Tag: SPOOFING

### #MicrosoftSecurity #VulnerabilityManagement #RemoteCodeExecution

Summary: A series of vulnerabilities have been identified across various Microsoft products, including critical remote code execution and elevation of privilege vulnerabilities. These issues pose significant risks to users and organizations relying on these technologies.

Threat Actor: Unknown | unknown Victim: Microsoft Products | Microsoft

Key Point :

Multiple vulnerabilities across Microsoft Office, Windows services, and Edge, with several rated as critical or important.…
Read More

### #CitrineSleet #InletDrift #DeFiHeist

Summary: Radiant Capital has attributed a $50 million cryptocurrency theft to North Korean threat actors known as Citrine Sleet, following a sophisticated cyberattack that exploited vulnerabilities in their systems. The attack involved malware that bypassed multiple security layers, leading to unauthorized transactions.…

Read More

### #AIThreats #CloudSecurity #PrivilegeEscalation

Summary: Microsoft has patched four significant security vulnerabilities affecting its AI and cloud services, including one actively exploited in the wild. The most critical flaw, CVE-2024-49035, allows unauthorized privilege escalation on partner.microsoft.com.

Threat Actor: Unknown | unknown Victim: Microsoft | Microsoft

Key Point :

Microsoft identified CVE-2024-49035 as a privilege escalation vulnerability with a CVSS score of 8.7, marked as “Exploitation Detected.”…
Read More

### #WordPressSecurity #PluginVulnerabilities #WebApplicationRisks

Summary: A report has identified two critical vulnerabilities in the Anti-Spam by CleanTalk WordPress plugin, affecting over 200,000 installations and allowing unauthenticated attackers to compromise websites. Users are urged to update to the latest version to mitigate these risks.

Threat Actor: Unauthenticated Attackers | unauthenticated attackers Victim: Anti-Spam by CleanTalk Users | Anti-Spam by CleanTalk

Key Point :

Two vulnerabilities, CVE-2024-10542 and CVE-2024-10781, allow attackers to install malicious plugins and execute arbitrary code.…
Read More

### #PhishingEvolution #BiometricExploitation #IdentityTheftTactics

Summary: A new phishing tactic combines identity theft with biometric data capture, posing significant risks to personal security and public trust in digital systems. This sophisticated scheme uses urgency and deception to manipulate victims into submitting sensitive information.

Threat Actor: Cybercriminals | cybercriminals Victim: Online users | online users

Key Point :

The phishing scheme begins with an urgent email requesting identity verification to lure victims.…
Read More

Threat Actor: Cybercriminals | cybercriminals Victim: Online Users | online users Price: Potential loss of personal security and trust Exfiltrated Data Type: Government IDs and Biometric Data

Key Points :

The phishing scheme uses urgent identity verification emails to lure victims. Victims are directed to a deceptive CAPTCHA page to lower suspicion.…
Read More

This article discusses a WordPress malware infection that employs a spam doorway tactic to mislead search engines and direct traffic to casino-related spam sites. The malware is cleverly concealed within the site’s theme files, affecting only bots and crawlers while avoiding detection by human visitors. Effective mitigation strategies are also provided to protect websites from similar attacks.…
Read More

Summary: Over 1 million domains are potentially vulnerable to “Sitting Ducks” attacks, which exploit DNS misconfigurations to hijack domains for malicious purposes. The report by Infoblox Threat Intel highlights the simplicity of executing these attacks and the challenges in detecting them.

Threat Actor: Vipers, Hawks | Vipers, Hawks Victim: Various organizations and individuals | Various organizations and individuals

Key Point :

Over 800,000 domains remain vulnerable to hijacking, with 70,000 already compromised.…
Read More

ThreatWire Video Summary

Short Summary

The video discusses recent developments in cybersecurity, including a targeted attack on the Tor network, issues with iPhone security updates, and legal challenges faced by Google in Russia. Additionally, there is a focus on a critical vulnerability found in Cisco devices, concluding with a personal reflection from the host on their one-year anniversary of hosting ThreatWire.…

Read More

Summary: Microsoft has disclosed a critical vulnerability (CVE-2024-49040) in Exchange Server that allows attackers to spoof legitimate email senders, potentially enhancing the effectiveness of phishing attacks. Discovered by researcher Vsevolod Kokorin, the flaw affects Exchange Server 2016 and 2019, prompting Microsoft to implement detection and warning measures in recent updates.…

Read More

Summary:

BlackSuit ransomware has emerged as a significant threat since late 2023, targeting various industries and employing double extortion tactics. With demands exceeding USD 500 million, it has affected numerous organizations globally. The ransomware’s sophisticated methods include exploiting VPN vulnerabilities and utilizing remote management tools for command-and-control activities.…
Read More

Summary:

In a recent cyber campaign, the Chinese state-sponsored threat group TAG-112 compromised two Tibetan websites to deliver Cobalt Strike malware. The attackers embedded malicious JavaScript that spoofed a TLS certificate error, tricking visitors into downloading a disguised security certificate. This incident highlights ongoing cyber-espionage efforts targeting Tibetan entities, linking TAG-112’s infrastructure to other Chinese operations.…
Read More

Summary: Microsoft’s November 2024 Patch Tuesday addresses 91 vulnerabilities, including four critical zero-days, two of which are actively exploited. The updates include fixes for various types of flaws, such as remote code execution and elevation of privilege vulnerabilities.

Threat Actor: Unknown | unknown Victim: Microsoft | Microsoft

Key Point :

Four zero-day vulnerabilities were disclosed, two of which were actively exploited in attacks.…
Read More

Threat Actor: Unknown | Unknown Victim: Microsoft | Microsoft Price: N/A Exfiltrated Data Type: NTLMv2 hash, Remote Code Execution capabilities

Key Points :

Microsoft Patch Tuesday for November 2024 fixed 89 vulnerabilities across various products. Two zero-day vulnerabilities, CVE-2024-43451 and CVE-2024-49039, were actively exploited at the time of release.…
Read More

Summary: A new Rust-based malware named Fickle Stealer has emerged, targeting sensitive information from compromised systems through deceptive tactics and multiple attack vectors. It employs advanced evasion techniques, masquerading as legitimate applications to avoid detection while siphoning data to attackers.

Threat Actor: Unknown | Fickle Stealer Victim: Individuals and organizations | Fickle Stealer victims

Key Point :

Fickle Stealer spreads through phishing, drive-by downloads, exploit kits, and social engineering.…
Read More

Summary:

SentinelLabs has identified a new campaign dubbed ‘Hidden Risk’ by a suspected North Korean threat actor targeting cryptocurrency businesses. This campaign employs multi-stage malware and novel persistence techniques, including the abuse of the Zsh configuration file zshenv. The initial infection vector involves phishing emails with malicious applications disguised as PDF files, aimed at stealing cryptocurrency and deploying backdoor malware.…
Read More

Summary: SentinelLabs has identified a new campaign dubbed ‘Hidden Risk’ by a suspected North Korean threat actor targeting cryptocurrency businesses with sophisticated multi-stage malware. This campaign employs phishing tactics and a novel persistence mechanism using the Zsh configuration file to maintain access to compromised systems.

Threat Actor: DPRK | BlueNoroff Victim: Cryptocurrency Businesses | cryptocurrency businesses

Key Point :

The ‘Hidden Risk’ campaign utilizes phishing emails with fake cryptocurrency news to deliver malware disguised as PDF files.…
Read More

Summary:

Fickle Stealer is a newly identified Rust-based information stealer that spreads through various attack vectors such as phishing and exploit kits. It effectively bypasses security measures like User Account Control (UAC) and is capable of stealing sensitive information, including passwords and cryptocurrency wallet details. The malware employs advanced obfuscation techniques to evade detection, making it a significant threat to compromised systems.…
Read More