Summary: This content discusses criminal campaigns that exploit cloud storage services to redirect users to malicious websites and steal their information using SMS messages.

Threat Actor: Unnamed threat actors | Unnamed Threat Actors Victim: Users targeted by the criminal campaigns | Users Targeted by Criminal Campaigns

Key Point :

Security researchers have identified criminal campaigns that exploit cloud storage services like Amazon S3, Google Cloud Storage, Backblaze B2, and IBM Cloud Object Storage.…
Read More

In the ever-evolving landscape of cybersecurity threats, new groups like Hunt3r Kill3rs emerge with claims of disruptive capabilities. This analysis aims to provide an initial understanding of their activities, considering the limited timeframe and absence of concrete evidence substantiating their claims.

Hunt3r Kill3rs’ logo

Overview of Hunt3r Kill3rs:

Hunt3r Kill3rs, a recently surfaced threat group, assert their prowess in cyber operations, including Industrial Control Systems (ICS) breaches, communication network intrusions, and web application vulnerabilities exploitation.…

Read More

Summary: GitLab has patched a high-severity vulnerability that could allow unauthenticated attackers to take over user accounts through cross-site scripting (XSS) attacks.

Threat Actor: Unauthenticated attackers | unauthenticated attackers Victim: GitLab users | GitLab

Key Point :

GitLab has released patches for a high-severity vulnerability (CVE-2024-4835) in its VS code editor (Web IDE) that could be exploited by unauthenticated attackers to steal restricted information.…
Read More

Summary: This content discusses the increasing use of operational relay box (ORB) networks by China-linked state-backed hackers for cyberespionage operations, posing challenges in detection and attribution.

Threat Actor: China-linked state-backed hackers | China-linked state-backed hackers Victim: Not specified

Key Point :

China-linked state-backed hackers are using operational relay box (ORB) networks, which are proxy server networks created from virtual private servers and compromised online devices, for cyberespionage operations.…
Read More

As organizations prepare for the challenges and opportunities of 2024, the critical importance of cybersecurity preparedness is increasingly apparent. In an era characterized by rapid digital transformation and continuous innovation, cyber threats are becoming more sophisticated and frequent, presenting substantial risks to businesses across all sectors.…

Read More
Overview

The SonicWall Capture Labs threat research team became aware of a noteworthy vulnerability –an SQL injection in the WordPress plugin Automatic by ValvePress – assessed its impact and developed mitigation measures for it. Around ~38k active users have installed this premium plugin. The issue allows trivial SQL injection attacks against the plugin user’s authentication process, which could allow WordPress website takeovers.…

Read More

This post is also available in: 日本語 (Japanese)

Executive Summary

A Chinese advanced persistent threat (APT) group has been conducting an ongoing campaign, which we call Operation Diplomatic Specter. This campaign has been targeting political entities in the Middle East, Africa and Asia since at least late 2022.…

Read More

Summary: The UserPro plugin for WordPress has a significant security vulnerability that allows unauthenticated users to change the passwords of other users under certain conditions.

Threat Actor: Unauthenticated users | Unauthenticated users Victim: Users of the UserPro plugin | UserPro plugin

Key Point :

The UserPro plugin for WordPress, used by over 20,000 sites, has a critical security vulnerability in its password reset mechanism.…
Read More

Written by: Michael Raggi

 

Mandiant Intelligence is tracking a growing trend among China-nexus cyber espionage operations where advanced persistent threat (APT) actors utilize proxy networks known as “ORB networks” (operational relay box networks) to gain an advantage when conducting espionage operations. ORB networks are akin to botnets and are made up of virtual private servers (VPS), as well as compromised Internet of Things (IoT) devices, smart devices, and routers that are often end of life or unsupported by their manufacturers.…

Read More

Summary: A malicious crypto mining campaign called ‘REF4578’ has been discovered, deploying a payload named GhostEngine that uses vulnerable drivers to disable security products and deploy a cryptocurrency miner.

Threat Actor: Unknown | Unknown Victim: Unknown | Unknown

Key Point :

The crypto mining campaign, codenamed ‘REF4578,’ uses a payload named GhostEngine to exploit vulnerable drivers and disable security products.…
Read More

Threat Actor: Unknown | Unknown Victim: Git (Version Control System) | Git Price: Not specified Exfiltrated Data Type: Not specified

Additional Information:

The GIT CVE-2024-32002 RCE vulnerability allows for remote code execution through a recursive clone of a Git repository and Git submodules. The vulnerability takes advantage of the way Git handles submodules on case-insensitive filesystems that support symbolic links.…
Read More

Summary: An extensive security audit of QNAP QTS, the operating system for the company’s NAS products, has uncovered fifteen vulnerabilities, with eleven remaining unfixed.

Threat Actor: WatchTowr Labs | WatchTowr Labs Victim: QNAP | QNAP

Key Point :

An extensive security audit of QNAP QTS has uncovered fifteen vulnerabilities, including an unpatched stack buffer overflow vulnerability in the ‘No_Support_ACL’ function of ‘share.cgi’…
Read More

This report was originally published for our customers on 14 May 2024.

Executive summaryThe DoppelGänger campaign is an ongoing influence campaign, starting from May 2022 and attributed to the Structura National Technologies (Structura) and the Social Design Agency (SDA), which are two Russian entities. The primary goal of DoppelGänger is to diminish support for Ukraine in the wake of Russian aggression and to foster divisions within nations backing Ukraine.…
Read More

Summary: The frequency of ransomware claims has increased significantly in 2023, with a particular rise in indirect ransomware incidents and double leverage attacks.

Threat Actor: Ransomware | Ransomware Victim: Various organizations | Various organizations

Key Point :

The frequency of ransomware claims has increased by 64% year-over-year in 2023, driven by a surge in indirect ransomware incidents.…
Read More

Summary: This content discusses the technical details of a pre-authenticated remote code execution vulnerability (CVE-2023-43208) affecting NextGen Mirth Connect, an open-source data integration platform widely used by healthcare companies.

Threat Actor: IHTeam | IHTeam Victim: Healthcare organizations | healthcare organizations

Key Point :

The vulnerability (CVE-2023-43208) is related to insecure usage of the Java XStream library for unmarshalling XML payloads in Mirth Connect.…
Read More

Summary: The content discusses the dangers posed by AI models harboring backdoors, specifically focusing on the vulnerability in the llama_cpp_python package that allows attackers to execute arbitrary code and compromise data and operations.

Threat Actor: Unknown | Unknown Victim: AI models on trusted platforms like Hugging Face | Hugging Face

Key Point :

The vulnerability in the llama_cpp_python package potentially allows attackers to execute arbitrary code and compromise data and operations.…
Read More