Summary: ESET researchers have analyzed the activities of the CosmicBeetle threat actor, focusing on its newly developed ScRansom ransomware and its connections to other ransomware groups, including LockBit and RansomHub. …
Tag: full
Summary: The Cyber Safety Review Board (CSRB), led by the DHS, is preparing to announce its next investigation into a significant cybersecurity incident, following previous examinations of major vulnerabilities and …
Summary: Cybercriminals are exploiting large language models (LLMs) to execute sophisticated attacks, including jailbreaking and data poisoning, which pose significant risks to enterprises. Effective protection against these threats requires a …
Short Summary:
Cisco Talos has identified a new cyber threat named “DragonRank,” which targets web application services primarily in Asia and parts of Europe. This threat utilizes the PlugX and …
Threat Actor: Unknown | unknown Victim: Major Brazilian Real Estate Company | Major Brazilian Real Estate Company Price: $15,000 (or $5,000 for ransomware operators) Exfiltrated Data Type: Network access, administrative …
Summary: Security researchers have disclosed a critical zero-day vulnerability in Windows, tracked as CVE-2024-30051, that allows attackers to escalate privileges to SYSTEM level through a heap-based buffer overflow. The vulnerability …
Threat Actor: $udo | $udo Victim: Puregold | Puregold Price: Not specified Exfiltrated Data Type: Customer records, transaction data, operational data
Key Points :
Over 130,000 customer records allegedly compromised.…Summary: The FreeBSD Project has issued a critical security advisory regarding a vulnerability (CVE-2024-43102) that could allow attackers to exploit kernel panic or execute arbitrary code, leading to potential system …
Summary: Zyxel has issued critical hotfixes for its NAS326 and NAS542 products due to a severe command injection vulnerability (CVE-2024-6342) that allows remote code execution. Despite these devices reaching their …
Short Summary
Read More
Rapid7 has been recognized as a Leader in the IDC MarketScape: Worldwide SIEM for SMB 2024 Vendor Assessment. The company highlights the unique features of its InsightIDR product, …
Short Summary
Read More
ESET researchers have documented the activities of the CosmicBeetle threat actor, focusing on its newly developed ScRansom ransomware. This group has replaced its previous ransomware, Scarab, with ScRansom, …
Short Summary:
Intezer’s investigation into a file during alert triage revealed a new infostealer variant named Yet Another Silly Stealer (YASS), which shares similarities with CryptBot but has significant differences …
Threat Actor: Unknown | unknown Victim: Slim CD, Inc. | Slim CD, Inc. Price: N/A Exfiltrated Data Type: Sensitive credit card information
Key Points :
Approximately 1.7 million users affected…Short Summary:
Repellent Scorpius is a newly emerged ransomware-as-a-service (RaaS) group distributing Cicada3301 ransomware, first identified in May 2024. The group employs a double extortion scheme, encrypting data and threatening …
Threat Actor: The Brotherhood | The Brotherhood Victim: Cybercriminals | Cybercriminals Price: $750 per slot Exfiltrated Data Type: Sensitive data (passwords, cookies)
Key Points :
The Brotherhood connects the BlackForums…Summary: A security researcher has disclosed a critical elevation of privilege vulnerability in the Windows Telephony service, tracked as CVE-2024-26230, which allows attackers to gain SYSTEM privileges through a use-after-free …
Threat Actor: Unknown | unknown Victim: Slim CD | Slim CD Price: N/A Exfiltrated Data Type: Personal data and credit card information
Key Points :
Data breach affected approximately 1.7…Threat Actor: Unknown | Unknown Victim: Brasil Bitcoin | Brasil Bitcoin Price: $2,000 USD Exfiltrated Data Type: Personal Information
Key Points :
Alleged breach of the Brazilian cryptocurrency exchange Brasil…
Short Summary: Earth Preta has enhanced its attack strategies by introducing new tools and malware variants, including the propagation of PUBLOAD via a variant of the worm HIUPAN. Their campaigns…
Read More
Summary: HAProxy has issued a security advisory regarding CVE-2024-45506, a critical vulnerability in its load balancing software that is currently being exploited, potentially leading to remote denial-of-service (DoS) attacks. The …
Summary: A new variant of sextortion email scams is targeting spouses by falsely claiming that their partner is cheating, complete with links to alleged proof. These scams have evolved since …
Short Summary:
In July 2024, a previously unknown backdoor named Loki was discovered, which is a private version of an agent from the open-source Mythic framework. Loki has been used …
Short Summary:
Earth Preta has enhanced its attack strategies, utilizing new tools and malware variants in worm-based attacks and time-sensitive spear-phishing campaigns targeting government entities in the APAC region. Key …
Short Summary
Read More
The report by CYFIRMA details the discovery of a sophisticated dropper binary known as BLX Stealer (or XLABB Stealer), designed to steal sensitive information from compromised systems. This …
Network forensics is a specialized field within cybersecurity focused on the monitoring, capturing, and analysis of network traffic to uncover and investigate security incidents or breaches.
By examining data packets, …
Summary: A series of critical vulnerabilities in Veeam Backup & Replication have been identified, exposing organizations to severe risks including unauthorized access and remote code execution. The most critical vulnerability …
Summary: Hackers stole approximately $27 million worth of cryptocurrency from the Penpie DeFi protocol, prompting the company to halt withdrawals and file reports with local authorities and the FBI. Despite …
Summary: The Fog Ransomware group has expanded its targeting from education and recreation sectors to the financial services sector, successfully launching an attack that was mitigated by Adlumin’s advanced security …
Short Summary:
Fog ransomware, first detected in May 2024, is a new strain targeting US educational organizations. Darktrace’s investigation revealed a rapid attack cycle, utilizing compromised VPN credentials for initial …
Short Summary:
The SonicWall Capture Labs threat research team has identified a high-severity SQL Injection vulnerability (CVE-2024-23119) in Centreon Web versions prior to 22.10.17, 23.04.13, and 23.10.5. This vulnerability allows …
Threat Actor: Unknown | unknown Victim: Private College in Spain | private college in Spain Price: $4,500 Exfiltrated Data Type: IT infrastructure access
Key Points :
Access to critical systems…Threat Actor: Unknown | unknown Victim: Dingding Talk | Dingding Talk Price: For Sale (exact price not disclosed) Exfiltrated Data Type: User Information
Key Points :
Threat actor leaked a…Short Summary:
Satori has reported on a significant fraud campaign named “Konfety,” which exploits the CaramelAds mobile ad SDK to create malicious duplicates of popular apps. The investigation revealed numerous …
Summary: Security researchers have disclosed a critical vulnerability (CVE-2024-26581) in the Linux kernel that allows local authenticated attackers to leak sensitive information, potentially leading to privilege escalation. The flaw affects …
Summary: Lowe’s employees are being targeted by phishing attacks through malicious Google ads that mimic the company’s employee portal, MyLowesLife. These typosquatting websites are designed to steal employee credentials by …
“`html
1. Short SummaryThe article discusses the increasing threat activity associated with the Kimsuky group, particularly focusing on the Konni campaign. It highlights the use of legitimate cloud and …
Summary: A critical vulnerability, CVE-2024-20017, has been discovered in MediaTek chipsets, allowing remote code execution on affected devices without user interaction. Security researcher Hyprdude has released a proof-of-concept exploit, highlighting …
Short Summary: The FBI, CISA, and NSA have assessed that Russian GRU Unit 29155 is responsible for cyber operations targeting global entities for espionage and sabotage since 2020. They have…
Read More
Short Summary:
ShrinkLocker is a newly identified ransomware strain that exploits BitLocker to encrypt data and create a secure boot partition, locking users out unless a ransom is paid. It …
Summary: A targeted cyber-attack has been identified by Cyble Research and Intelligence Lab (CRIL) against political figures and government officials in Malaysia, utilizing malicious ISO files to deploy the Babylon …
Summary: JFrog’s security research team has identified a new supply chain attack technique called “Revival Hijack,” which allows malicious actors to hijack removed PyPI packages, potentially leading to widespread malware …
Short Summary:
Read More
The Head Mare hacktivist group targets Russian and Belarusian organizations, leveraging cyberattacks as a means to influence geopolitical tensions related to the Russo-Ukrainian conflict. Their operations involve sophisticated …
Summary: CISA has identified three critical vulnerabilities in its KEV catalog, emphasizing their active exploitation and urging immediate patching by organizations. Notably, vulnerabilities in Draytek routers and Kingsoft WPS Office …
Summary: Google has patched a high-severity privilege escalation vulnerability in its Android operating system, tracked as CVE-2024-32896, which is currently being exploited in the wild. The vulnerability allows for local …
Threat Actor: Play | Play Victim: Microchip Technology | Microchip Technology Price: Unknown Exfiltrated Data Type: Employee information, financial reports, payroll records, customer documents, tax files
Key Points :
Microchip…Victim: Arch Street Capital Advisors Country : US Actor: qilin Source: http://kbsqoivihgdmwczmxkbovk7ss2dcynitwhhfu5yw725dboqo5kthfaad.onion/site/view?uuid=231f4228-f67d-3496-8f2d-6f9796693a8b Discovered: 2024-09-05 09:39:22.301176 Published: 2024-09-05 00:00:00.000000 Description : Arch Street Capital Advisors is a full-service real estate investment …
Short Summary
Read More
Tropic Trooper, an APT group active since 2011, has recently targeted a government entity in the Middle East, marking a strategic shift in their operations. Their campaigns involve …
Short Summary:
The Fog Ransomware group has shifted its focus from targeting educational and recreational sectors to attacking financial services. Adlumin successfully thwarted a ransomware attack in August 2024, utilizing …
Short Summary:
Mallox is a sophisticated ransomware family that has been actively attacking organizations globally since 2021. With over 700 samples discovered, it has evolved significantly, particularly in 2023 and …
Short Summary: The article provides a detailed analysis of AZORult, a sophisticated malware designed to steal credentials and payment card information. It discusses the malware’s evolution, behavior, evasion techniques, and…
Read More