Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
Throughout 2023, Sekoia.io’s Threat Detection & Research (TDR) team actively tracked and monitored adversary C2 infrastructures set up and used by lucrative and state-sponsored intrusion sets to carry out malicious cyber activities.
Our analysts identified more than 85,000 IP addresses used as C2 servers in 2023, an increase of more than 30% compared to 2022.…
The recent identification of CVE-2024-23897 in Jenkins versions up to 2.441 has significantly heightened concerns within the cybersecurity community, particularly focusing on the implications for public-facing Jenkins servers. Jenkins servers are important for many organizations as they are used in continuous integration/continuous deployment (CI/CD) pipelines, automating stages of software development and deployment.…
February 1, 2024
Stately Taurus Continued – New Information on Cyberespionage Attacks against Myanmar Military JuntaOn January 23rd, CSIRT-CTI published a blogpost describing a pair of campaigns believed to be launched by Stately Taurus (alias Bronze President, Camaro Dragon, Earth Preta, Mustang Panda, Red Delta, TEMP.Hex…
This post is also available in: 日本語 (Japanese)
Executive SummaryThe ransomware landscape experienced significant transformations and challenges in 2023. The year saw a 49% increase in victims reported by ransomware leak sites, with a total of 3,998 posts from various ransomware groups.
What drove this surge of activity?…
On February 2, 2024, AnyDesk, a popular remote desktop software provider, announced that it had fallen victim to a cyberattack that compromised its production systems. The breach, orchestrated by malicious actors, has far-reaching implications for AnyDesk customers.
The incident came to light when AnyDesk released a public statement about possible security breaches on some of its systems.…
Key Points
Attackers often utilize Telegram bots to extract victims’ data. Monitoring an attacker’s communication can provide valuable information. It is possible to forward messages from an attacker’s bot to your own Telegram account.It is not uncommon for attackers to publish malicious packages that exfiltrate victims’ data to them using Telegram bots.…
On January 31st 2024, Snyk announced the discovery of four vulnerabilities in Kubernetes and Docker.
CVE-2024-21626: CVSS – High, 8.6 CVE-2024-23651: CVSS – High, 8.7 CVE-2024-23652: CVSS – Critical, 10 CVE-2024-23653: CVSS – Critical, 9.8For Kubernetes, the vulnerabilities are specific to the runc CRI.…
By Securonix Threat Research: D. Iuzvyk, T.Peck, O.Kolesnikov
tldr:An interesting campaign leveraging a new SUBTLE-PAWS PowerShell-based backdoor has been identified targeting Ukraine which follows stealthy tactics to evade detection and spreads by infecting USB drives.
The Securonix Threat Research team has been monitoring an ongoing campaign likely related to Shuckworm targeting Ukrainian military personnel (tracked by Securonix Threat Research as STEADY#URSA).…
Large language models (LLMs), has significantly changed our work and personal lives. While these advancements offer many benefits, they have also presented new challenges and risks. Specifically, there has been an increase in threat actors who attempt to exploit large language models to create phishing emails and use generative AI, like fake voices, to scam people.…
AhnLab SEcurity intelligence Center (ASEC) is using a Linux SSH honeypot to monitor attacks against unspecified Linux systems. Threat actors install malware by launching brute force and dictionary attacks against Linux systems that are poorly managed, such as using default settings or having a simple password.…
On 10th January 2024, Ivanti disclosed two zero-day critical vulnerabilities affecting Connect Secure VPN product: CVE-2024-21887 and CVE-2023-46805 allowing unauthenticated remote code execution. Volexity and Mandiant published several articles showing how these vulnerabilities were actively exploited by a threat actor, tracked by Volexity as UTA0178 and by Mandiant as UNC5221.…
Mandiant Managed Defense has been tracking UNC4990, an actor who heavily uses USB devices for initial infection. UNC4990 primarily targets users based in Italy and is likely motivated by financial gain. Our research shows this campaign has been ongoing since at least 2020.
Despite relying on the age-old tactic of weaponizing USB drives, UNC4990 continues to evolve their tools, tactics and procedures (TTPs).…
ESET has collaborated with the Federal Police of Brazil in an attempt to disrupt the Grandoreiro botnet. ESET contributed to the project by providing technical analysis, statistical information, and known command and control (C&C) server domain names and IP addresses. Due to a design flaw in Grandoreiro’s network protocol, ESET researchers were also able to get a glimpse into the victimology.…
By Oleg Zaytsev, Nati Tal (Guardio Labs)
Over the last few years, the phishing ecosystem has been “democratized. “ There was a time when kits, infrastructure, and know-how, were available only on invite-only forums in the Dark web, hidden behind Tor Onion networks.…
Internet Shortcut files, or URL files, present an interesting opportunity to reflect on how unextraordinary file types present security risks and become an enabling technology for criminal activity when coupled with the right vulnerabilities. At InQuest, we specialize in adversaries’ abuse of complex, evasive file types for malicious ends, helping customers with solutions that are optimized to provide resilient countermeasures against cybersecurity threats.…
Editor’s note: The current article was originally published on May 13, 2021, and updated on January 26, 2024.
Today we face a growing number of cyberattacks. Analysts can use the intrusion detection system to identify, minimize, and stop threats.…
[Update] January 30, 2024: “Official Attributions of Star Blizzard”
Within the continuously changing cyber threat landscape, the strategies of Star Blizzard unfold with a calculated precision, resembling a strategic orchestration. Spear-phishing, in this context, mirrors a carefully planned and executed maneuver. This elusive group, exhibiting a level of sophistication comparable to seasoned experts, systematically identifies specific individuals and groups as their targeted audience.…
The digital world is constantly under the threat of cyber attacks, and the emergence of new ransomware groups only intensifies this peril. One such group that has recently come into the spotlight is INC Ransom. This group has quickly gained notoriety for its sophisticated attacks and elusive nature.…
In this blog, we detail our investigation of the Kasseika ransomware and the indicators we found suggesting that the actors behind it have acquired access to the source code of the notorious BlackMatter ransomware.
Following an increase in bring-your-own-vulnerable-driver (BYOVD) attacks launched by ransomware groups in 2023, the Kasseika ransomware is among the latest groups to take part in the trend.…