Summary: A recently patched vulnerability in OpenAI’s ChatGPT app for macOS, known as SpAIware, could have allowed attackers to implant persistent spyware in the app’s memory, facilitating continuous data exfiltration. …
Tag: large
Threat Actor: SiegedSec | SiegedSec Victim: Telecom Company | Telecom Company Price: Unknown Exfiltrated Data Type: Sensitive Data
Key Points :
A key member of SiegedSec, known by the alias…Short Summary:
This report by CYFIRMA investigates the infrastructure of the APT group “Transparent Tribe,” identifying command-and-control (C2) servers linked to the group. The investigation reveals the use of Mythic …
RNN Summary
Short SummaryThe video discusses Recurrent Neural Networks (RNNs), a type of neural network designed to process sequences of data. RNNs utilize loops to incorporate information from previous …
Short Summary:
In the first half of 2024, Darktrace Threat Research observed multiple cyber attack campaigns targeting vulnerabilities in internet-facing systems, particularly focusing on Fortinet’s FortiClient EMS. A critical SQL …
Summary: Attackers are leveraging a new post-exploitation tool named Splinter to execute various malicious activities within compromised IT environments, including file theft and malware deployment. Despite being less advanced than …
Summary: A critical security flaw (CVE-2024-7490) in the Microchip Advanced Software Framework (ASF) could allow remote code execution due to a stack-based overflow vulnerability. Additionally, a severe zero-click vulnerability (CVE-2024-20017) …
Stream Summary
Summary of the StreamThe video discusses the PE file format, describing its structure and how it can be analyzed. The presenter shares insights from their vacation and …
Short Summary: Microsoft has reported a multi-staged attack by the threat actor Storm-0501, targeting hybrid cloud environments in various sectors across the U.S. The group, financially motivated, has been active…
Read More
Short Summary: This report analyzes the overlapping tactics, techniques, and procedures (TTPs) of two hacktivist groups, BlackJack and Twelve, which target Russian organizations. Both groups utilize similar malware and tools,…
Read More
Short Summary:
The article investigates the Sniper Dz phishing-as-a-service (PhaaS) platform, which has gained popularity among phishers targeting social media and online services. Over the past year, more than 140,000 …
Video Summary and Key Points
Summary of AFL Plus+ Fuzzing OverviewThis video provides an overview of using AFL Plus+ for fuzz testing, with the presenter sharing personal experiences while …
Large Language Models Discussion Summary
Summary of the Discussion on Large Language ModelsThe discussion centers around the capabilities and security concerns of large language models, specifically ChatGPT. The speaker …
Short Summary:
A new cryptojacking campaign has been discovered, targeting Docker Engine API and capable of lateral movement to Docker Swarm, Kubernetes, and SSH servers. The threat actor utilizes Docker …
Short Summary
Read More
Threat analysts are monitoring a Russian-linked threat actor deploying domains for crypto scams targeting the US Presidential Election and major US tech brands. The scams promise fake cryptocurrency …
Short Summary
Read More
The video discusses how to pick an enterprise-grade foundation model, particularly focusing on IBM’s Granite Foundation models. It emphasizes evaluating models based on performance, cost-effectiveness, and trustworthiness, highlighting …
Threat Actor: Unknown | unknown Victim: China Natural Gas Group | China Natural Gas Group Price: Available for sale on dark web Exfiltrated Data Type: Personal information, ID cards
Key …
Short Summary:
The article discusses the emergence of the Necro Trojan, which has infected various popular applications, including modified versions and those available on Google Play. The Trojan employs advanced …
Victim: savannahcandy.com Country : US Actor: ransomhub Source: http://ransomxifxwc5eteopdobynonjctkxxvap77yqifu2emfbecgbqdw6qd.onion/c8de2573-68c7-47ae-bb00-3a7d3d858392/ Discovered: 2024-09-21 14:36:42.724735 Published: 2024-09-21 12:45:05.000000 Description : Savannah Candy Kitchen, found at savannahcandy.com, is renowned for its Southern confections, particularly …
Video Summary and Key Points
Video SummaryThe video discusses a self-penetration test being conducted by the host, highlighting various tools and techniques used in ethical hacking. The host shares …
Summary: Recent research from Datadog Security Labs highlights a security vulnerability in Microsoft Entra ID, where administrative units (AUs) can be exploited by attackers to create persistent backdoor access within …
Victim: Omega Industries Country : US Actor: play Source: http://k7kg3jqxang3wh7hnmaiokchk7qoebupfgoik6rha6mjpzwupwtj25yd.onion/topic.php?id=cO2MInMpVbOwZo Discovered: 2024-09-20 23:41:11.980116 Published: 2024-09-20 23:41:11.122181 Description : United States
Ransomware Victims – ALL Other Victims by play
Victim: Omega…Victim: Messe C Country : DK Actor: play Source: http://k7kg3jqxang3wh7hnmaiokchk7qoebupfgoik6rha6mjpzwupwtj25yd.onion/topic.php?id=IY58xXG5w9oWqN Discovered: 2024-09-20 23:47:15.226223 Published: 2024-09-20 23:47:14.834012 Description : Denmark
Ransomware Victims – ALL Other Victims by play
Ransomware Activity Overview…
Short Summary: The article discusses the cyber activities of a group known as Twelve, formed in April 2023 amid the Russian-Ukrainian conflict. They specialize in encrypting and deleting victims’ data,…
Read More
Summary: Cybersecurity researchers at Darktrace have reported on the exploitation of Fortinet’s FortiClient Endpoint Management Server (EMS) through a critical SQL injection vulnerability (CVE-2023-48788), allowing attackers to gain unauthorized access …
Summary: Researchers from Lumen’s Black Lotus Labs have identified a new botnet named Raptor Train, primarily composed of compromised SOHO and IoT devices, believed to be controlled by the China-linked …
Summary
Read More
The discussion revolves around the advancements in AI models, particularly focusing on the newly released model “Strawberry” with enhanced reasoning capabilities through chain of thought and reinforcement learning. The …
Threat Actor: Deathnote Hackers | Deathnote Hackers Victim: Villar Group of Companies | Villar Group of Companies Price: N/A Exfiltrated Data Type: Sensitive personal and corporate information
Key Points : …
Short Summary:
Medusa is a Ransomware-as-a-Service (RaaS) targeting Windows environments, active since June 2021. It gained attention in early 2023 with the launch of its Dedicated Leak Site. Medusa spreads …
Victim: Sunrise Farms Country : CA Actor: fog Source: http://xbkv2qey6u3gd3qxcojynrt4h5sgrhkar6whuo74wo63hijnn677jnyd.onion/posts/66ec5ad9ffa6d0708588b6ba/ Discovered: 2024-09-19 17:58:39.433800 Published: 2024-09-19 17:58:38.513760 Description : 30 GB
Ransomware Victims – ALL Other Victims by fog
Ransomware Gang …
Victim: palmfs.com Country : US Actor: ElDorado Source: Discovered: 2024-09-19 19:46:48.160274 Published: 2024-09-19 19:46:46.148402 Description : Palmfs.com is a company specializing in advanced data storage solutions. It offers innovative file …
Short Summary
Read More
The SonicWall Capture Labs threat research team has identified a critical zero-click vulnerability, CVE-2024-20017, affecting MediaTek Wi-Fi chipsets. This vulnerability allows remote code execution without user interaction and …
Summary: Microsoft has identified a financially motivated threat actor named Vanilla Tempest, which is using a ransomware strain called INC to target the U.S. healthcare sector for the first time. …
Threat Actor: Handala | Handala Victim: Israeli Industrial Batteries (IIB) | Israeli Industrial Batteries (IIB) Price: Not specified Exfiltrated Data Type: 6 TB of sensitive data
Key Points :
Handala…Short Summary:
This article discusses the discovery of a new post-exploitation red team tool called Splinter, identified on customer systems through Advanced WildFire’s memory scanning tools. It highlights the importance …
Summary: Ransomware gangs like BianLian and Rhysida are increasingly utilizing Microsoft’s Azure Storage Explorer and AzCopy to exfiltrate data from compromised networks and store it in Azure Blob storage. This …
Threat Actor: LinkedIn | LinkedIn Victim: Users | LinkedIn users Price: N/A Exfiltrated Data Type: User-generated content
Key Points :
LinkedIn updated its privacy policy to include user data collection…Threat Actor: Unknown | unknown Victim: Major Chinese Oil Company | Major Chinese Oil Company Price: Not disclosed Exfiltrated Data Type: Personal and corporate information
Key Points :
A threat…
Short Summary: The article discusses the rise of LLMjacking, where attackers exploit compromised credentials to access and misuse large language models (LLMs). It highlights the increasing frequency of attacks, the…
Read More
Victim: Compass Group Country : AU Actor: medusa Source: http://cx5u7zxbvrfyoj6ughw76oa264ucuuizmmzypwum6ear7pct4yc723qd.onion/detail?id=6b45979ab21db21d5520812322c8c35a Discovered: 2024-09-18 13:58:43.957138 Published: 2024-09-17 09:15:45.000000 Description : Compass Group is Australia, ’s largest food and support services company driving. …
Short Summary
Read More
The Summer Intelligence Insights report by Securonix Threat Labs highlights significant cyber threats identified over the last three months, including phishing campaigns, cyber-espionage efforts, and ransomware attacks. The …
Short Summary:
Darktrace’s Threat Research team observed multiple cyber attacks exploiting vulnerabilities in internet-facing systems, particularly focusing on the critical SQL injection vulnerability (CVE-2023-48788) in FortiClient EMS. This vulnerability allows…
Read More
Threat Actor: Unknown | unknown Victim: DATASUS and DETRAN | DATASUS and DETRAN Price: Not disclosed Exfiltrated Data Type: Personal details, vehicle information
Key Points :
Over 185 million records…Short Summary:
In May 2024, a targeted cyber campaign was detected in Italy, utilizing a new Remote Access Trojan (RAT) named SambaSpy. The campaign featured a sophisticated infection chain that …
Summary: A Chinese national, Wu Song, has been indicted for a phishing campaign targeting U.S. academics and engineers to steal software developed for NASA, which could have military applications. The …
Short Summary:
The article discusses the sophisticated cyber operations conducted by DPRK-affiliated threat groups, particularly focusing on their use of social engineering tactics and Python programming for initial access to …
Short Summary
Read More
In mid-2023, Black Lotus Labs uncovered a significant botnet named “Raptor Train,” believed to be operated by the Chinese threat actors known as Flax Typhoon. This botnet has …
Summary: Strider Technologies, a strategic intelligence startup, has raised $55 million in Series C funding to enhance its AI-driven intelligence services, particularly for government and international sectors. The investment aims …
Summary: A Russian media outlet, RT, is accused of conducting covert influence operations globally, supported by a cyber unit linked to Russian intelligence, which aids in military procurement and information …
Short Summary: In August 2024, a series of cyber attacks, primarily by the RansomHub group, targeted various industries, including airport services and financial institutions, exposing personal data of millions and…
Read More