Tag: PASSWORD

How Cracks and Installers Bring Malware to Your Device
This article discusses the tactics used by attackers to distribute fake installers via trusted platforms like YouTube and file hosting services. By employing encryption and social engineering, these attackers aim to evade detection and steal sensitive browser data from unsuspecting users. Affected: YouTube, Mediafire, Mega.nz, OpenSea, SoundCloud

Keypoints :

Attackers exploit user trust by using platforms like YouTube to share fake installer links.…
Read More
Philippine Air Force Systems Compromised: Hackers Warn of Critical Security Flaws
Victim: Philippine Air Force | Philippine Air Force Price: Not disclosed Exfiltrated Data Type: Sensitive files, classified documents

Key Points :

Threat actor: Klammer from “Deathnote Hackers International” (DNH) Systems compromised: Electronic Document Filing System (EDFS) and Military Integrated Information System (MIIS) Exploited vulnerabilities: Predictable credentials and insufficient rate limiting Critical weakness: Outdated password for a jet fighter pilot, unchanged for over a year Number of files exposed: 53,000 sensitive files, including classified documents from 1977 to 2025 Potential risk: Vulnerabilities could be exploited by foreign entities, particularly Chinese hackers Recommendations: Mandatory password changes every six months, implementation of two-factor authentication (2FA), and stronger app usage policies Deep Web Konek has notified the Philippine Air Force about the breach; no official response yet

Original Source: https://kukublanph.data.blog/2025/01/10/philippine-air-force-systems-compromised-hackers-warn-of-critical-security-flaws/…

Read More
HexaLocker V2: Skuld Stealer Paving the Way prior to Encryption
HexaLocker V2 is a newly updated ransomware variant that incorporates advanced functionalities such as a persistence mechanism, a data exfiltration process using Skuld Stealer, and enhanced encryption methods. The ransomware targets Windows systems, employing a double extortion tactic by stealing and encrypting files. Affected: HexaLocker, Skuld Stealer

Keypoints :

HexaLocker was first discovered in mid-2024, with version 2 introducing significant updates.…
Read More
The Feed 2025-01-10

“`html

Check Point Research has identified a new version of the Banshee macOS stealer malware, which has been evading detection since September 2024. The malware targets macOS users, stealing sensitive information and utilizing an encryption algorithm similar to Apple’s XProtect. Despite the shutdown of its original operations after a code leak, Banshee continues to be distributed through phishing websites and malicious GitHub repositories.…
Read More
Major Vulnerabilities Patched in SonicWall, Palo Alto Expedition, and Aviatrix Controllers
Summary: Palo Alto Networks has released patches for critical vulnerabilities in its Expedition migration tool, including a high-severity SQL injection flaw that could allow authenticated attackers to access sensitive data. Additionally, SonicWall and Securing have also addressed significant security flaws in their respective products.

Threat Actor: (authenticated attacker, unauthenticated attacker) | threat actor Victim: (Palo Alto Networks, SonicWall, Aviatrix) | Palo Alto Networks, SonicWall, Aviatrix

Key Point :

Palo Alto Networks addressed multiple vulnerabilities in its Expedition tool, including SQL injection and XSS flaws.…
Read More

Victim: E-Tank (Part 2) Country : Actor: akira Source: Discovered: 2025-01-09 15:54:16.099253 Published: 2025-01-09 15:54:16.099253 Description : E-Tank is a rental solution for the frac tank, roll-off box, and industrial pump equipment.

You will find more than 100 GB of private corporate doc uments including: SSNs, driver licenses, passports, con tact numbers and e-mail addresses of employees, family information, medical insurance documents etc.,…

Read More

Victim: E-Tank (Part 1) Country : Actor: akira Source: Discovered: 2025-01-09 15:54:20.640211 Published: 2025-01-09 15:54:20.640211 Description : E-Tank is a rental solution for the frac tank, roll-off box, and industrial pump equipment.

You will find more than 100 GB of private corporate doc uments including: SSNs, driver licenses, passports, con tact numbers and e-mail addresses of employees, family information, medical insurance documents etc.,…

Read More
1Password Acquires SaaS Access Management Provider Trelica
Summary: 1Password has acquired Trelica, a SaaS access management provider, marking its largest acquisition by revenue in 18 years. This move aims to enhance 1Password’s Extended Access Management platform, addressing challenges in managing and securing SaaS applications.

Threat Actor: N/A | N/A Victim: N/A | N/A

Key Point :

1Password’s acquisition of Trelica strengthens its offerings in access management and security.…
Read More
OpenSSH Under Siege: PoC Exploit Released for Infamous “regreSSHion” Bug
Summary: The OpenSSH “regreSSHion” vulnerability (CVE-2024-6387) poses a significant threat to Linux systems, allowing attackers to exploit weaknesses in SSH session handling for unauthorized access and code execution. Immediate action is required from security administrators to patch systems and enhance security measures against potential exploits.

Threat Actor: Unknown | unknown Victim: Linux Systems | Linux Systems

Key Point :

The vulnerability affects OpenSSH versions 8.5p1 through 9.8p1 on glibc-based Linux systems.…
Read More
Black Basta’s Tactical Evolution: Deploying Zbot, DarkGate, and Bespoke Malware – SOCRadar® Cyber Intelligence Inc.
Black Basta is a sophisticated ransomware group that employs advanced social engineering and malware tactics to breach organizational defenses. Their recent operations involve phishing, impersonation, and exploitation of remote access tools, impacting various sectors globally. Affected: healthcare, finance, manufacturing, energy, national security

Keypoints :

Black Basta utilizes phishing emails to create a smokescreen for attacks.…
Read More
The Feed 2025-01-09
This article explores various cyber threats, including voice phishing by the “Crypto Chameleon” group, exploitation of vulnerabilities in Kerio Control and Ivanti Connect Secure VPN, and North Korean hackers targeting cryptocurrency wallets through fake job interviews. The rise of ransomware among state-sponsored APT groups is also highlighted, indicating a troubling trend in modern cyber threats.…
Read More
Examining Redtail Analyzing a Sophisticated Cryptomining Malware and its Advanced Tactics Guest Diary – SANS Internet Storm Center
This article discusses the redtail cryptocurrency mining malware, detailing its execution methods, the threat actors behind it, and the implications for cybersecurity. The analysis highlights the malware’s ability to adapt and exploit vulnerabilities, emphasizing the need for robust protective measures against such threats. Affected: honeypot, Palo Alto Networks’ PAN-OS

Keypoints :

redtail is a cryptocurrency mining malware that stealthily installs itself on compromised systems.…
Read More
Gmail For Exfiltration: Malicious npm Packages Target Solana Private Keys and Drain Victims’ Wallets
Socket’s threat research team has identified malicious npm packages that exfiltrate Solana private keys via Gmail. These packages, which typosquat popular libraries, serve as malware that drains victims’ wallets. The threat actors utilize overlapping tactics and Gmail’s SMTP servers for data exfiltration, making detection difficult. The malicious packages remain live on npm, prompting efforts for their removal.…
Read More
Data of more than 8,500 customers breached on Green Bay Packers shopping website
Summary: The Green Bay Packers reported a data breach involving their online store, where hackers inserted malicious code to steal customer payment information. An investigation revealed that 8,514 customers were impacted, with sensitive data potentially compromised during specific dates in September and October 2024.

Threat Actor: Unknown | unknown Victim: Green Bay Packers | Green Bay Packers

Key Point :

Malicious code allowed unauthorized access to customer payment information during checkout.…
Read More
Neglected Domains Used in Malspam to Evade SPF and DMARC Security Protections
Summary: Cybersecurity researchers have identified ongoing malspam campaigns where threat actors spoof sender email addresses, often using neglected domains to bypass security measures. These campaigns include phishing attempts and extortion schemes targeting various sectors, utilizing tactics like QR codes and impersonation of trusted brands.

Threat Actor: Muddling Meerkat | Muddling Meerkat Victim: Various sectors including legal, government, and construction | Various sectors

Key Point :

Threat actors are using old, neglected domains to spoof sender addresses and evade security checks.…
Read More
How initial access brokers (IABs) sell your users’ credentials
Summary: Initial Access Brokers (IABs) are cybercriminals who infiltrate corporate networks and sell stolen access to other attackers, functioning like high-tech locksmiths. Their operations have become increasingly efficient, posing significant risks to organizations through compromised credentials.

Threat Actor: Initial Access Brokers (IABs) | Initial Access Brokers Victim: Various organizations | Amazon Web Services, Geico, ADT

Key Point :

IABs operate like legitimate businesses, offering tiered pricing and customer support for stolen access.…
Read More