AhnLab’s Mobile Analysis Team has confirmed cases of romance scams where perpetrators establish rapport by posing as overseas friends or romantic partners. They exploit this connection to solicit money under the guise of cryptocurrency investments.

A romance scam is a type of fraud that involves emotional manipulation to solicit money through various means. …

Read More

Authored by Yashvi Shah, Lakshya Mathur and Preksha Saxena

McAfee Labs has recently uncovered a novel infection chain associated with DarkGate malware. This chain commences with an HTML-based entry point and progresses to exploit the AutoHotkey utility in its subsequent stages. DarkGate, a Remote Access Trojan (RAT) developed using Borland Delphi, has been marketed as a Malware-as-a-Service (MaaS) offering on a Russian-language cybercrime forum since at least 2018.…

Read More

This blog focuses on the exploitation of the ConnectWise ScreenConnect vulnerabilities (CVE-2024-1708 and CVE-2024-1709) and Darktrace’s coverage of affected customer networks in early 2024.

Introduction

Across an ever changing cyber landscape, it is common place for threat actors to actively identify and exploit newly discovered vulnerabilities within commonly utilized services and applications.…

Read More
SUMMARY

Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.…

Read More

Summary: The content discusses how cybercriminals are targeting the increasing number of vulnerabilities resulting from the growth in connected devices and new applications, leading to a rise in attacks.

Threat Actor: Cybercriminals | cybercriminals Victim: Various organizations and individuals | cyberattack victims

Key Point:

Cybercriminals are exploiting the growing number of vulnerabilities in connected devices and new applications.…
Read More

Summary: Google has released a security update for the Chrome browser to fix a zero-day vulnerability that is actively being exploited in the wild.

Threat Actor: Unknown | Unknown Victim: Chrome browser users | Chrome browser users

Key Point :

Google has released a security update for the Chrome browser to address a zero-day vulnerability (CVE-2024-4671) that is actively being exploited in the wild.…
Read More

Summary: This content discusses a security flaw in XenCenter for Citrix Hypervisor that affects versions using PuTTY for SSH connections to guest VMs.

Threat Actor: N/A

Victim: Citrix Hypervisor users

Key Point :

Versions of XenCenter for Citrix Hypervisor 8.2 CU1 LTSR used PuTTY for SSH connections to guest VMs, but PuTTY inclusion was deprecated with XenCenter version 8.2.6.…
Read More

Advanced Persistent Threat Group 31 (APT31), also known by aliases like ZIRCONIUM or Judgment Panda, represents a sophisticated cybersecurity threat with ties to state-sponsored activities.

Threat Actor Card of APT31

This group is believed to operate primarily on behalf of the Chinese government, engaging in cyber espionage and targeted attacks to gather intelligence and support strategic objectives aligned with China’s national interests.…

Read More

Summary: This content discusses the vulnerability of nearly 52,000 internet-exposed Tinyproxy instances to a recently disclosed critical remote code execution (RCE) flaw.

Threat Actor: None mentioned.

Victim: Tinyproxy instances.

Key Point :

Nearly 52,000 internet-exposed Tinyproxy instances are vulnerable to CVE-2023-49606, a recently disclosed critical remote code execution (RCE) flaw.…
Read More

Summary: Hackers are targeting WordPress sites with an outdated version of the LiteSpeed Cache plugin to create administrator users and gain control of the websites.

Threat Actor: Unknown | Unknown Victim: WordPress sites | WordPress

Key Point :

Hackers are exploiting an unauthenticated cross-site scripting flaw in older versions of the LiteSpeed Cache plugin for WordPress.…
Read More

 

Juniper Threat Labs has been monitoring exploitation attempts targeting an Ivanti Pulse Secure authentication bypass with remote code execution vulnerabilities. We have observed instances of Mirai botnet delivery in the wild, using this exploit with remote code execution capabilities. This exploit facilitates malware delivery, posing a significant threat to compromise entire networks.…

Read More

Summary: This content discusses a novel attack called TunnelVision that targets virtual private network (VPN) applications, compromising their ability to protect user traffic.

Threat Actor: Researchers have discovered this attack technique.

Victim: Users of VPN applications.

Key Point:

TunnelVision is an attack that forces VPN applications to send and receive traffic outside of the encrypted tunnel, undermining their purpose of protecting user data.…
Read More

Summary: This article discusses the activities of the Yahoo Boys, a group of young men in West Africa who are prolific scammers and engage in various types of fraud.

Threat Actor: Yahoo Boys | Yahoo Boys Victim: Various individuals | various individuals

Key Point :

The Yahoo Boys are a loose collective of scammers in West Africa who openly engage in fraudulent activities, including sextortion scams.…
Read More

Summary: A security loophole in the WordPress plugin “Email Subscribers by Icegram Express” has been discovered, exposing over 90,000 websites to potential attacks due to a SQL injection vulnerability.

Threat Actor: N/A

Victim: WordPress websites utilizing the “Email Subscribers by Icegram Express” plugin.

Key Point :

A security vulnerability in the “Email Subscribers by Icegram Express” WordPress plugin exposes over 90,000 websites to potential attacks.…
Read More

Summary: NATO and the European Union condemn cyber espionage operations conducted by the Russia-linked threat actor APT28 against European countries.

Threat Actor: APT28 | APT28 Victim: European countries | European countries

Key Point:

NATO and the European Union have condemned cyber espionage operations carried out by the Russia-linked threat actor APT28 against European countries.…
Read More

Summary: Citrix has addressed a vulnerability in its NetScaler ADC and Gateway appliances that allowed remote attackers to obtain potentially sensitive information from affected systems.

Threat Actor: Unknown | Unknown Victim: Citrix | Citrix

Key Point :

Citrix has quietly patched a vulnerability in its NetScaler ADC and Gateway appliances that allowed remote, unauthenticated attackers to access sensitive information from affected systems.…
Read More