Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
Published On : 2023-07-06
EXECUTIVE SUMMARYThe CYFIRMA research team has identified an infostealer builder known as ‘Blank Grabber’ while monitoring threat actor discussions. It was released in 2022, however since then, it has been frequently updated – with 85 contributions to the project in the last one month alone.…
The Wordfence Threat Intelligence team has been monitoring an ongoing exploit campaign targeting a recently disclosed vulnerability in WooCommerce Payments, a plugin installed on over 600,000 sites. Large-scale attacks against the vulnerability, assigned CVE-2023-28121, began on Thursday, July 14, 2023 and continued over the weekend, peaking at 1.3 million attacks against 157,000 sites on Saturday, July 16, 2023.…
Last updated at Thu, 10 Aug 2023 21:06:28 GMT
Rapid7 is tracking a new, more sophisticated and staged campaign using the Blackmoon trojan, which appears to have originated in November 2022. The campaign is actively targeting various businesses primarily in the USA and Canada. However, it is not used to steal credentials, instead, it implements different evasion and persistence techniques to drop several unwanted programs and stay in victims’ environment for as long as possible.…
SCARLETEEL 2.0: Fargate, Kubernetes, and Crypto | Sysdig
SCARLETEEL, an operation reported on by the Sysdig Threat Research Team last February, continues to thrive, improve tactics, and steal proprietary data. Cloud environments are still their primary target, but the tools and techniques used have adapted to bypass new security measures, along with a more resilient and stealthy command and control architecture.…
Cyble Research & Intelligence Labs (CRIL) have been monitoring several instances where well-known applications and tools have been exploited as a delivery mechanism for malicious files. Threat Actors (TAs) leverage the trust associated with these applications to deceive users into downloading and executing them.…
In recent years, the rise of Vishing, also known as Voice over IP Phishing, has become so popular that it has eroded trust in calls from unknown numbers.…
An analysis of advanced persistent threat (APT) group Red Menshen’s different variants of backdoor BPFDoor as it evolves since it was first documented in 2021.
Advanced persistent threat (APT) groups have broadened their focus to include Linux and cloud servers in the past few years. Noticeable examples include ransomware groups targeting VMware ESXi servers, Mirai botnet variants, and groups targeting the cloud with stealers and cryptomining malware.…
As ransomware attacks continue to grow in number and sophistication, threat actors can quickly impact business operations if organizations are not well prepared. In a recent investigation by Microsoft Incident Response (previously known as Microsoft Detection and Response Team – DART) of an intrusion, we found that the threat actor progressed through the full attack chain, from initial access to impact, in less than five days, causing significant business disruption for the victim organization.…
Today, on June 29, 2023, the Wordfence Threat Intelligence Team became aware of an unpatched privilege escalation vulnerability being actively exploited in Ultimate Member, a WordPress plugin installed on over 200,000 sites, through our vulnerability changelog monitoring we do to ensure the Wordfence Intelligence Vulnerability Database has the most up to date and accurate information.…
This post is also available in: 日本語 (Japanese)
Executive SummaryUnit 42 researchers identified two Cobalt Strike Team Server instances hosted on the internet and uncovered new profiles that are not available on public repositories. We will highlight the distinct techniques attackers use to exploit the Cobalt Strike platform and circumvent signature-based detections.…
This post is also available in: 日本語 (Japanese)
Executive SummaryUnit 42 researchers discovered an active campaign that targeted several web hosting and IT providers in the United States and European Union from late 2020 to late 2022. Unit 42 tracks the activity associated with this campaign as CL-CRI-0021 and believes it stems from the same threat actor responsible for the previous campaign known as Manic Menagerie.…
This post is also available in: 日本語 (Japanese)
Executive SummarySince March 2023, Unit 42 researchers have observed threat actors leveraging several IoT vulnerabilities to spread a variant of the Mirai botnet. The vulnerabilities exploited include those listed in the following table:
The threat actors have the ability to gain complete control over the compromised devices, integrating those devices into the botnet.…
By Securonix Threat Labs, Threat Research: D. Iuzvyk, T. Peck, O. Kolesnikov
June 21, 2023
TL;DRMULTI#STORM, an interesting attack campaign involving Python-based loader malware was recently seen being used to deliver Warzone RAT infections using phishing emails.
An interesting phishing campaign was recently analyzed by the Securonix Threat Research Team.…
According to Check Point Harmony Email Researchers, credential harvesting has continually been the top attack vector, with 59% of attacks reported.…
This blog entry discusses the more technical details on the most recent tools, techniques, and procedures (TTPs) leveraged by the Earth Preta APT group, and tackles how we were able to correlate different indicators connected to this threat actor.
IntroductionIn November 2022, we disclosed a large-scale phishing campaign initiated by the advanced persistent threat (APT) group Earth Preta, also known as Mustang Panda.…
Since December 2022, the eSentire Threat Response Unit (TRU) has observed Aurora Stealer malware infections in the manufacturing industry. It’s distributed via fake Google Ads for Notepad++ installer. Aurora Stealer gathers sensitive data, including cookies, autofill information, and encrypted passwords from browsers such as Opera, Brave, Mozilla Firefox, Chrome, etc.…
Progress Software disclosed one more critical vulnerability CVE-2023-35708 with CVSS Base Score 9.8 in its MOVEit Transfer application on 15th June 2023. An unauthenticated remote attacker could exploit the vulnerable version of MOVEit Transfer that could lead to escalated privileges and potential unauthorized access in the environment.…