In this article, we will analyse an APT group that has attracted a lot of attention and has recently attracted attention for its activities: “Sea Turtle“.…
Tag: UNIX
Summary: The Qualys Threat Research Unit has discovered a Remote Unauthenticated Code Execution vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems, which allows unauthenticated remote code execution as root …
Summary: Gitleaks is an open-source SAST tool designed to detect and prevent hardcoded secrets in Git repositories.
Threat Actor: N/A Victim: N/A
Key Point :
Gitleaks is an open-source SAST…This blog investigates the network-based activity detected by Darktrace in compromises stemming from the exploitation of a vulnerability in Palo Alto Networks firewall devices, namely CVE-2024-3400.
IntroductionPerimeter devices such …
Summary: There is a critical vulnerability in the command line program wget, which has a CVSS Base Score of 10.0. CERT-Bund warns of the vulnerability, which is contained in wget …
Summary: This content discusses the investigation into UNC3886, a suspected China-nexus cyberespionage group targeting strategic global organizations.
Threat Actor: UNC3886 | UNC3886 Victim: Strategic global organizations | strategic global organizations…
I am @unixfreaxjp of MalwareMustDie team. This is the English translation of APT overall analysis I made in Japanese at my Japan security blog: “#OCJP-136: 「FHAPPI」 Geocities.jpとPoison Ivy(スパイウェア)のAPT事件”, it has …
Summary: This content discusses a new cryptojacking campaign by the threat actors behind Spinning YARN, targeting exposed Docker Engine hosts.
Threat Actor: Spinning YARN | Spinning YARN Victim: Docker Engine …
This blog entry provides an analysis of the Noodle RAT backdoor, which is likely being used by multiple Chinese-speaking groups engaged in espionage and other types of cybercrime.
This blog …
Summary: The content discusses the ‘cors-parser’ npm package, which is used to download what appears to be PNG images but actually contains encoded instructions to drop malware on target systems.…
Summary: This content discusses Radare, an open-source reverse engineering framework and command-line toolset, and its capabilities for analyzing and exploring various architectures.
Threat Actor: N/A
Victim: N/A
Key Point :…
AhnLab SEcurity intelligence Center (ASEC) recently discovered that Remcos RAT is being distributed via UUEncoding (UUE) files compressed using Power Archiver.
The image below shows a phishing email distributing the …
We analyze a cryptojacking attack campaign exploiting exposed Docker remote API servers to deploy cryptocurrency miners, using Docker images from the open-source Commando project.
Summary We analyze a cryptojacking attack…In this blog entry, our researchers provide an analysis of TargetCompany ransomware’s Linux variant and how it targets VMware ESXi environments using new methods for payload delivery and execution.
Summary…
This week, the SonicWall Capture Labs Research team analyzed a new sample of Linux ransomware. The group behind this ransomware, called INC Ransomware, has been active since it was …
Cybereason issues Threat Alerts to inform customers of emerging impacting threats, including critical vulnerabilities. Cybereason Threat Alerts summarize these threats and provide practical recommendations for protecting against them.…
Summary
As part of our continuous hunting efforts across the Asia-Pacific region, BlackBerry discovered Pakistani-based advanced persistent threat group Transparent Tribe (APT36) targeting the government, defense and aerospace sectors of …
Summary: The cryptojacking group known as Kinsing has been actively orchestrating illicit cryptocurrency mining campaigns since 2019, continuously evolving and adapting by integrating newly disclosed vulnerabilities to expand its botnet.…
Summary: This content discusses the vulnerability of nearly 52,000 internet-exposed Tinyproxy instances to a recently disclosed critical remote code execution (RCE) flaw.
Threat Actor: None mentioned.
Victim: Tinyproxy instances.
Key …
Summary: This content discusses a path traversal-affiliated vulnerability pattern found in multiple popular Android applications, which could lead to arbitrary code execution and token theft.
Threat Actor: Microsoft | Microsoft …
Summary: This content discusses the vulnerabilities found in Brocade’s SANnav Management Portal and SANnav Global View software, which can potentially impact the security and functionality of the SAN (Storage Area …
Curated bookmark list categorized by area and event monitoring, person of interest search, corporate profiling, mapping, AI, intelligence analysis, reporting tools, collective tools, cryptocurrency, country specific, verification and fact-checking.
They …
Cado Security Labs recently received reports of the Cerber ransomware being deployed onto servers running the Confluence application via the CVE-2023-22518 exploit. There is a large amount of coverage …
OceanLotus, also known as APT32, Ocean Buffalo, and SeaLotus, is a highly sophisticated adversary operating on behalf of the interests of the Vietnamese government that was first identified by the …
Hello, I’m RyotaK ( @ryotkak ), a security engineer at Flatt Security Inc.
Recently, I reported multiple vulnerabilities to several programming languages that allowed an attacker to perform command injection on …
CyberChef – The Cyber Swiss Army Knife – is a web-based utility that allows analysts to manipulate or transform inputs based on a series of steps called …
As my manager knows, I’m not the biggest fan of working in a physical office. I’m a picky worker — I like my workspace to be borderline frigid, I hate …
Table of Contents
By: Alex Reid, Current Red Siege Intern
SSH-ishing? Suh-shishing? Have you gotten your blood pressure checked recently?
In the April 2018 release of Windows 10 version 1803, …
______________________Summary: The blog post analyzes the Linux version of DinodasRAT, a malware used by Chinese-nexus APT threat actors. The Linux version, known as Linodas, has separate development and introduces auxiliary …
Open-source software’s adaptive nature ensures its durability, relevance, and compatibility with new technologies.
When I started digging deeper into the open-source cybersecurity ecosystem, I discovered an engaged community of developers …
DinodasRAT, also known as XDealer, is a multi-platform backdoor written in C++ that offers a range of capabilities. This RAT allows the malicious actor to surveil and harvest sensitive data …
During the course of an intrusion investigation in late October 2023, Mandiant observed novel N-day exploitation of CVE-2023-46747 affecting F5 BIG-IP Traffic Management User Interface. Additionally, in February 2024, we observed …
A new client recently came to us reporting seemingly random pop ups occurring on their website. While it was clear that there was something amiss with the website it was …
Written by: Michael Raggi, Adam Aprahamian, Dan Kelly, Mathew Potaczek, Marcin Siedlarz, Austin Larsen
During the course of an intrusion investigation in late October 2023, Mandiant observed novel N-day exploitation …
Lynis is a comprehensive open-source security auditing tool for UNIX-based systems, including Linux, macOS, and BSD.
Hardening with LynisLynis conducts a thorough security examination of the system directly. Its …
While the threat landscape continues to shift and evolve, attackers’ motivations do not, according to a Red Canary report. The classic tools and techniques adversaries deploy remain consistent–with some notable …
Cybereason Security Services issues Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them.…
In this article, we’ll delve into the world of designing and developing malware for macOS, which is essentially a Unix-based operating system. We’ll take a classic approach to exploring Apple’s …
Cado Security Labs researchers have recently encountered an emerging malware campaign targeting misconfigured servers running the following web-facing services:
The campaign utilises a number of unique and unreported payloads, …
PRESS RELEASE
SAN FRANCISCO, March 5, 2024 /PRNewswire/ — Delinea, a leading provider of solutions that seamlessly extend Privileged Access Management (PAM), today announced the introduction of Privilege Control for Servers on the Delinea Platform, …
Analysis of an Android Malware-as-a-Service Operation
Coper, a descendant of the ,,Exobot malware family, was ,,first observed in the wild in July 2021, targeting Colombian Android users. At that time, …
Mandiant and Ivanti’s investigations into widespread Ivanti zero-day exploitation have continued across a variety of industry verticals, including the U.S. defense industrial base sector. Following the initial publication on Jan. 10, …
Written by: Matt Lin, Robert Wallace, Austin Larsen, Ryan Gandrud, Jacob Thompson, Ashley Pearson, Ashley Frazer
Mandiant and Ivanti’s investigations into widespread Ivanti zero-day exploitation have continued across a variety …
This is a series that explores methods attackers might use to maintain persistent access to a compromised linux system. To do this, Pberba will take an “offense informs defense” approach …
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality …
Cado Security Labs researchers have recently encountered a novel malware campaign targeting Redis for initial access. Whilst Redis is no stranger to exploitation by Linux and cloud-focused attackers, this …