Key findings:The group is targeting various countries around the world in addition to its priority region of Latin America.It uses long chains that incorporate a variety of tools and malware: AgentTesla, FormBook, Remcos, LokiBot, Formbook, Guloader, SnakeKeylogger, XWorm, and others.The group uses compromised legitimate FTP servers for C2, and SMTP servers, for C2 and phishing.…
Read More Tag: MONITOR
Summary: The World Cybercrime Index reveals that Russia is the top hub for digital threat actors and the most significant source of global cybercrime, followed by Ukraine, China, the United States, Nigeria, and Romania.
Threat Actor: Russia, Ukraine, China, United States, Nigeria, Romania
Victim: N/A
Key Point:
Russia is the most significant source of global cybercrime and serves as the top hub for digital threat actors worldwide.…Summary: Test files associated with the XZ Utils backdoor have been found in the Rust crate liblzma-sys, which has been downloaded over 21,000 times. The backdoor was discovered in late March and allowed for remote code execution through manipulation of the Secure Shell Daemon (sshd).
Threat Actor: Unknown | Unknown Victim: Rust developers using the liblzma-sys crate | liblzma-sys
Key Point :
Test files associated with the XZ Utils backdoor were found in the liblzma-sys crate, which has been downloaded over 21,000 times.…AhnLab SEcurity intelligence Center (ASEC) has recently identified the distribution of a modified version of “mimeTools.dll”, a default Notepad++ plug-in. The malicious mimeTools.dll file in question was included in the package installation file of a certain version of the Notepad++ package and disguised as a legitimate package file.…
This post is also available in: 日本語 (Japanese)
Executive SummaryThis threat brief is frequently updated as new threat intelligence is available for us to share. The full update log is at the end of this post and offers the fullest account of all changes made.…
Threat Actor: Credential Stuffing Attackers | Credential Stuffing Attackers Victim: Roku | Roku Price: N/A Exfiltrated Data Type: User account information
Additional Information :
Roku announced that 576,000 accounts were hacked in credential stuffing attacks. Threat actors used credentials stolen from third-party platforms. Unauthorized actors accessed around 15,000 user accounts in the first security breach.…On March 29, 2024, a single message on the Openwall OSS-security mailing list marked an important discovery for the information security, open source and Linux communities: the discovery of a malicious backdoor in XZ. XZ is a compression utility integrated into many popular distributions of Linux.…
A Virtual Private Network (VPN) is a technology that creates a secure and encrypted connection over a less secure network, such as the internet. It allows users to send and receive data across shared or public networks as if their computing devices were directly connected to a private network.…
Phishing is one of the most common and effective cyberattack vectors that threat actors use to compromise email accounts, steal sensitive data, and deliver malware. Recently, we have observed a new trend in phishing campaigns that leverage QR codes embedded in emails to evade detection and trick users into visiting malicious links.…
A proxy server is an intermediary system that sits between end users and the websites or services they access online. It provides functions like web filtering, enhanced security, and data caching to improve network performance. Proxies also help in masking user IP addresses, enabling anonymous web browsing and managing internet usage within an organization.…
By Securonix Threat Research: D. Iuzvyk, T. Peck, O. Kolesnikov
Read More tldr: In this article, we take a deeper dive into a prevalent “DLL sideloading” attack technique we’ve been observing in real-world attacks, including many of those we discovered, to understand its variations, how it works, and how we can detect it.…
Summary: This content provides a list of security vulnerabilities and their severity levels in various Microsoft products and services.
Threat Actor: N/A
Victim: N/A
Key Point:
The content highlights multiple security vulnerabilities in Microsoft products and services, including .NET and Visual Studio, Azure, Azure AI Search, Azure Arc, Azure Compute Gallery, Azure Migrate, Azure Monitor, Azure Private 5G Core, Azure SDK, Intel, Internet Shortcut Files, Mariner, Microsoft Azure Kubernetes Service, Microsoft Brokering File System, Microsoft Defender for IoT, Microsoft Edge (Chromium-based), Microsoft Install Service, Microsoft Office Excel, Microsoft Office Outlook, Microsoft Office SharePoint, Microsoft WDAC ODBC Driver, Microsoft WDAC OLE DB provider for SQL, Role: DNS Server, Role: Windows Hyper-V, SQL Server, Windows Authentication Methods, Windows BitLocker, Windows Compressed Folder, Windows Cryptographic Services, Windows Defender Credential Guard, Windows DHCP Server, Windows Distributed File System (DFS), Windows DWM Core Library, Windows File Server Resource Management Service, Windows HTTP.sys,…Safeguarding sensitive data, maintaining brand reputation, and cultivating customer trust pose continuous challenges for enterprise organizations. However, the dark web, a hidden corner of the internet, poses unique challenges for cybersecurity professionals. Criminal activities such as the sale of stolen credentials and plans for targeted attacks thrive in this dark section of the internet.…
Summary: Varonis Threat Labs discovered two techniques in SharePoint that allow users to circumvent audit logs and avoid triggering download events while exfiltrating files. These techniques can bypass traditional security tools and hide data exfiltration activities from detection.
Threat Actor: N/A
Victim: N/A
Key Points:
Technique #1: Open in App Method: This technique uses the “open in app” feature in SharePoint to access and download files while only leaving an access event in the file’s audit log.…Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats within minutes.
We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.…
In December 2023, Sophos X-Ops received a report of a false positive detection on an executable signed by a valid Microsoft Hardware Publisher Certificate. However, the version info for the supposedly clean file looked a little suspicious.
Figure 1: Version info of the detected file. Note the typos ‘Copyrigth’ and ‘rigths’
The file’s metadata indicates that it is a “Catalog Authentication Client Service” by “Catalog Thales ” – possibly an attempt to impersonate the legitimate company Thales Group.…
Summary: The U.S. Department of Health and Human Services (HHS) has warned that hackers are using social engineering tactics to target IT help desks in the Healthcare and Public Health sector, allowing them to gain access to organizations’ systems and carry out business email compromise attacks.…
Summary: MPs in the UK have been targeted in a spear-phishing attack, potentially compromising parliament’s security.
Threat Actor: Unknown | Unknown Victim: UK Parliament | UK Parliament
Key Point :
A police investigation has been launched after MPs received unsolicited messages, potentially indicating a spear-phishing attack.…Date Reported: 2024-02-17 Country: USA Victim: Otolaryngology Associates (OA) | otolaryn.com Additional Information :
Otolaryngology Associates (OA) was targeted in a cyberattack on February 17, 2024. Although the medical records system was not compromised, it is believed that data may have been exfiltrated. The stolen information includes billing data and, for some individuals, sensitive information such as social security numbers and bank details.…Date Reported: 2024-02-29 Country: Sweden Victim: Mediplast | mediplast.se Additional Information:
The Swedish medical equipment supplier, Mediplast, has fallen victim to a cyberattack. The attack has affected the delivery of essential products used in surgical operations in the Västerbotten region. The region has declared a state of emergency to monitor the situation and is considering alternative suppliers.…