Summary: A malicious campaign exploiting Blogspot redirectors has been uncovered, facilitating the distribution of phishing pages and malware. This operation, part of the larger “ApateWeb” initiative, utilizes Blogspot’s reputation to mislead users through seemingly legitimate links. Researchers have identified advanced techniques used by attackers to evade detection and enhance the effectiveness of their scams.…
Read More
Tag: PROXY
Censys discovered a network of botnet management systems utilizing a modified version of the Nosviak command-and-control service. This network connects over 150 hosts across multiple countries and operates under various aliases, primarily offering DDoS and proxy services marketed as “stress testing.” Evidence suggests a significant infrastructure that leverages shared resources for malicious activities.…
Read More
This article discusses the integration of older automation tools with large language models (LLMs) to enhance malware development and delivery methods, including the use of tools like Mantis and Stopwatch.ai for reconnaissance and obfuscation. It highlights the potential of LLMs in creating convincing phishing attacks and guiding malware operations, ultimately leading to a more sophisticated attack lifecycle.…
Read More
Victim: Signal, Discord | Signal, Discord
Price: N/A
Data: User geolocation data
Read More
Keypoints :
0-click deanonymization attack capable of exposing user locations. Targets applications including Signal and Discord. Leverages caching mechanisms in Cloudflare’s infrastructure. Can infer user geolocations within a 250-mile radius without user interaction. Demonstrated on Signal by sending an attachment via CDN.…
ESET researchers have uncovered a previously undisclosed APT group, PlushDaemon, linked to China, which executed a supply-chain attack on a South Korean VPN developer in 2023. The attackers replaced the legitimate VPN installer with a malicious version that deployed a sophisticated backdoor known as SlowStepper. This backdoor features a comprehensive toolkit with over 30 components, allowing extensive cyber espionage capabilities.…
Read More
Summary: Threat actors are exploiting a zero-day vulnerability in Cambium Networks cnPilot routers to deploy the AIRASHI variant of the AISURU botnet for DDoS attacks. The botnet has been active since June 2024, leveraging multiple known vulnerabilities and targeting devices primarily in Brazil, Russia, Vietnam, and Indonesia.…
Read More
Summary: A newly identified China-aligned advanced persistent threat (APT) group named PlushDaemon has been linked to a supply chain attack on a South Korean VPN provider, utilizing a sophisticated backdoor known as SlowStepper. This backdoor features a comprehensive toolkit designed for espionage and data collection, indicating the group’s significant operational capabilities since at least 2019.…
Read More
Sophos X-Ops’ Managed Detection and Response (MDR) has reported on two active threat clusters, STAC5143 and STAC5777, utilizing Microsoft Office 365 to infiltrate organizations for data theft and ransomware deployment. The tactics include email-bombing, fake tech support, and exploiting remote control tools. Both clusters exhibit overlapping techniques with known threat groups like FIN7 and Storm-1811.…
Read More
Summary: Cybersecurity researchers have identified a large-scale campaign exploiting vulnerabilities in AVTECH IP cameras and Huawei HG532 routers to create a variant of the Mirai botnet known as Murdoc_Botnet. This ongoing activity has infected over 1,370 systems since July 2024, primarily in Southeast Asia and Latin America.…
Read More
Summary: IBM has revealed several critical vulnerabilities in its Sterling Secure Proxy (SSP) that could allow attackers to execute commands, access sensitive data, or cause denial of service. The vulnerabilities, with high CVSS scores, stem from improper input validation and incorrect permission assignments. IBM has released fix packs to address these issues, emphasizing the urgency of applying the updates.…
Read More
GuidePoint Security identified a Python-based backdoor used by a threat actor to maintain access to compromised systems and deploy RansomHub encryptors across the network. The malware employs obfuscation techniques and utilizes Remote Desktop Protocol for lateral movement. Key indicators of compromise and a detailed analysis of the deployment process and command-and-control mechanisms are also discussed.…
Read More
A series of critical vulnerabilities have been reported across various platforms, including Aviatrix Controller and Microsoft 365 applications, leading to significant security risks such as unauthorized access and data breaches. Additionally, a new phishing tactic targeting Apple iMessage users and a malicious PyPi package aimed at Discord developers have emerged, highlighting the evolving threat landscape.…
Read More
Cyble Research and Intelligence Labs (CRIL) has uncovered a cyberattack targeting organizations in Germany, utilizing a deceptive LNK file within an archive to execute a malicious payload known as Sliver. The attack employs DLL sideloading and proxying techniques to maintain stealth and control over the infected systems.…
Read More
Summary: Shadow IT poses significant risks for organizations, as forgotten systems can become entry points for data breaches. Recent research by watchTowr Labs reveals that hackers also leave behind vulnerabilities in abandoned infrastructure, which can be exploited. This study highlights the importance of vigilance in cybersecurity, as both attackers and defenders can make critical mistakes.…
Read More
This article discusses the ongoing large-scale DDoS attacks orchestrated by an IoT botnet that exploits vulnerable devices, primarily targeting companies in Japan and other countries. The botnet utilizes malware derived from Mirai and Bashlite, affecting various sectors and employing multiple DDoS attack methods. Affected: Japan, North America, Europe
Read More
Keypoints :
Large-scale DDoS attacks monitored since the end of 2024.…
The BlackSuit ransomware group, an evolution of the Royal ransomware, has emerged as a significant cyber threat since mid-2023, utilizing advanced tactics to extort over $500 million from various industries worldwide. This analysis delves into their operational strategies, notable incidents, and defense mechanisms to mitigate their impact.…
Read More
This report details the vulnerabilities discovered in the Mercedes-Benz User Experience (MBUX) infotainment system, particularly focusing on the first generation of MBUX subsystems. The research highlights the importance of diagnostic software, the architecture of MBUX, and the various attack vectors identified during testing. Affected: Mercedes-Benz MBUX
Read More
Keypoints :
Research focused on the first generation of MBUX infotainment system.…
Summary: Cybersecurity researchers have unveiled a new phishing kit, named Sneaky 2FA, designed to target Microsoft 365 accounts and steal credentials along with two-factor authentication codes. This kit operates as phishing-as-a-service (PhaaS) and has been linked to a cybercrime service called ‘Sneaky Log,’ with nearly 100 domains identified hosting its phishing pages.…
Read More
Summary: Vulnerabilities in the SimpleHelp remote access software can be easily exploited, allowing attackers to compromise both server and client machines. Key issues include a path traversal vulnerability and improper privilege escalation, which could lead to unauthorized access and remote code execution. SimpleHelp has released patches to address these vulnerabilities, urging users to update their installations promptly.…
Read More
Summary: A critical vulnerability in the W3 Total Cache plugin, used by over a million WordPress sites, could allow attackers to access sensitive information and perform unauthorized actions. Despite a patch being released, many sites remain unprotected, leaving them open to exploitation. The flaw, tracked as CVE-2024-12365, poses significant risks including Server-Side Request Forgery (SSRF) and information disclosure.…
Read More