Lazarus APT, a sophisticated Korean-speaking threat actor, has been using its backdoor malware Manuscrypt since 2013 in numerous campaigns targeting various sectors. A recent incident involved a zero-day …
Tag: medium
Short Summary:
ESET researchers have uncovered new Rust-based tools associated with the Embargo ransomware, first detected in June 2024. The toolkit includes MDeployer, a malicious loader, and MS4Killer, an EDR …
Short Summary
Read More
Grandoreiro is a Brazilian banking trojan that has been active since at least 2016. It enables threat actors to perform fraudulent banking operations by bypassing security measures of …
Short Summary
Read More
Information stealers are malicious software used to collect sensitive data, particularly credentials, which are then sold on the dark web or used for further cyberattacks. In 2023, nearly …
Video Summary
Video SummaryThe video discusses the development progress of a command-based agent for a project called “me2 Legend.” It highlights recent achievements, including the implementation of various commands …
Summary: Microsoft has identified a macOS vulnerability, known as “HM Surf,” which allows attackers to bypass the Transparency, Consent, and Control (TCC) protections, potentially leading to unauthorized access to sensitive …
Short Summary:
The article discusses the activities of a new ransomware group dubbed “Crypt Ghouls,” which targets Russian businesses and government agencies. The group employs various tactics, techniques, and procedures …
Short Summary
Read More
IBM X-Force has identified Hive0147 as a prominent threat actor in the Latin American cyber landscape, particularly focusing on phishing and malware distribution. Recently, they have introduced a …
Short Summary: In May 2024, a new social engineering tactic named ClickFix was identified, which utilizes fake error messages to trick users into executing malicious PowerShell code. This tactic has…
Read More
Short Summary: The FBI, CISA, NSA, CSE, AFP, and ASD’s ACSC have issued a Cybersecurity Advisory regarding Iranian cyber actors employing brute force techniques to compromise critical infrastructure sectors. These…
Read More
Summary: The report details a surge in “Lumma Stealer” malware deployments facilitated by the “HijackLoader” loader, particularly highlighting the use of signed malware samples that evade traditional detection methods. The …
Victim: Ultimate Removal Country : US Actor: medusa Source: http://cx5u7zxbvrfyoj6ughw76oa264ucuuizmmzypwum6ear7pct4yc723qd.onion/detail?id=a07776d0c8af47bc6765fafdae79b688 Discovered: 2024-10-15 14:00:04.893895 Published: 2024-10-15 11:20:16.000000 Description : Ultimate Removal, Inc. is a demolition contractor in the tenant improvement niche …
Summary: NCC Group experts revealed critical zero-day vulnerabilities in Phoenix Contact EV chargers at the 44CON conference, demonstrating significant cybersecurity risks associated with electric vehicle charging infrastructure. The researchers exploited …
Summary: GitHub has issued security updates for GitHub Enterprise Server to fix two vulnerabilities, including a critical flaw that could allow attackers to bypass authentication. The most severe vulnerability, CVE-2024-9487, …
Short Summary: SideWinder, also known as T-APT-04 or RattleSnake, is a prominent APT group that has been active since 2012, primarily targeting military and government entities in South and Southeast…
Read More
Short Summary: FortiGuard Labs has reported on a critical security incident involving the exploitation of three vulnerabilities in the Ivanti Cloud Services Appliance (CSA). The attack involved chaining zero-day vulnerabilities…
Read More
Video Summary
SummaryThe video discusses the importance of custom development in the Recon phase of information gathering. It emphasizes how creating tailored modules and tools can enhance the process …
Victim: trulysmall.com Country : CA Actor: ransomhub Source: http://ransomxifxwc5eteopdobynonjctkxxvap77yqifu2emfbecgbqdw6qd.onion/c32b0905-35c9-4867-a0c9-4e7f4bb75849/ Discovered: 2024-10-08 07:02:30.735665 Published: 2024-10-07 12:53:01.000000 Description : Trulysmall.com is a company that focuses on providing simple and efficient accounting software …
Short Summary
Read More
FortiGuard Labs reported on a critical security incident involving the Ivanti Cloud Services Appliance (CSA), where an advanced adversary exploited multiple vulnerabilities, including CVE-2024-8190, to gain unauthorized access …
Short Summary:
Since mid-September 2024, there has been a notable rise in the deployment of “Lumma Stealer” malware through the “HijackLoader” malicious loader. A significant detection occurred on October 2, …
Threat Actor: Unknown | unknown Victim: Detsky Mir Group | Detsky Mir Group Price: Not disclosed Exfiltrated Data Type: Personal data (names, emails, phone numbers, user agents, dates)
Key Points …
Short Summary
Read More
Unit 42 has identified ongoing malicious activities by North Korean threat actors, known as the CL-STA-240 Contagious Interview campaign. These actors pose as recruiters to lure job seekers …
Summary: ESET researchers have uncovered a sophisticated cyberespionage campaign by the APT group GoldenJackal, targeting air-gapped systems within governmental organizations in Europe. This blogpost details previously undocumented tools used by …
Summary: Cisco Talos has identified a financially motivated threat actor, active since 2022, that has been deploying a variant of MedusaLocker ransomware known as “BabyLockerKZ.” This group has shifted its …
Short Summary:
ESET researchers have uncovered a series of cyberespionage attacks attributed to the APT group GoldenJackal, targeting governmental organizations in Europe. The group has utilized sophisticated tools to compromise …
Short Summary
Read More
The article discusses a new campaign by the APT group Awaken Likho, targeting Russian government agencies and industrial enterprises. The group has shifted its tactics, now utilizing the …
Summary: Cisco has issued a security advisory regarding multiple vulnerabilities in its Small Business RV340 series routers, which could allow remote attackers to escalate privileges and execute arbitrary commands. These …
Summary of Pointers in C/C++
Short SummaryThe video discusses the importance of pointers in programming languages such as C and C++. It highlights how pointers allow direct memory manipulation, …
Video Summary
SummaryThe video discusses the importance of development in enhancing skills for penetration testing. It highlights how proficiency in development can aid in various phases of testing, from …
Victim: Guerriere & Halnon Country : US Actor: play Source: http://k7kg3jqxang3wh7hnmaiokchk7qoebupfgoik6rha6mjpzwupwtj25yd.onion/topic.php?id=0pWSwOhnl7Ae1L Discovered: 2024-10-04 22:40:03.776520 Published: 2024-10-04 22:38:02.726189 Description : United States
Ransomware Victims – ALL Other Victims by play
Ransomware …
Victim: Pete’s Road Service Country : US Actor: play Source: http://k7kg3jqxang3wh7hnmaiokchk7qoebupfgoik6rha6mjpzwupwtj25yd.onion/topic.php?id=FcBg2dAvzRwMHz Discovered: 2024-10-04 21:07:09.214142 Published: 2024-10-04 21:05:07.370913 Description : United States
Ransomware Victims – ALL Other Victims by play
Ransomware …
Short Summary: In a recent malware campaign targeting Russian-speaking users, attackers have been using unconventional methods to mine cryptocurrency on victims’ devices without consent. They exploit popular software download sites,…
Read More
Victim: McGaughey & Keaney CPAs Country : US Actor: qilin Source: http://kbsqoivihgdmwczmxkbovk7ss2dcynitwhhfu5yw725dboqo5kthfaad.onion/site/view?uuid=c11c3d1a-5ff5-3b5a-ae1a-6c9a82646fd3 Discovered: 2024-10-04 10:45:31.261110 Published: 2024-09-23 00:00:00.000000 Description : McGaughey & Keaney CPAs is a company that operates in …
Video Summary
Video SummaryThe video discusses the importance of exploiting vulnerabilities within a company’s structure and how advancing through various activities can lead to control over administrative domains. It …
Short Summary:
The “Vilsa Stealer” is a newly identified malware discovered on GitHub, known for its efficiency in extracting sensitive data from various applications. It targets browser credentials, crypto wallets, …
Short Summary:
Cisco Talos has identified a financially motivated threat actor, active since 2022, distributing a MedusaLocker ransomware variant named “BabyLockerKZ.” The actor has targeted organizations globally, with a notable …
Summary: DrayTek has patched 14 vulnerabilities across 24 router models, including critical flaws that could lead to remote code execution (RCE) or denial-of-service (DoS). The vulnerabilities were discovered by Forescout …
Short Summary
Read More
This article discusses a sophisticated phishing campaign that utilizes HTML smuggling techniques to deliver malicious payloads. The campaign involves multiple stages of obfuscation and deception, including the use …
Short Summary
Read More
The article discusses the critical role of machine learning (ML) in analyzing cybersecurity logs to enhance threat detection capabilities. It highlights Kaspersky’s experience in utilizing ML algorithms, particularly …
Video Summary
Short SummaryThe video discusses the development of a Mythic C2 agent, focusing on the implementation of task management, command execution, and improvements in code functionality. The narrator …
Short Summary:
Key Group, also known as keygroup777, is a financially motivated ransomware group that primarily targets Russian users. They utilize various ransomware builders, including Chaos and Annabelle, and communicate …
Victim: Keller Williams Realty Group Country : US Actor: qilin Source: http://kbsqoivihgdmwczmxkbovk7ss2dcynitwhhfu5yw725dboqo5kthfaad.onion/site/view?uuid=d0623bd7-5087-3b61-94c3-39825e481842 Discovered: 2024-09-30 16:06:28.703916 Published: 2024-09-30 00:00:00.000000 Description : Keller Williams Realty Group is a company that operates in …
Victim: TOTVS Country : BR Actor: blackbyte Source: Discovered: 2024-09-30 17:29:23.253995 Published: 2024-09-30 17:29:20.838350 Description : TOTVS is a prominent Brazilian software company specializing in enterprise resource planning (ERP) solutions. …
Victim: decalesp.com Country : ES Actor: blacksuit Source: http://weg7sdx54bevnvulapqu6bpzwztryeflq3s23tegbmnhkbpqz637f2yd.onion/?id=rOAahCwH8TuMXr8M Discovered: 2024-09-30 12:32:47.464555 Published: 2024-09-30 12:32:45.073892 Description : Decalesp.com is a company specializing in high-quality decals and stickers for various applications. …
Summary: Microsoft has reported a multi-staged attack by the threat actor Storm-0501, which compromised hybrid cloud environments leading to data exfiltration, credential theft, and ransomware deployment across various sectors in …
Video Summary and Key Points
Video SummaryThe video discusses the fundamental concepts of coding, particularly focusing on basic data types and workflows in programming. It introduces key variable types …
Short Summary:
Read More
The Patchwork APT group has launched a sophisticated campaign targeting Chinese entities and Bhutan, utilizing a malicious LNK file to initiate infections. The campaign employs DLL sideloading techniques …
Short Summary: Microsoft has reported a multi-staged attack by the threat actor Storm-0501, targeting hybrid cloud environments in various sectors across the U.S. The group, financially motivated, has been active…
Read More
Short Summary: This report analyzes the overlapping tactics, techniques, and procedures (TTPs) of two hacktivist groups, BlackJack and Twelve, which target Russian organizations. Both groups utilize similar malware and tools,…
Read More
Victim: Bogdan Frasco, LLP Country : US Actor: cicada3301 Source: http://cicadabv7vicyvgz5khl7v2x5yygcgow7ryy6yppwmxii4eoobdaztqd.onion/2tu8mj3lvbtdhn7t1zu1m4wx2u12ja7a Discovered: 2024-09-24 23:08:55.426527 Published: 2024-09-15 00:00:00.000000 Description : We offer a wide range of tax and accounting services focusing …