Tag: PASSWORD

Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks
Summary: Cybersecurity researchers have identified multiple vulnerabilities in SimpleHelp remote access software that could lead to serious security breaches, including information disclosure and remote code execution. The flaws, which are easy to exploit, necessitate immediate action from users to apply patches and enhance security measures.

Threat Actor: Unknown | unknown Victim: SimpleHelp | SimpleHelp

Key Point :

CVE-2024-57727: Unauthenticated path traversal vulnerability allowing file downloads, including sensitive configuration files.…
Read More
Zombies Never Die: Analysis of the Current Situation of the Large Zombie Network AIRASHI
A large-scale DDoS attack targeted the Chinese game “Black Myth: Wukong” on the Steam and Perfect World platforms in August 2024. The attackers, using a botnet called AISURU, executed multiple waves of attacks during peak online gaming hours across 13 global regions. The botnet was later updated and renamed AIRASHI, which exhibited advanced capabilities, including exploiting a 0DAY vulnerability in Cambium Networks routers.…
Read More
Kimsuky Hacking Group’s Malware Attack on the Korean Defense Industry Association – Defense Industry Digital Innovation Seminar (Planned) (2025.1.12)
This article discusses the malicious activities of the North Korean hacking group Kimsuky, which targets the Korea Association of Defense Industry Studies. The group is known for its various espionage missions, including the distribution of malware disguised as a seminar invitation. The malware is delivered via email and executes harmful scripts upon opening an attached document.…
Read More
Volt Typhoon: Analyzing Espionage Campaigns Against Critical Infrastructure
Volt Typhoon, a Chinese state-sponsored APT group, is known for targeting critical infrastructure in the US, UK, Canada, and Australia by exploiting vulnerabilities in outdated SOHO devices. Their stealthy tactics involve using legitimate tools to blend malicious activities with normal network traffic, making detection difficult. Affected: United States, United Kingdom, Canada, Australia

Keypoints :

Volt Typhoon is linked to espionage and information gathering targeting critical infrastructure.…
Read More
VMware ESXi Logging and Detection Opportunities
This article discusses the unique challenges faced by Detection Engineers in securing ESXi environments, which often lack adequate security controls. It highlights the importance of effective log sources, common adversary techniques, and provides a Python-based CLI tool for automating detection tasks. Affected: ESXi

Keypoints :

ESXi environments are often considered legacy and may lack effective maintenance and security controls.…
Read More
Hackers use FastHTTP in new high-speed Microsoft 365 password attacks
Summary: Threat actors are exploiting the FastHTTP Go library to execute rapid brute-force password attacks against Microsoft 365 accounts, with a notable success rate. This campaign, identified by SpearTip, began on January 6, 2024, and primarily targets the Azure Active Directory Graph API.

Threat Actor: Unknown | unknown Victim: Microsoft 365 | Microsoft 365

Key Point :

Brute-force attacks have a 10% success rate for account takeovers.…
Read More
Fortinet Warns of Auth Bypass Zero-Day Exploited to Hijack Firewalls
A new zero-day vulnerability (CVE-2024-55591) in FortiOS and FortiProxy allows attackers to hijack Fortinet firewalls, gaining super-admin privileges and compromising enterprise networks. The exploitation involves creating unauthorized admin accounts and modifying firewall settings. Organizations are urged to disable public management access. Affected: FortiOS, FortiProxy

Keypoints :

A zero-day vulnerability (CVE-2024-55591) affects FortiOS and FortiProxy versions.…
Read More
The Feed 2025, 01, 14
A summary of recent cybersecurity threats including ransomware targeting AWS S3 buckets, a macOS vulnerability allowing SIP bypass, a cyber espionage campaign linked to Russia, and exploitation of a critical RCE vulnerability in Aviatrix Controller. Affected: AWS, macOS, Aviatrix, Microsoft Office

Keypoints :

Codefinger ransomware targets Amazon S3 buckets using SSE-C.…
Read More
Over 5,000 WordPress sites caught in WP3.XYZ malware attack – c/side
Summary: A widespread malware campaign has been discovered targeting over 5,000 WordPress websites, creating unauthorized admin accounts and installing malicious plugins. The investigation is ongoing, with users advised to check for unauthorized accounts and remove suspicious plugins.

Threat Actor: Unknown | unknown Victim: WordPress Websites | WordPress Websites

Key Point :

Malicious scripts create unauthorized admin accounts with hardcoded credentials.…
Read More
Infostealer Infections Lead to Telefonica Ticketing System Breach
Summary: An information stealer malware attack compromised the credentials of multiple Telefonica employees, allowing threat actors to access the company’s internal ticketing system and steal sensitive data. The Hellcat ransomware group claimed responsibility for the breach, which involved sophisticated social engineering techniques and custom malware.

Threat Actor: Hellcat Ransomware Group | Hellcat Ransomware Group Victim: Telefonica | Telefonica

Key Point :

Attackers used custom infostealer malware to compromise credentials of over 15 employees.…
Read More
Double-Tap Campaign: Russia-nexus APT possibly related to APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations
This report discusses a cyber espionage campaign linked to the Russian intrusion set UAC-0063, which targets Central Asian countries, particularly Kazakhstan, using weaponized Office documents. The campaign is associated with the APT28 group and aims to collect strategic intelligence concerning Kazakhstan’s diplomatic and economic relations. Affected: Kazakhstan, Ukraine, Israel, India, Kyrgyzstan, Tajikistan

Keypoints :

UAC-0063 is a Russian intrusion set active since at least 2021, targeting various countries.…
Read More
Cyberattackers Hide Infostealers in YouTube Comments, Google Search Results
Summary: Attackers are exploiting YouTube and Google search results to target individuals seeking pirated software, leading them to malicious downloads that install infostealing malware. Researchers from Trend Micro have identified various tactics used by these threat actors to evade detection and compromise sensitive information.

Threat Actor: Cybercriminals | cybercriminals Victim: Individuals seeking pirated software | individuals seeking pirated software

Key Point :

Attackers pose as guides on YouTube, providing fake software installation tutorials to lure victims.…
Read More
Hunt for RedCurl | Huntress
Huntress discovered ongoing cyberespionage activities linked to the APT group RedCurl, targeting various organizations in Canada since late 2023. The group employs unique tactics involving scheduled tasks and PowerShell scripts to exfiltrate data without detection. Their methods include using legitimate Windows binaries for malicious purposes, making detection challenging.…
Read More