Summary:
In a recent cyber campaign, the Chinese state-sponsored threat group TAG-112 compromised two Tibetan websites to deliver Cobalt Strike malware. The attackers embedded malicious JavaScript that spoofed a TLS certificate error, tricking visitors into downloading a disguised security certificate. This incident highlights ongoing cyber-espionage efforts targeting Tibetan entities, linking TAG-112’s infrastructure to other Chinese operations.…Tag: SPOOFING
Summary: Microsoft’s November 2024 Patch Tuesday addresses 91 vulnerabilities, including four critical zero-days, two of which are actively exploited. The updates include fixes for various types of flaws, such as remote code execution and elevation of privilege vulnerabilities.
Threat Actor: Unknown | unknown Victim: Microsoft | Microsoft
Key Point :
Four zero-day vulnerabilities were disclosed, two of which were actively exploited in attacks.…Threat Actor: Unknown | Unknown Victim: Microsoft | Microsoft Price: N/A Exfiltrated Data Type: NTLMv2 hash, Remote Code Execution capabilities
Key Points :
Microsoft Patch Tuesday for November 2024 fixed 89 vulnerabilities across various products. Two zero-day vulnerabilities, CVE-2024-43451 and CVE-2024-49039, were actively exploited at the time of release.…Summary: A new Rust-based malware named Fickle Stealer has emerged, targeting sensitive information from compromised systems through deceptive tactics and multiple attack vectors. It employs advanced evasion techniques, masquerading as legitimate applications to avoid detection while siphoning data to attackers.
Threat Actor: Unknown | Fickle Stealer Victim: Individuals and organizations | Fickle Stealer victims
Key Point :
Fickle Stealer spreads through phishing, drive-by downloads, exploit kits, and social engineering.…Summary: SentinelLabs has identified a new campaign dubbed ‘Hidden Risk’ by a suspected North Korean threat actor targeting cryptocurrency businesses with sophisticated multi-stage malware. This campaign employs phishing tactics and a novel persistence mechanism using the Zsh configuration file to maintain access to compromised systems.
Threat Actor: DPRK | BlueNoroff Victim: Cryptocurrency Businesses | cryptocurrency businesses
Key Point :
The ‘Hidden Risk’ campaign utilizes phishing emails with fake cryptocurrency news to deliver malware disguised as PDF files.…Summary:
Fickle Stealer is a newly identified Rust-based information stealer that spreads through various attack vectors such as phishing and exploit kits. It effectively bypasses security measures like User Account Control (UAC) and is capable of stealing sensitive information, including passwords and cryptocurrency wallet details. The malware employs advanced obfuscation techniques to evade detection, making it a significant threat to compromised systems.…Summary: Apache ZooKeeper has issued a security advisory for a critical vulnerability (CVE-2024-51504) that allows potential authentication bypass via IP spoofing, affecting the Admin Server. This flaw could lead to unauthorized access to sensitive server commands, posing significant risks to organizations relying on ZooKeeper for configuration management.…
Summary: A Nigerian national, Kolade Ojelade, was sentenced to 26 years in prison in the U.S. for orchestrating a phishing scam that compromised email accounts of real estate businesses, resulting in millions of dollars in fraud. His actions involved intercepting wire payment instructions and redirecting funds to accounts he controlled.…
Summary:
This article discusses the detection of DNS hijacking, a cyber threat where attackers manipulate DNS records to redirect users to malicious sites. It highlights the detection process, notable incidents from early 2024, and the importance of automated detection systems in protecting organizations from such attacks.…Summary: A new Windows Themes zero-day vulnerability allows attackers to remotely steal NTLM credentials, prompting the release of free unofficial patches by ACROS Security. This vulnerability exploits how Windows handles theme files, potentially exposing user credentials without any user interaction.
Threat Actor: Unknown | unknown Victim: Windows Users | Windows Users
Key Point :
The vulnerability allows attackers to exploit NTLM credentials through malicious theme files viewed in Windows Explorer.…Summary: A critical vulnerability in the BattlEye anti-cheat system, identified by researcher timoxa565, allows attackers to exploit the authentication process, potentially leading to illegitimate account bans in various online games. This exploit, dubbed “BannleEye,” manipulates communication between the client and server libraries, enabling malicious actors to spoof legitimate game environments.…
Threat Actor: Cybercriminals | cybercriminals Victim: Individuals and Organizations | individuals and organizations Price: Potential loss of $50,000+ Exfiltrated Data Type: Personal and financial information
Key Points :
Phishing emails are common attack methods used by cybercriminals to deceive recipients. Attackers often impersonate trusted organizations to manipulate victims into sharing sensitive information.…Short Summary:
The article discusses the analysis of a packed Snake Keylogger malware sample. It details the reverse engineering process, including unpacking techniques, the use of .NET obfuscation, and the malware’s capabilities such as keylogging and clipboard hijacking. The analysis also highlights the malware’s communication with the threat actor’s Telegram bot and the extraction of various indicators of compromise (IOCs).…
Summary: A sophisticated AI-augmented phishing scheme targeting Gmail users has emerged, demonstrating the lengths to which threat actors will go to compromise accounts. Sam Mitrovic, a security expert, shares his experience of nearly falling victim to this elaborate scam, highlighting the importance of vigilance against such threats.…
Summary: A serious vulnerability in Zendesk’s email management system, identified as CVE-2024-49193, exposes companies to email spoofing attacks that can compromise sensitive support ticket histories. Despite initial dismissals from Zendesk, the flaw has prompted urgent action from affected companies to mitigate risks.
Threat Actor: Unknown | unknown Victim: Zendesk Users | Zendesk
Key Point :
The vulnerability allows attackers to spoof emails and gain unauthorized access to sensitive ticket histories.…Summary: Microsoft has released patches for two actively exploited zero-day vulnerabilities and three additional publicly disclosed vulnerabilities in its latest Patch Tuesday update. The vulnerabilities pose significant risks to organizations, particularly those using Windows-based systems for administrative tasks.
Threat Actor: Various | threat actor Victim: Organizations using Windows systems | organizations using Windows systems
Key Point :
CVE-2024-43572 is a remote code execution vulnerability with a CVSS score of 7.8, posing a considerable risk to millions of endpoints.…This article investigates a cybercriminal’s exposed server that contained various malicious tools, including DDoS scripts, SpyNote spyware disguised as popular apps, phishing pages targeting cryptocurrency companies, and ransom notes suggesting ransomware delivery. The findings provide insights into the tactics and strategies employed by cybercriminals to exploit unsuspecting networks.…
Summary: Security researcher Peter Gabaldon disclosed critical vulnerabilities in TeamViewer, enabling local privilege escalation attacks on Windows systems. The flaws, CVE-2024-7479 and CVE-2024-7481, arise from improper cryptographic signature verification during driver installations, potentially allowing attackers to gain SYSTEM-level access.
Threat Actor: Unknown | unknown Victim: TeamViewer users | TeamViewer
Key Point :
Two vulnerabilities (CVE-2024-7479 and CVE-2024-7481) allow attackers to escalate privileges from USER to KERNEL by exploiting improper signature verification during driver installation.…Summary: Cybersecurity researchers are alerting organizations about active exploitation attempts of a newly disclosed vulnerability, CVE-2024-45519, in Synacor’s Zimbra Collaboration software. The flaw allows unauthenticated attackers to execute arbitrary commands, prompting urgent patching recommendations from security experts.
Threat Actor: Unknown | unknown Victim: Synacor | Synacor
Key Point :
Exploitation attempts began shortly after the vulnerability was disclosed, indicating a rapid response from threat actors.…Short Summary:
This article discusses a vishing attack that targeted a remote employee in the hospitality sector, leading to unauthorized access to the customer’s network. Darktrace’s anomaly-based threat detection successfully identified and mitigated the attack, preventing data loss and reinforcing the importance of robust security measures against social engineering tactics.…