Summary: Citrix has addressed a vulnerability in its NetScaler ADC and Gateway appliances that allowed remote attackers to obtain potentially sensitive information from affected systems.

Threat Actor: Unknown | Unknown Victim: Citrix | Citrix

Key Point :

Citrix has quietly patched a vulnerability in its NetScaler ADC and Gateway appliances that allowed remote, unauthenticated attackers to access sensitive information from affected systems.…
Read More

This post is also available in: 日本語 (Japanese)

Executive Summary

Unit 42 researchers have discovered that the Muddled Libra group now actively targets software-as-a-service (SaaS) applications and cloud service provider (CSP) environments. Organizations often store a variety of data in SaaS applications and use services from CSPs.…

Read More

Summary: CISA and the FBI are urging software companies to address path traversal security vulnerabilities in their products to prevent attackers from exploiting them and gaining unauthorized access or control over critical files and systems.

Threat Actor: Attackers exploiting path traversal vulnerabilities

Victim: Software companies

Key Point :

Path traversal vulnerabilities, also known as directory traversal, can be exploited by attackers to manipulate file paths and access sensitive data or execute malicious code.…
Read More

Summary: This content discusses the increase in financially motivated cyberattacks conducted by unidentified hackers associated with Russia in Ukraine.

Threat Actor: Unidentified hackers associated with Russia | unidentified hackers associated with Russia Victim: Ukraine | Ukraine

Key Point :

There has been an increase in financially motivated cyberattacks in Ukraine conducted by previously unidentified hackers associated with Russia.…
Read More

Summary: This content discusses the identification of vulnerabilities in Android apps from smartphone maker Xiaomi and Google’s Android Open Source Project (AOSP) by Oversecured, a business that scans mobile apps for security issues.

Threat Actor: Oversecured | Oversecured Victim: Xiaomi and Google’s Android Open Source Project (AOSP) | Xiaomi and Google’s Android Open Source Project (AOSP)

Key Point:

Oversecured has identified more than two dozen vulnerabilities in Android apps from Xiaomi and Google’s AOSP.…
Read More

Summary: This content discusses a path traversal-affiliated vulnerability pattern found in multiple popular Android applications, which could lead to arbitrary code execution and token theft.

Threat Actor: Microsoft | Microsoft Victim: Multiple popular Android applications | popular Android applications

Key Point :

A path traversal-affiliated vulnerability pattern was discovered in multiple popular Android applications, allowing a malicious application to overwrite files in the vulnerable application’s home directory.…
Read More

Summary: Vishing and deepfake phishing attacks are increasing as threat actors use GenAI to enhance social engineering tactics, making phishing more difficult to detect and deceive even the most aware users.

Threat Actor: Cybercriminals | Cybercriminals Victim: Individuals and organizations | Individuals and organizations

Key Point :

Vishing and deepfake phishing attacks are on the rise as attackers leverage GenAI to amplify social engineering tactics.…
Read More

An increasing number of threats have begun to leverage the Microsoft Graph API, usually to facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services.

The technique was most recently used in an attack against an organization in Ukraine, where a previously undocumented piece of malware used the Graph API to leverage Microsoft OneDrive for C&C purposes.…

Read More

Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability in GitLab Community and Enterprise Editions to its Known Exploited Vulnerabilities catalog, which allows for account takeover via Password Reset.

Threat Actor: N/A Victim: GitLab Community and Enterprise Editions | GitLab

Key Point :

A vulnerability in GitLab Community and Enterprise Editions, tracked as CVE-2023-7028, allows for account takeover via Password Reset without any interaction.…
Read More

In Q1 2024, the Multi-State Information Sharing and Analysis Center (MS-ISAC) reported a slight shift in the Top 10 Malware, with SocGholish remaining the most prevalent. The report highlights various malware infection vectors and provides detailed descriptions and indicators of compromise for each malware variant. #Cybersecurity #Malware #ThreatIntelligence

Keypoints :

SocGholish is the leading malware, constituting 60% of the Top 10 Malware list.…
Read More

Affected Platforms: D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlierImpacted Users: Any organizationImpact: Remote attackers gain control of the vulnerable systemsSeverity Level: High

In April, FortiGuard Labs observed a new botnet targeting a D-Link vulnerability from nearly a decade ago, CVE-2015-2051. This vulnerability allows remote attackers to execute arbitrary commands via a GetDeviceSettings action on the HNAP interface.…

Read More

A sophisticated cyberattack campaign leveraging Agent Tesla and Taskun malware has been actively targeting the education and government sectors in the U.S. This blog post delves into the intricacies of their deployment methods, the vulnerabilities they exploit, and the broader implications for cybersecurity defenses.

Introduction 

Recent investigations have unveiled a coordinated attack that integrates two notorious malware types, Agent Tesla and Taskun.…

Read More

Summary: This content discusses two novel types of attacks that target the conditional branch predictor in Intel processors, which could potentially compromise billions of processors currently in use.

Threat Actor: Researchers from the University of California San Diego, Purdue University, Georgia Tech, the University of North Carolina Chapel Hill, and Google.…

Read More