https://web-check.xyz/
Supported ChecksIP InfoSSL ChainDNS RecordsCookiesCrawl RulesHeadersQuality MetricsServer LocationAssociated HostsRedirect ChainTXT RecordsServer StatusOpen PortsTracerouteCarbon FootprintServer InfoWhois LookupDomain InfoDNS Security ExtensionsSite FeaturesHTTP Strict Transport SecurityDNS ServerTech StackListed PagesSecurity.txt…Tag: FIREWALL
Significant Increase in Attacks: In the first month of 2024, attempts to attack Web APIs impacted 1 in 4.6 organizations worldwide every week, marking a 20% increase compared to January 2023, highlighting the growing risk associated with API vulnerabilities.
Industry-Wide Impact: Education leads as the most impacted sector, with most sectors having a double-digit surge in attacks from last year.…
Read More Bitdefender Labs recently helped with an investigation that unfortunately aligns with two key predictions we made for 2024: the rapid rise of opportunistic ransomware and the growing risk of coordinated attacks. This ransomware attack was coordinated and impacted two separate companies simultaneously.
Views: 0…
Cisco Talos has discovered a new campaign operated by a threat actor distributing a previously unknown malware we’re calling “TimbreStealer.”This threat actor was observed distributing TimbreStealer via a spam campaign using Mexican tax-related themes starting in at least November 2023. The threat actor has previously used similar tactics, techniques and procedures (TTPs) to distribute a banking trojan known as “Mispadu.”…
Read More Published On : 2024-02-23
EXECUTIVE SUMMARYAt CYFIRMA, we are dedicated to providing current insights into prevalent threats and strategies utilized by malicious entities, targeting both organizations and individuals. This in-depth examination focuses on the proliferation of Xeno RAT; an intricately designed malware, crafted with advanced functionalities, conveniently accessible at no cost on GitHub.…
Authors: Tejaswini Sandapolla, Shilpesh Trivedi
The 8220 Gang, a notorious Chinese-based threat actor group, has once again surfaced in the spotlight with a renewed assault on cloud based infrastructure. This latest campaign, unfolding from May 2023 through February 2024, showcases the gang’s strategic pivot towards more sophisticated tactics and techniques, targeting both Linux and Windows platforms.…
Sophos X-Ops is tracking a developing wave of vulnerability exploitation targeting unpatched ConnectWise ScreenConnect installations. This page provides advice and guidance for customers, researchers, investigators and incident responders. This information is based on observation and analysis of attacks by SophosLabs, Sophos Managed Detection and Response (MDR) and Sophos Incident Response (IR), in which the ScreenConnect client or server was involved.…
Quasar is a legitimate remote administration tool that has become popular among threat actors due to its range of capabilities and availability in open source. This blog details how Darktrace detected this tool without using signatures and how Darktrace RESPOND can be configured to block its malicious usage.…
This post is also available in: 日本語 (Japanese)
Executive SummaryDynamic-link library (DLL) hijacking is one of the oldest techniques that both threat actors and offensive security professionals continue to use today. DLL hijacking is popular because it grants threat actors a stealthy way to run malware that can be very effective at evading detection.…
Cisco Talos, in cooperation with CERT.NGO, has discovered new malicious components used by the Turla APT. New findings from Talos illustrate the inner workings of the command and control (C2) scripts deployed on the compromised WordPress servers utilized in the compromise we previously disclosed.
Talos also illustrates the post-compromise activity carried out by the operators of the TinyTurla-NG (TTNG) backdoor to issue commands to the infected endpoints.…
Read More This post is also available in: 日本語 (Japanese)
Executive SummaryFeb. 13, 2024, ConnectWise was notified of two vulnerabilities impacting their remote desktop software application ScreenConnect. These vulnerabilities were first reported through their vulnerability disclosure channel in the ConnectWise Trust Center.
Feb. 19, 2024, ConnectWise publicly disclosed the vulnerabilities in a security bulletin.…
Google Cloud Run is currently being abused in high-volume malware distribution campaigns, spreading several banking trojans such as Astaroth (aka Guildma), Mekotio and Ousaban to targets across Latin America and Europe.
The volume of emails associated with these campaigns has significantly increased since September 2023 and we continue to regularly observe new email distribution campaigns.…
Read More Summary
According to BleepingComputer, a ransomware attack that occurred starting 0n February 11 forced 100 hospitals across Romania to take their systems offline. BackMyData ransomware, which took credit for it, belongs to the Phobos family. The malware embedded an AES key that is used to decrypt its configuration containing whitelisted extensions, files, and directories, a public RSA key that is used to encrypt AES keys used for files’ encryption, and other information.…
Today’s attackers are taking advantage of changing business dynamics to target people everywhere they work. Staying current on the latest cybersecurity attack vectors and threats is an essential part of securing the enterprise against breaches and compromised data.
Views: 1…
SUMMARY
Read More The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) conducted an incident response assessment of a state government organization’s network environment after documents containing host and user information, including metadata, were posted on a dark web brokerage site.…
By Pham Duy Phuc, Max Kersten in collaboration with Noël Keijzer and Michaël Schrijver from Northwave · February 14, 2024
Ransom gangs make big bucks by extorting victims, which sadly isn’t new. Their lucrative business allows them not only to live off the stolen money, but also to reinvest into their shady practice.…
Cisco Talos has identified a new backdoor authored and operated by the Turla APT group, a Russian cyber espionage threat group. This new backdoor we’re calling “TinyTurla-NG” (TTNG) is similar to Turla’s previously disclosed implant, TinyTurla, in coding style and functionality implementation.
Talos assesses with high confidence that TinyTurla-NG, just like TinyTurla, is a small “last chance” backdoor that is left behind to be used when all other unauthorized access/backdoor mechanisms have failed or been detected on the infected systems.…
Read More Last updated at Tue, 27 Feb 2024 17:16:10 GMT
*Rapid7 Incident Response consultants Noah Hemker, Tyler Starks, and malware analyst Tom Elkins contributed analysis and insight to this blog.*
Rapid7 Incident Response was engaged to investigate an incident involving unauthorized access to two publicly-facing Confluence servers that were the source of multiple malware executions.…
This post is also available in: 日本語 (Japanese)
Executive SummaryInsidious Taurus (aka Volt Typhoon) is identified by U.S. government agencies and international government partners as People’s Republic of China (PRC) state-sponsored cyber actors. This group focuses on pre-positioning themselves within U.S. critical infrastructure IT networks, likely in preparation for disruptive or destructive cyberattacks in the event of a major crisis or conflict with the United States.…
Key Takeaways As per our initial observations, this campaign employs language-specific HTML files to trap unsuspecting victims, tailoring its approach based on linguistic nuances.
Through the strategic embedding of zip archives within HTML files, the campaign orchestrates a series of intricate infiltration maneuvers, evading detection and executing malicious payloads. …
Read More