the Middle East.…

Read More
Overview 

The SonicWall Capture Labs threat research team became aware of an exploited-in-the-wild information disclosure vulnerability affecting the Windows-based PHP servers used in CGI mode. Identified as CVE-2024-4577 and given a CVSSv3 score of 9.8, the vulnerability is more severe than it initially appears. Labeled as an argument injection vulnerability and categorized as CWE-78 – Improper Neutralization of Special Elements used in an OS Command – this vulnerability allows an attacker to read/modify/execute any file on the system, take control and compromise affected servers. …

Read More

Summary: There is a critical vulnerability in the command line program wget, which has a CVSS Base Score of 10.0. CERT-Bund warns of the vulnerability, which is contained in wget versions <=1.24.5.

Threat Actor: Unspecified threat actor | wget Victim: Users of wget under Linux or Windows | wget

Key Point :

A critical vulnerability (CVE-2024-38428) has been discovered in the command line program wget, which allows an attacker to carry out an unspecified attack.…
Read More

Summary: This content discusses the recent series of attacks surrounding the Trump campaign, particularly focusing on donation scams impersonating the campaign and the use of malicious domains in phishing and smishing campaigns.

Threat Actor: Scammers impersonating the Trump campaign.

Victim: The Trump campaign.

Key Point:

Scammers are taking advantage of recent developments in the Trump campaign, such as the acceptance of crypto donations and the trial verdict, to launch donation scams.…
Read More

Summary: This content discusses a vulnerability in RAD Data Communications’ SecFlow-2 equipment that allows remote attackers to perform path traversal and obtain files from the operating system.

Threat Actor: RAD Data Communications | RAD Data Communications Victim: Users of RAD Data Communications’ SecFlow-2 equipment | RAD Data Communications

Key Point :

The vulnerability, known as CVE-2019-6268, has a CVSS v4 score of 8.7 and allows attackers to exploit the path traversal vulnerability remotely with low attack complexity.…
Read More

I am @unixfreaxjp of MalwareMustDie team. This is the English translation of APT overall analysis I made in Japanese at my Japan security blog: “#OCJP-136: 「FHAPPI」 Geocities.jpとPoison Ivy(スパイウェア)のAPT事件”, it has been translated by my buddy, a professional hacker and translator, The “El” Kentaro (he did it very good so I will not change any words he translated).…

Read More

Summary: The content discusses the alarming increase in vulnerabilities across all enterprise software categories and emphasizes the need for alternative approaches to vulnerability monitoring due to delays in associating Common Vulnerabilities and Exposures (CVE) identifiers with Common Platform Enumeration (CPE) data.

Threat Actor: N/A Victim: N/A

Key Point :

Action1 researchers found a significant rise in the total number of vulnerabilities in enterprise software.…
Read More

Summary: Threat actors are using free or pirated versions of commercial software to deliver a malware loader called Hijack Loader, which then deploys an information stealer known as Vidar Stealer.

Threat Actor: Unknown | Unknown Victim: Unsuspecting users | Unsuspecting users

Key Point :

Threat actors are tricking users into downloading password-protected archive files containing trojanized copies of popular software.…
Read More

Manila, Philippines – Supply chain attacks have become increasingly prevalent. While large corporations and government agencies typically boast complex information security systems and robust defense infrastructure, their smaller vendor counterparts often lack comparable defensive capabilities. This discrepancy creates a significant vulnerability, allowing hackers to exploit weaker links to ultimately target larger, more secure entities.…

Read More