Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
Summary: This content provides an update on the deployment of a live patch for CVE-2024-1086 for CloudLinux users and includes instructions for manual updates.
Threat Actor: N/A Victim: CloudLinux users
Key Point:
The KernelCare team is working on deploying a live patch for CVE-2024-1086 for CloudLinux users.…Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats within minutes.
We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.…
Mallox, a strain of ransomware and a group with the same name, encrypts its victims’ data and subsequently demands a ransom, typically in cryptocurrency, in return for providing the decryption key, just as a usual ransomware operator. However, this ransomware exhibited more destructiveness than many other ransomware variants in some cases.…
Overview
The SonicWall Capture Labs threat research team analyzed a malware purporting to be a Java utility. It arrives as an installer for Java Access Bridge, but ultimately installs the popular open-source cryptominer, XMRig.
Infection Cycle
The sample arrives as a Windows installer package (msi) file using the following file name:
JavaAccessBridge-64.msi…In 2022, the DonutLeaks group emerged as a significant player, demonstrating a sophisticated approach to data extortion. Linked to cyber incidents targeting notable enterprises such as Greek natural gas company DESFA, UK architectural firm Sheppard Robson, and multinational construction company Sando, DonutLeaks has swiftly garnered attention for its aggressive tactics and extensive data leaks when it first emerged.…
Key Point : – Phishing attacks targeting login credentials for IAM, cloud resources, and SSO-enabled systems are on the rise. – SMS phishing (smishing) has seen a significant surge in 2024. – The Com, a geographically diverse group of threat actors, is responsible for these attacks.…
This blog discusses the Darktrace Threat Research team’s investigation into Raspberry Robin, an evasive worm that is primarily distributed through infected USB drives. Once it has gained access to a target network, Raspberry Robin is able to infect devices with additional malware variants.
IntroductionIn the face of increasingly hardened digital infrastructures and skilled security teams, malicious actors are forced to constantly adapt their attack methods, resulting in sophisticated attacks that are designed to evade human detection and bypass traditional network security measures.…
Threat Actor: Unknown Victim: Windows users
Key Points: * A threat actor is selling a zero-day vulnerability specifically for a Windows 0-day Local Privilege Escalation (LPE) exploit. * The threat actor is not providing detailed information about the exploit. * The actor claims that the exploit works on all versions of Windows, but researchers are skeptical about this claim.…
The Pixel Update Bulletin provides details on security vulnerabilities, functional improvements, and updates for supported Pixel devices.
Key Point:
🌟 Security patch levels of 2024-04-05 or later address all issues in the bulletin and the April 2024 Android Security Bulletin.🌟 All supported Google devices will receive an update to the 2024-04-05 patch level.…The world of cyber security faces new and more complex threats every day. Among these threats, which we encounter anew each day, one of the most significant is malicious software designed to steal personal and corporate information, known as “stealers”. Stealers can be considered one of today’s unseen yet most dangerous corporate threats.…
____________________ Summary: This article provides an in-depth look into two techniques used by Earth Freybug actors: dynamic-link library (DLL) hijacking and application programming interface (API) unhooking to prevent child processes from being monitored via a new malware called UNAPIMON.
Key Point: * Earth Freybug actors use DLL hijacking and API unhooking techniques to prevent monitoring of child processes.…
When discussing Windows services and how to hunt for their abuse, it is worth mentioning that there are several threat hunting hypotheses that we can leverage. This is very common in threat hunting tradecraft in general and for persistence-related techniques in particular.
When you are dealing with Windows services techniques, all your hypotheses can be split into two big groups: Hunting for service creation (aka “establishment” aka “installation”) and Hunting for service execution (some time after the service was created/established).…
____________________ Summary: The SonicWall Capture Labs threat research team has discovered an Unauthenticated Command Injection vulnerability in Progress Kemp LoadMaster. This vulnerability allows attackers to bypass authentication and execute arbitrary commands on the system. LoadMaster users are advised to upgrade their instances immediately.
____________________ Key Point: * The vulnerability affects Progress Kemp LoadMaster releases after 7.2.48.1 and LoadMaster Multi-Tenant (MT) VFNs.…
______________________Summary: The blog post analyzes the Linux version of DinodasRAT, a malware used by Chinese-nexus APT threat actors. The Linux version, known as Linodas, has separate development and introduces auxiliary modules with separate configuration files. It focuses on establishing and controlling reverse shells, collecting user activity from logs, and manipulating local file content.…
This document will help and guide you to start your first threat hunting based on MITRE ATT&CK Tactics.
ReconnaissanceObjective:Identify potential reconnaissance activity on the network
Description:Reconnaissance is an important phase of an attack, where the attacker gathers information about the target system and network.…
Windows Event Logs mindmap provides a simplified view of Windows Event logs and their capacities that enables defenders to enhance visibility for different purposes:
Log collection (eg: into a SIEM)Threat huntingForensic / DFIRTroubleshootingScheduled tasks:Event ID 4697 , This event generates when new service was installed in the system.…____________________ Summary: The XZ Utils Data Compression Library has a vulnerability that impacts multiple Linux distributions. It is recommended to downgrade to an uncompromised version or migrate to updated releases.
Key Points: * The vulnerability, CVE-2024-3094, has a critical severity level. * The vulnerability is a result of a supply chain compromise in versions 5.6.0 and 5.6.1 of XZ Utils.…
Threat Actor: Unknown Victim: Windows users
Information: 🌟 The threat actor is offering a Windows 1-day Local Privilege Escalation (LPE) exploit for sale. 🌟 The exploit is identified as CVE-2024-26169 and is categorized as a Windows Error Reporting Service Elevation of Privilege Vulnerability. 🌟 The vulnerability allows attackers to gain SYSTEM privileges.…
Summary: A new Linux privilege-escalation exploit has been discovered, allowing users to gain root access to vulnerable machines. The exploit affects various Linux distributions and has a high success rate on certain kernel versions.
Key Point: ⭐ Exploit grants root access to vulnerable Linux machines ⭐ Vulnerability tracked as CVE-2024-1086 with a severity rating of 7.8 ⭐ Patch released at the end of January, but updates are still rolling out ⭐ Exploit technique involves manipulating page tables to gain unauthorized control over system memory ⭐ Source code for exploit PoC is available on GitHub
———————-
A Linux privilege-escalation proof-of-concept exploit has been published that, according to the bug hunter who developed it, typically works effortlessly on kernel versions between at least 5.14 and 6.6.14. …