MuddyWater APT has targeted government and private companies since 2017, including critical sectors such as energy, telecommunications, government, and defense. In February 2024, MuddyWater resumed spear-phishing attacks using new techniques. The National Cyber Directorate of Israel attributed the team’s attack toolkit and attack pattern findings to the MuddyWater group in March 2024, following an increase in new attacks.…

Read More

______________________Summary: The blog post analyzes the Linux version of DinodasRAT, a malware used by Chinese-nexus APT threat actors. The Linux version, known as Linodas, has separate development and introduces auxiliary modules with separate configuration files. It focuses on establishing and controlling reverse shells, collecting user activity from logs, and manipulating local file content.…

Read More

Open-source software’s adaptive nature ensures its durability, relevance, and compatibility with new technologies.

When I started digging deeper into the open-source cybersecurity ecosystem, I discovered an engaged community of developers working to find practical solutions to many problems, one of them being saving time.

Here are 20 essential open-source cybersecurity tools that are freely available and waiting for you to include them in your arsenal.…

Read More

____________________ Summary: The XZ Utils Data Compression Library has a vulnerability that impacts multiple Linux distributions. It is recommended to downgrade to an uncompromised version or migrate to updated releases.

Key Points: * The vulnerability, CVE-2024-3094, has a critical severity level. * The vulnerability is a result of a supply chain compromise in versions 5.6.0 and 5.6.1 of XZ Utils.…

Read More

Threat Actor: Pharanos Cyber Army (PCA) Victim: Ukrainian Government-Controlled Systems

Information: 🌟 PCA claims to have successfully breached a system operated by private companies and ISPs within Ukraine. 🌟 The Ukrainian government is allegedly engaging in surveillance of its citizens. 🌟 The Ukrainian government may be utilizing the collected data to target and eliminate individuals, falsely implicating Russia or its allies.…

Read More

————————————————–

Summary:

The article discusses the potential risks associated with the SqzrFramework480 .NET DLL, which is suspected of containing industrial espionage malware, highlighting the importance of cautious evaluation and auditing of open source packages.

Key Points:

🔍 SqzrFramework480 is a .NET DLL associated with Bozhon Precision Industry Technology Co.,…

Read More
Executive SummaryImpersonating North Korea-related questionnaires, manuscript materials, security columns, contributions, monthly magazines, etc.Delivered by hiding an LNK type malicious file inside a ZIP compressed fileExploiting cloud storage such as DropBox, pCloud, etc. as a base for attackAPT37 group’s ongoing RoKRAT fileless attacksEarly detection of LNK and PowerShell stages with Genian EDR1.…
Read More

Thousands of publicly exposed Ray servers compromised as a result of Shadow Vulnerability

TL;DR

The Oligo research team has recently discovered an active attack campaign targeting a vulnerability in Ray, a widely used open-source AI framework. Thousands of companies and servers running AI infrastructure are exposed to the attack through a critical vulnerability that is under dispute and thus has no patch.…

Read More

The Brazilian financial sector is facing a formidable cyber threat known as CHAVECLOAK, a banking trojan that has emerged as a significant menace. This sophisticated malware is designed to breach security measures and extract sensitive financial information from potential victims.

An AI illustration of the CHAVECLOAK campaign

The CHAVECLOAK banking trojan primarily affects Microsoft Windows platforms and targets it’s users, especially those residing in Brazil.…

Read More

Article Summary: 🔒 Giant Tiger, a discount retailer, experienced a security breach involving customer information. 📧 The compromised data included names, emails, phone numbers, and addresses of customers. 🛡️ Giant Tiger is working to resolve the issue and has hired cybersecurity experts for an independent investigation.…

Read More
Introduction

To enhance our threat intelligence, improve detection and identify new threats, Sekoia analysts engage in continuous hunting to address the main threats affecting our customers. For this, we proactively search and identify emerging threats, using our telemetry data, internal tools and external services.

In October 2023, our daily threat hunting routine led us to uncover a new Adversary-in-The-Middle (AiTM) phishing kit allegedly used by multiple threat actors to carry out widespread and effective attacks.…

Read More

Tenable Research discovered a one-click account takeover vulnerability in the AWS Managed Workflows Apache Airflow service that could have allowed full takeover of a victim’s web management panel of the Airflow instance. The discovery of this now-resolved vulnerability reveals a broader problem of misconfigured shared-parent domains that puts customers of major CSPs at risk.…

Read More