PAYLOAD – Cybersecurity News Everyday

Windows BitLocker — Screwed without a Screwdriver — Neodyme

January 21, 2025January 21, 2025 admin

The article discusses a vulnerability known as “bitpixie” that allows attackers to access encrypted files on Windows devices using BitLocker without needing to disassemble the device. This exploit takes advantage of a bug in the Windows Boot Manager and requires only physical access to the device and a network connection.…

Cyber Security News

ChatGPT Crawler Vulnerability Abused to Trigger Reflexive DDoS Attacks

January 21, 2025January 21, 2025 admin

Summary: Security researchers have identified a critical vulnerability in OpenAI’s ChatGPT API that can be exploited to conduct Reflective Distributed Denial of Service (DDoS) attacks. This flaw, with a CVSS score of 8.6, poses significant risks to the scalability and security of AI services on cloud platforms, particularly Microsoft Azure.…

Threat Research

Analysis Report on the Latest Phishing Incident by Clickfix: The Tragedy of CAPTCHA Resistance – Security Cow

January 21, 2025January 21, 2025 iocOne

This article analyzes the Clickfix phishing incidents, highlighting the evolution of CAPTCHA bypass techniques and the exploitation of user trust in verification mechanisms. It details how attackers use social engineering to manipulate users into executing malicious commands, leading to data theft. Affected: Windows system users, WordPress websites, online security sector

Keypoints :

Clickfix is a phishing technique that exploits user fatigue with verification processes.…

Threat Research

Still Attacks by Vidar: Regular Cadence and Old Strategies Always Effective

January 21, 2025 Italy-Cert-agid

The ongoing Vidar malware campaigns continue to target Italian users every Monday morning, with the latest wave detected on January 20, 2025. This attack exploits compromised PEC accounts to send emails exclusively to PEC account holders, leveraging the trustworthiness of these communications to maximize success rates.…

Threat Research

Qbot is Back Connect

January 21, 2025January 21, 2025 iocOne

QBot, a modular information stealer, has resurfaced following law enforcement actions aimed at its operators. Recent research indicates the use of DNS tunneling in conjunction with Zloader, revealing connections to new backConnect malware that may be utilized in ransomware attacks. Affected: QBot operators, financial institutions, cybersecurity sector

Keypoints :

QBot, also known as Qakbot or Pinkslipbot, has been active since 2007.…

Youtube

The Most Powerful Malware Analysis Tool You NEED in 2025

January 20, 2025 Youtube

Summary: The video discusses the use of a powerful open-source tool called “It Box” that can be used for malware scanning and analysis. It highlights the features of this tool, including static and dynamic analysis capabilities, the ability to scan running processes, and integrating multiple tools to detect potential threats in malware.…

Threat Research

RansomHub Affiliate leverages Python-based backdoor

January 20, 2025January 20, 2025 Securonix

GuidePoint Security identified a Python-based backdoor used by a threat actor to maintain access to compromised systems and deploy RansomHub encryptors across the network. The malware employs obfuscation techniques and utilizes Remote Desktop Protocol for lateral movement. Key indicators of compromise and a detailed analysis of the deployment process and command-and-control mechanisms are also discussed.…

Threat Research

Sliver Implant Targets German Entities with DLL Sideloading and Proxying Techniques

January 19, 2025 Cyble

Cyble Research and Intelligence Labs (CRIL) has uncovered a cyberattack targeting organizations in Germany, utilizing a deceptive LNK file within an archive to execute a malicious payload known as Sliver. The attack employs DLL sideloading and proxying techniques to maintain stealth and control over the infected systems.…

Info Data Leak

Private Keys in the Fortigate Leak – Hanno’s blog

January 18, 2025January 18, 2025 admin

Summary: Recently, a leak of configuration files for Fortigate/Fortinet devices revealed sensitive data, including TLS and SSH private keys, due to a known vulnerability (CVE-2022-40684). Despite previous warnings from Fortinet about active exploitation, many users failed to change their default passwords, leaving their systems vulnerable. The incident highlights ongoing issues with security practices and the effectiveness of security advisories.…

Trash

Job Offer or Cyber Trap Fake CrowdStrike Recruiters Deliver Malware

January 18, 2025 iocOne

A recent cybersecurity alert has revealed that fake CrowdStrike recruiters are distributing malware through phishing emails, tricking victims into downloading a malicious executable that installs a cryptocurrency miner. This scam uses a fake recruitment domain to lure job seekers. Affected: CrowdStrike, job seekers, cryptocurrency mining sector

Keypoints :

Fake CrowdStrike recruiters are distributing malware via phishing emails.…

Trash

Unmasking the Shadows: Inside the Dark Web of coinbase-mywallet.com Phishing and Malware Networks

January 18, 2025 iocOne

Phishing domains like coinbase-mywallet.com pose significant threats to users in the cryptocurrency and finance sectors by mimicking legitimate services to harvest sensitive information. This investigation reveals the domain’s connections to the APT40 threat group, showcasing the sophisticated infrastructure and tactics employed in these malicious operations. Affected: cryptocurrency sector, finance sector

Keypoints :

coinbase-mywallet.com…

Threat Research

IoT Botnet Linked to Large-scale DDoS Attacks Since the End of 2024

January 18, 2025 TrendMicro

This article discusses the ongoing large-scale DDoS attacks orchestrated by an IoT botnet that exploits vulnerable devices, primarily targeting companies in Japan and other countries. The botnet utilizes malware derived from Mirai and Bashlite, affecting various sectors and employing multiple DDoS attack methods. Affected: Japan, North America, Europe

Keypoints :

Large-scale DDoS attacks monitored since the end of 2024.…

Threat Research

BlackSuit Ransomware Group: What Have Changed After Royal Ransomware

January 17, 2025 Picussecurity

The BlackSuit ransomware group, an evolution of the Royal ransomware, has emerged as a significant cyber threat since mid-2023, utilizing advanced tactics to extort over $500 million from various industries worldwide. This analysis delves into their operational strategies, notable incidents, and defense mechanisms to mitigate their impact.…

Threat Research

SharpRhino: An old, new threat

January 17, 2025January 17, 2025 Securonix

SharpRhino is a new RAT malware utilized by the Hunters International threat group, delivered as a legitimate software installer. It uses PowerShell scripts to execute encoded .NET assemblies for remote command execution and communicates with a C2 server over encrypted traffic. Affected: Windows

Keypoints :

SharpRhino is based on the open-source project ThunderShell.…

Threat Research

Mercedes-Benz Head Unit security research report

January 17, 2025 SecureList

This report details the vulnerabilities discovered in the Mercedes-Benz User Experience (MBUX) infotainment system, particularly focusing on the first generation of MBUX subsystems. The research highlights the importance of diagnostic software, the architecture of MBUX, and the various attack vectors identified during testing. Affected: Mercedes-Benz MBUX

Keypoints :

Research focused on the first generation of MBUX infotainment system.…

Threat Research

New Star Blizzard spear-phishing campaign targets WhatsApp accounts | Microsoft Security Blog

January 17, 2025January 17, 2025 Securonix

In mid-November 2024, Microsoft Threat Intelligence reported a shift in tactics by the Russian threat actor Star Blizzard, who began targeting WhatsApp accounts through spear-phishing campaigns. This new approach involves impersonating US government officials to lure victims into malicious links that compromise their WhatsApp data. The campaign highlights the actor’s resilience and adaptability in the face of operational disruptions.…

Threat Research

Threat Bulletin: Weaponized Software Targets Chinese-Speaking Organizations

January 17, 2025January 17, 2025 iocOne

A series of sophisticated cyberattacks targeting organizations in Chinese-speaking regions have been identified, utilizing a multi-stage loader called PNGPlug to deliver the ValleyRAT malware. The attacks begin with phishing tactics, leading to the installation of a malicious MSI package that deploys the malware while maintaining a facade of legitimacy.…

Threat Research

ANDROID MALWARE IN DONOT APT OPERATIONS

January 17, 2025 Cyfirma

The CYFIRMA research team has identified a new Android malware attributed to the Indian APT group ‘DONOT’, utilizing a seemingly benign application named “Tanzeem” to gather intelligence against internal threats. The app misuses the OneSignal platform to send phishing notifications, and its permissions allow extensive access to user data.…

Threat Research

MintsLoader: StealC and BOINC Delivery

January 17, 2025 Esentire

eSentire’s Threat Response Unit (TRU) has identified a campaign involving MintsLoader malware, which delivers payloads like Stealc through spam emails. This campaign primarily affects organizations in the Electricity, Oil & Gas, and Legal Services sectors in the US and Europe. The malware employs various evasion techniques and utilizes a Domain Generation Algorithm (DGA) to communicate with its command and control servers.…

Threat Research

Gootloader inside out

January 17, 2025 Sophos

The Gootloader malware employs sophisticated social engineering tactics to infect users through compromised WordPress sites. It manipulates search engine results to direct victims to these sites, where they encounter fake message boards that link to the malware. The infection process is complex and heavily obfuscated, making it difficult for even site owners to detect.…

Tag: PAYLOAD