This post is also available in: 日本語 (Japanese)
Executive SummaryThis threat brief is frequently updated as new threat intelligence is available for us to share. The full update log is at the end of this post and offers the fullest account of all changes made.…
On Friday, April 12, Palo Alto Networks published an advisory on CVE-2024-3400, a CVSS 10 zero-day vulnerability in several versions of PAN-OS, the operating system that runs on the company’s firewalls. According to the vendor advisory, if conditions for exploitability are met, the vulnerability may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.…
Threat Actor: Unknown | Unknown Victim: Palo Alto Networks | Palo Alto Networks Price: Not applicable Exfiltrated Data Type: Not applicable
Additional Information:
The vulnerability, designated as CVE-2024-3400, affects Palo Alto Networks’ PAN-OS software, specifically targeting the GlobalProtect feature. The vulnerability allows malicious actors to execute arbitrary code with root privileges on vulnerable firewalls.…Volexity would like to thank Palo Alto Networks for their partnership, cooperation, and rapid response to this critical issue. Their research can be found here.
On April 10, 2024, Volexity identified zero-day exploitation of a vulnerability found within the GlobalProtect feature of Palo Alto Networks PAN-OS at one of its network security monitoring (NSM) customers.…
Summary: Palo Alto Networks released security updates to address several high-severity vulnerabilities in its PAN-OS operating system, including DoS vulnerabilities and an improper Group Membership Change vulnerability in Cloud Identity Engine (CIE).
Threat Actor: N/A
Victim: Palo Alto Networks
Key Point :
Palo Alto Networks addressed several high-severity vulnerabilities in its PAN-OS operating system through security updates.…Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats within minutes.
We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.…
Threat Actor: Unknown | Unknown Victim: IT and telecom industries | IT and telecom industries Price: Prices start at $150,000, with incremental steps of $20,000 and a flash sale option at $400,000 Exfiltrated Data Type: Firewall VPNs, hosts, configuration files, code execution capabilities
Additional Information :
The threat actor is offering unauthorized access to firewall VPNs and hosts on a large scale.…Written by: Jacob Thompson
The Apache XML Security for C++ library, code named xml-security-c, is part of the Apache Santuario project. The library implements the XML Digital Signature and the XML Signature specifications, making them available to C++ developers. By default, the library resolves references to external URIs passed in Extensible Markup Language (XML) signatures, allowing for server-side request forgery (SSRF).…
This post is also available in: 日本語 (Japanese)
Executive SummaryOur telemetry indicates a growing number of threat actors are turning to malware-initiated scanning attacks. This article reviews how attackers use infected hosts for malware-based scans of their targets instead of the more traditional approach using direct scans.…
Affected Platforms: Microsoft WindowsImpacted Users: Microsoft WindowsImpact: The stolen information can be used for future attackSeverity Level: High
In January 2024, FortiGuard Labs collected a PDF file written in Portuguese that distributes a multi-functional malware known as Byakugan. While investigating this campaign, a report about it was published.…
Table of Contents
By: Alex Reid, Current Red Siege Intern
SSH-ishing? Suh-shishing? Have you gotten your blood pressure checked recently?
In the April 2018 release of Windows 10 version 1803, Microsoft announced that the Windows OpenSSH client would ship and be enabled by default (with the server remaining an optional feature that must be manually enabled).…
The world of cyber security faces new and more complex threats every day. Among these threats, which we encounter anew each day, one of the most significant is malicious software designed to steal personal and corporate information, known as “stealers”. Stealers can be considered one of today’s unseen yet most dangerous corporate threats.…
Published On : 2024-03-27
EXECUTIVE SUMMARYAt CYFIRMA, we are dedicated to providing current insights into prevalent threats and strategies utilized by malicious entities, targeting both organizations and individuals. This in-depth examination focuses on Sync-Scheduler stealer, a malware that specifically targets documents, and has been designed with anti-analysis capabilities.…
MuddyWater APT has targeted government and private companies since 2017, including critical sectors such as energy, telecommunications, government, and defense. In February 2024, MuddyWater resumed spear-phishing attacks using new techniques. The National Cyber Directorate of Israel attributed the team’s attack toolkit and attack pattern findings to the MuddyWater group in March 2024, following an increase in new attacks.…
This document will help and guide you to start your first threat hunting based on MITRE ATT&CK Tactics.
ReconnaissanceObjective:Identify potential reconnaissance activity on the network
Description:Reconnaissance is an important phase of an attack, where the attacker gathers information about the target system and network.…
Windows Event Logs mindmap provides a simplified view of Windows Event logs and their capacities that enables defenders to enhance visibility for different purposes:
Log collection (eg: into a SIEM)Threat huntingForensic / DFIRTroubleshootingScheduled tasks:Event ID 4697 , This event generates when new service was installed in the system.…Summary : Cisco has warned customers about password-spraying attacks targeting Secure Firewall devices, including Remote Access VPN services. The attacks are not limited to Cisco products but also third-party VPN concentrators.
Key Point :
Password spraying attacks target Remote Access VPN services on Cisco Secure Firewall devices.…
____________________ Summary: The article discusses a new BOLA vulnerability discovered in Grafana, impacting millions of users worldwide. It explains the vulnerability, potential impacts, and provides solutions and mitigations.
Key Point 
:
– BOLA vulnerability (CVE-2024-1313) allows low-privileged users to delete dashboard snapshots of other organizations.
– Endpoint allows any user to create snapshot images without complexity checks on secret keys.…