MuddyWater APT has targeted government and private companies since 2017, including critical sectors such as energy, telecommunications, government, and defense. In February 2024, MuddyWater resumed spear-phishing attacks using new techniques. The National Cyber Directorate of Israel attributed the team’s attack toolkit and attack pattern findings to the MuddyWater group in March 2024, following an increase in new attacks.…
Tag: MONITOR
______________________Summary: The blog post analyzes the Linux version of DinodasRAT, a malware used by Chinese-nexus APT threat actors. The Linux version, known as Linodas, has separate development and introduces auxiliary modules with separate configuration files. It focuses on establishing and controlling reverse shells, collecting user activity from logs, and manipulating local file content.…
Open-source software’s adaptive nature ensures its durability, relevance, and compatibility with new technologies.
When I started digging deeper into the open-source cybersecurity ecosystem, I discovered an engaged community of developers working to find practical solutions to many problems, one of them being saving time.
Here are 20 essential open-source cybersecurity tools that are freely available and waiting for you to include them in your arsenal.…
ABSTRACT
Read More This document will help and guide you to start your first threat hunting based on MITRE ATT&CK Tactics.
ReconnaissanceObjective:Identify potential reconnaissance activity on the network
Description:Reconnaissance is an important phase of an attack, where the attacker gathers information about the target system and network.…
____________________ Summary: The XZ Utils Data Compression Library has a vulnerability that impacts multiple Linux distributions. It is recommended to downgrade to an uncompromised version or migrate to updated releases.
Key Points: * The vulnerability, CVE-2024-3094, has a critical severity level. * The vulnerability is a result of a supply chain compromise in versions 5.6.0 and 5.6.1 of XZ Utils.…
Threat Actor: Pharanos Cyber Army (PCA) Victim: Ukrainian Government-Controlled Systems
Information: 🌟 PCA claims to have successfully breached a system operated by private companies and ISPs within Ukraine. 🌟 The Ukrainian government is allegedly engaging in surveillance of its citizens. 🌟 The Ukrainian government may be utilizing the collected data to target and eliminate individuals, falsely implicating Russia or its allies.…
This educational session introduces the concept of Privileged Access Management (PAM), focusing on why securing privileged accounts is crucial in today’s cybersecurity landscape. The session covers the challenges associated with managing privileged accounts, the risks they pose, and how CyberArk, a leader in the PAM solution space, addresses these challenges.…
JPCERT/CC held JSAC2024 on January 25 and 26, 2024. The purpose of this conference is to raise the knowledge and technical level of security analysts, and we aimed to bring them together in one place where they can share technical knowledge related to incident analysis and response.…
Written by: Andrew Oliveau
Over the last several years, the security community has witnessed an uptick in System Center Configuration Manager (SCCM)-related attacks. From extracting network access account (NAA) credentials to deploying malicious applications to targeted devices, SCCM attacks have aided in accomplishing complex objectives and evading existing detections.…
————————————————–
Summary:
The article discusses the potential risks associated with the SqzrFramework480 .NET DLL, which is suspected of containing industrial espionage malware, highlighting the importance of cautious evaluation and auditing of open source packages.
Key Points:
🔍 SqzrFramework480 is a .NET DLL associated with Bozhon Precision Industry Technology Co.,…
Executive SummaryImpersonating North Korea-related questionnaires, manuscript materials, security columns, contributions, monthly magazines, etc.Delivered by hiding an LNK type malicious file inside a ZIP compressed fileExploiting cloud storage such as DropBox, pCloud, etc. as a base for attackAPT37 group’s ongoing RoKRAT fileless attacksEarly detection of LNK and PowerShell stages with Genian EDR1.…
Read More Thousands of publicly exposed Ray servers compromised as a result of Shadow Vulnerability
TL;DRThe Oligo research team has recently discovered an active attack campaign targeting a vulnerability in Ray, a widely used open-source AI framework. Thousands of companies and servers running AI infrastructure are exposed to the attack through a critical vulnerability that is under dispute and thus has no patch.…
The Brazilian financial sector is facing a formidable cyber threat known as CHAVECLOAK, a banking trojan that has emerged as a significant menace. This sophisticated malware is designed to breach security measures and extract sensitive financial information from potential victims.
An AI illustration of the CHAVECLOAK campaign
The CHAVECLOAK banking trojan primarily affects Microsoft Windows platforms and targets it’s users, especially those residing in Brazil.…
Article Summary: 🔒 Giant Tiger, a discount retailer, experienced a security breach involving customer information. 📧 The compromised data included names, emails, phone numbers, and addresses of customers. 🛡️ Giant Tiger is working to resolve the issue and has hired cybersecurity experts for an independent investigation.…
Executive Summary
Read More The Black Lotus Labs team at Lumen Technologies has identified a multi-year campaign targeting end-of-life (EoL) small home/small office (SOHO) routers and IoT devices, associated with an updated version of “TheMoon” malware. TheMoon, which emerged in 2014, has been operating quietly while growing to over 40,000 bots from 88 countries in January and February of 2024.…
Article Summary: – 🛡️ An attack campaign targeted the software supply chain, exploiting multiple victims, including the Top.gg GitHub organization and individual developers. – 🕵️♂️ Threat actors used various techniques like account takeover, contributing malicious code, setting up a fake Python mirror, and publishing malicious packages.…
Article Summary : 🔹 APT29, a Russian hacking group linked to SVR, is targeting political parties in Germany with phishing attacks. 🔹 The group is using a backdoor malware named WineLoader to gain remote access to compromised devices. 🔹 WineLoader has been used in previous attacks by APT29 and features encrypted communication with a C2 server.…
Introduction
Read More To enhance our threat intelligence, improve detection and identify new threats, Sekoia analysts engage in continuous hunting to address the main threats affecting our customers. For this, we proactively search and identify emerging threats, using our telemetry data, internal tools and external services.
In October 2023, our daily threat hunting routine led us to uncover a new Adversary-in-The-Middle (AiTM) phishing kit allegedly used by multiple threat actors to carry out widespread and effective attacks.…
Tenable Research discovered a one-click account takeover vulnerability in the AWS Managed Workflows Apache Airflow service that could have allowed full takeover of a victim’s web management panel of the Airflow instance. The discovery of this now-resolved vulnerability reveals a broader problem of misconfigured shared-parent domains that puts customers of major CSPs at risk.…
As AI gets baked into enterprise tech stacks, AI applications are becoming prime targets for cyber attacks. In response, many cybersecurity teams are adapting existing cybersecurity practices to mitigate these new threats. One such practice measure is red teaming: the effort to expose weaknesses in a system and develop responses to found threats by playing the role of the enemy.…