Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
AhnLab’s Mobile Analysis Team has confirmed cases of romance scams where perpetrators establish rapport by posing as overseas friends or romantic partners. They exploit this connection to solicit money under the guise of cryptocurrency investments.
A romance scam is a type of fraud that involves emotional manipulation to solicit money through various means. …
Authored by Yashvi Shah, Lakshya Mathur and Preksha Saxena
McAfee Labs has recently uncovered a novel infection chain associated with DarkGate malware. This chain commences with an HTML-based entry point and progresses to exploit the AutoHotkey utility in its subsequent stages. DarkGate, a Remote Access Trojan (RAT) developed using Borland Delphi, has been marketed as a Malware-as-a-Service (MaaS) offering on a Russian-language cybercrime forum since at least 2018.…
This blog focuses on the exploitation of the ConnectWise ScreenConnect vulnerabilities (CVE-2024-1708 and CVE-2024-1709) and Darktrace’s coverage of affected customer networks in early 2024.
IntroductionAcross an ever changing cyber landscape, it is common place for threat actors to actively identify and exploit newly discovered vulnerabilities within commonly utilized services and applications.…
Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.…
Summary: The content discusses how cybercriminals are targeting the increasing number of vulnerabilities resulting from the growth in connected devices and new applications, leading to a rise in attacks.
Threat Actor: Cybercriminals | cybercriminals Victim: Various organizations and individuals | cyberattack victims
Key Point:
Cybercriminals are exploiting the growing number of vulnerabilities in connected devices and new applications.…Summary: Google has released a security update for the Chrome browser to fix a zero-day vulnerability that is actively being exploited in the wild.
Threat Actor: Unknown | Unknown Victim: Chrome browser users | Chrome browser users
Key Point :
Google has released a security update for the Chrome browser to address a zero-day vulnerability (CVE-2024-4671) that is actively being exploited in the wild.…Summary: This content discusses a security flaw in XenCenter for Citrix Hypervisor that affects versions using PuTTY for SSH connections to guest VMs.
Threat Actor: N/A
Victim: Citrix Hypervisor users
Key Point :
Versions of XenCenter for Citrix Hypervisor 8.2 CU1 LTSR used PuTTY for SSH connections to guest VMs, but PuTTY inclusion was deprecated with XenCenter version 8.2.6.…Summary: Security flaws in Telit Cinterion cellular modems could allow remote attackers to execute arbitrary code via SMS.
Threat Actor: Unknown | Unknown Victim: Telit Cinterion modem users | Telit Cinterion modem users
Key Point :
Security flaws in Telit Cinterion cellular modems could allow remote attackers to execute arbitrary code via SMS.…Summary: The article discusses the increase in ransomware and extortion incidents in 2023 and the potential for further growth in 2024.
Threat Actor: N/A
Victim: N/A
Key Points:
Ransomware and extortion incidents rose by 67% in 2023, with over 5,000 victims detected or posted on social channels.…Advanced Persistent Threat Group 31 (APT31), also known by aliases like ZIRCONIUM or Judgment Panda, represents a sophisticated cybersecurity threat with ties to state-sponsored activities.
Threat Actor Card of APT31
This group is believed to operate primarily on behalf of the Chinese government, engaging in cyber espionage and targeted attacks to gather intelligence and support strategic objectives aligned with China’s national interests.…
Summary: The Log4J vulnerability exploit remains one of the most attempted exploits, according to a report by Cato Networks.
Threat Actor: Not specified
Victim: Not specified
Key Point :
The Log4J vulnerability exploit accounted for 30% of outbound vulnerability exploitations and 18% of inbound vulnerability exploitations in Q1 2024.…Summary: This content discusses the vulnerability of nearly 52,000 internet-exposed Tinyproxy instances to a recently disclosed critical remote code execution (RCE) flaw.
Threat Actor: None mentioned.
Victim: Tinyproxy instances.
Key Point :
Nearly 52,000 internet-exposed Tinyproxy instances are vulnerable to CVE-2023-49606, a recently disclosed critical remote code execution (RCE) flaw.…Summary: Hackers are targeting WordPress sites with an outdated version of the LiteSpeed Cache plugin to create administrator users and gain control of the websites.
Threat Actor: Unknown | Unknown Victim: WordPress sites | WordPress
Key Point :
Hackers are exploiting an unauthenticated cross-site scripting flaw in older versions of the LiteSpeed Cache plugin for WordPress.…
Juniper Threat Labs has been monitoring exploitation attempts targeting an Ivanti Pulse Secure authentication bypass with remote code execution vulnerabilities. We have observed instances of Mirai botnet delivery in the wild, using this exploit with remote code execution capabilities. This exploit facilitates malware delivery, posing a significant threat to compromise entire networks.…
Summary: This content discusses a novel attack called TunnelVision that targets virtual private network (VPN) applications, compromising their ability to protect user traffic.
Threat Actor: Researchers have discovered this attack technique.
Victim: Users of VPN applications.
Key Point:
TunnelVision is an attack that forces VPN applications to send and receive traffic outside of the encrypted tunnel, undermining their purpose of protecting user data.…Summary: This article discusses the activities of the Yahoo Boys, a group of young men in West Africa who are prolific scammers and engage in various types of fraud.
Threat Actor: Yahoo Boys | Yahoo Boys Victim: Various individuals | various individuals
Key Point :
The Yahoo Boys are a loose collective of scammers in West Africa who openly engage in fraudulent activities, including sextortion scams.…Summary: A security loophole in the WordPress plugin “Email Subscribers by Icegram Express” has been discovered, exposing over 90,000 websites to potential attacks due to a SQL injection vulnerability.
Threat Actor: N/A
Victim: WordPress websites utilizing the “Email Subscribers by Icegram Express” plugin.
Key Point :
A security vulnerability in the “Email Subscribers by Icegram Express” WordPress plugin exposes over 90,000 websites to potential attacks.…Summary: NATO and the European Union condemn cyber espionage operations conducted by the Russia-linked threat actor APT28 against European countries.
Threat Actor: APT28 | APT28 Victim: European countries | European countries
Key Point:
NATO and the European Union have condemned cyber espionage operations carried out by the Russia-linked threat actor APT28 against European countries.…Summary: Citrix has addressed a vulnerability in its NetScaler ADC and Gateway appliances that allowed remote attackers to obtain potentially sensitive information from affected systems.
Threat Actor: Unknown | Unknown Victim: Citrix | Citrix
Key Point :
Citrix has quietly patched a vulnerability in its NetScaler ADC and Gateway appliances that allowed remote, unauthenticated attackers to access sensitive information from affected systems.…In a concerning development for cybersecurity, over 150 SSH accounts with root access are currently being advertised for sale on various hacker forums.
These accounts reportedly provide unrestricted administrative access to Virtual Private Servers (VPS), posing a significant threat to the security of the affected systems.…