Summary: The video discusses the integration and application of large language models (LLMs) in application security (AppSec) and their effectiveness compared to traditional security tools such as fuzzers. With a focus on real-world examples and case studies, the hosts highlight the capabilities and limitations of LLMs, particularly in identifying security vulnerabilities and providing design recommendations.…
Read More Tag: HUNTING
The article discusses a financially motivated cybercriminal campaign utilizing a malicious driver known as ABYSSWORKER, which disables endpoint detection and response systems to deploy MEDUSA ransomware. This driver exploits revoked certificates and incorporates various evasion techniques against EDR systems while showcasing its capabilities to manipulate processes and files.…
Read More
A recent vulnerability was discovered in Microsoft Copilot for Work, allowing potential data exfiltration of images from SharePoint via HTML injection. By tricking Copilot into rendering image tags, authenticated users could access sensitive images without direct file access. Microsoft Security Response Center (MSRC) has since acknowledged the issue but categorized it as low severity.…
Read More 
A newly identified malware named “문서열람 인증 앱” (Document Viewing Authentication App), linked to a North Korean-backed APT group, has been detected. This malicious application poses as a legitimate document viewing tool but is designed to perform keylogging and information theft through various malicious functions. Users in South Korea are the primary targets, and the malware has connections to a phishing page that impersonates CoinSwap.…
Read More 
In June 2024, Bitdefender Labs highlighted a critical security vulnerability (CVE-2024-4577) in PHP affecting Windows systems in CGI mode, allowing remote code execution through manipulated character encoding. This vulnerability has seen an increase in exploitation attempts, especially in Taiwan and Hong Kong, with attackers also modifying firewall settings to block known malicious IPs.…
Read More 
Hunt researchers exposed a web server hosting tools linked to an intrusion campaign against South Korean organizations. This server, available for less than 24 hours, encompassed a Rust-compiled Windows executable that deployed Cobalt Strike Cat along with several other open-source tools. The attacker appears to have focused on exploiting vulnerabilities in government and commercial entities.…
Read More 
Forescout Research has identified a new ransomware strain, dubbed SuperBlack, linked to the threat actor “Mora_001”, exploiting vulnerabilities in Fortinet devices. This threat actor is connected to the LockBit ransomware ecosystem and demonstrates sophisticated tactics including rapid ransomware deployment, user account creation across victim networks, and the use of modified LockBit tools.…
Read More 
This blog explains how to detect SQL injection vulnerabilities in an Android app’s content provider using Drozer. Content providers manage app data and control access to it, allowing secure interactions with data. The article provides a step-by-step guide for exploiting these vulnerabilities to gain unauthorized access to data.…
Read More 
Trend Research has identified new versions of the Albabat ransomware targeting Windows, Linux, and macOS platforms. The group is utilizing GitHub to facilitate their ransomware operations. Organizations are advised to enhance security protocols and implement preventive measures to mitigate potential ransomware attacks. Affected: Windows, Linux, macOS
Read More Keypoints :
New versions of Albabat ransomware have been discovered, indicating a potential expansion of targets.…
This article discusses a malware that skillfully employs obfuscated VBScript and PowerShell to evade detection and complicate analysis. The attacker uses various obfuscation techniques, including irrelevant comments, time-based delays, and string manipulation, to confuse security analysts. The malware demonstrates a combination of traditional methods with new approaches, highlighting the need for continuous vigilance in cybersecurity.…
Read More 
This article discusses the security risks associated with misconfigured Docker registries, featuring a firsthand account of exploiting such a vulnerability to gain unauthorized access to sensitive data. The author provides a detailed walkthrough on discovering open Docker registries, extracting information from images, and even injecting a backdoored image if the registry permits.…
Read More 
The article discusses a recent investigation by Trustwave SpiderLabs that uncovered a campaign leveraging fake CAPTCHA verifications to execute malicious PowerShell scripts, leading to the deployment of infostealers like Lumma and Vidar. The multi-stage attack involves deceptive prompts to execute commands, downloading HTA files, decrypting payloads, and executing infostealers.…
Read More 
The article discusses the rise of the Extended Internet of Things (XIoT) and its implications for cybersecurity. As connected devices proliferate, they increase automation and innovation while also expanding the attack surface for potential cyber threats. The convergence of IT and XIoT environments necessitates a shift to Zero Trust security models to safeguard critical infrastructure.…
Read More 
The Trend Zero Day Initiative™ (ZDI) has identified a significant exploitation of a Windows .lnk file vulnerability, ZDI-CAN-25373, being misused by both state-sponsored and cybercriminal groups to execute hidden commands on victim machines. The vulnerability has raised serious security concerns across multiple sectors due to widespread attacks.…
Read More Summary: The video discusses the revolutionary concept of Return on Mitigation (ROM) in cybersecurity, presenting it as an alternative to traditional Return on Investment (ROI calculations). It explains how ROM quantifies the financial value of cybersecurity by measuring mitigated losses rather than revenue generation. The presentation highlights research conducted over several months with cybersecurity professionals, showcasing a ROM calculator for practical applications, and emphasizing the importance of reframing cybersecurity investments as essential to business success.…
Read More 
Microsoft Threat Intelligence has revealed that the Chinese espionage group Silk Typhoon is shifting tactics to exploit IT solutions and cloud applications for gaining access to organizations. Despite not directly targeting Microsoft services, they utilize unpatched applications for malicious activities once inside a victim’s network. The article emphasizes the need for awareness and suggests mitigation strategies to defend against this growing threat.…
Read More 
In December 2024, a widespread malvertising campaign was discovered that affected nearly a million devices globally, originating from illegal streaming websites embedded with malicious advertisements. The attack involved a series of redirections leading to GitHub, Dropbox, and Discord, where malware was hosted. This campaign targeted various sectors indiscriminately, highlighting the need for enhanced security measures across devices and networks.…
Read More 
A phishing campaign impersonating Booking.com has been identified targeting organizations within the hospitality sector, particularly in relation to travel. Using the ClickFix social engineering technique, this campaign seeks to steal credentials and engage in financial fraud, affecting various regions including North America and Europe. Affected: hospitality industry, Booking.com…
Read More 
In August 2024, ESET researchers uncovered cyberespionage activities by the MirrorFace APT group targeting a Central European diplomatic institute related to Expo 2025 in Osaka, Japan. This marks the first instance of MirrorFace infiltrating a European entity, showcasing new tactics and tools, including the backdoor ANEL and a customized variant of AsyncRAT.…
Read More 
This report discusses the ongoing exploitation of older VPN vulnerabilities, particularly CVE-2018-13379 and CVE-2022-40684, highlighting how attackers, including cybercriminal and state-sponsored groups, continue to target these flaws for credential theft and administrative control. The research indicates substantial growth in discussions around Fortinet VPN vulnerabilities on cybercriminal forums, illustrating their significance in the current threat landscape.…
Read More