Cybereason issues Threat Alerts to inform customers of emerging impacting threats, including critical vulnerabilities. Cybereason Threat Alerts summarize these threats and provide practical recommendations for protecting against them.…
Tag: VULNERABILITY
In October 2023 we posted our research about the notorious surveillance framework LightSpy2. In our research, we proved with a high degree of confidence that both implants for Android and iOS came from the same developer and shared the same network infrastructure, but also that they were just a small part of a larger framework.…
In this blog we examine how Darktrace was able to detect and block malicious phishing emails sent via Microsoft Teams that were impersonating an international hotel chain.
Social Engineering in Phishing AttacksFaced with increasingly cyber-aware endpoint users and vigilant security teams, more and more threat actors are forced to think psychologically about the individuals they are targeting with their phishing attacks. Social…
Summary: This article discusses a critical vulnerability in the TP-Link Archer C5400X gaming router that allows remote command execution, posing a risk to users.
Threat Actor: N/A
Victim: TP-Link Archer C5400X gaming router users
Key Point:
A critical vulnerability in the TP-Link Archer C5400X gaming router has been disclosed, allowing remote command execution.…Summary: The content discusses the increase in vulnerability exploitation as an initial access vector in 2023, with a focus on the MOVEit breach. It also highlights the targeting of zero-day vulnerabilities by ransomware actors and the involvement of third parties in data breaches.
Threat Actor: N/A
Victim: N/A
Key Point :
The exploitation of vulnerabilities almost tripled as an initial access vector in 2023, fueled in part by the MOVEit breach.…Summary: Security researchers have released a proof-of-concept exploit for a remote code execution vulnerability in Fortinet’s SIEM solution, which allows executing commands as root on Internet-facing FortiSIEM appliances.
Threat Actor: Horizon3’s Attack Team | Horizon3’s Attack Team Victim: Fortinet | Fortinet
Key Point :
A proof-of-concept exploit has been released for a remote code execution vulnerability in Fortinet’s SIEM solution.…In March 2024, the Sysdig Threat Research Team (TRT) began observing attacks against one of our Hadoop honeypot services from the domain “rebirthltd[.]com.” Upon investigation, we discovered that the domain pertains to a mature and increasingly popular DDoS-as-a-Service botnet. The service is based on the Mirai malware family, and the operators advertise its services through Telegram and an online store (rebirthltd.mysellix[.]io).…
This blog delves into Darktrace’s investigation into the exploitation of the Citrix Bleed vulnerability on the network of a customer in late 2024. Darktrace’s Self-Learning AI ensured the customer was well equipped to track the post-compromise activity and identify affected devices.
What is Citrix Bleed?Since August 2023, cyber threat actors have been actively exploiting one of the most significant critical vulnerabilities disclosed in recent years: Citrix Bleed.…
Published On : 2024-05-29
EXECUTIVE SUMMARYA critical vulnerability, identified as CVE-2024-3273, has been discovered in certain end-of-life (EOL) D-Link NAS devices, presenting a severe threat due to the lack of ongoing support and their high susceptibility to attacks. With a CVSS base score of 9.8, this vulnerability is extremely serious, potentially allowing unauthorized access, data theft, system modifications, or denial of service attacks.…
A stalkerware company with poor security practices is exposing victims’ data as the software, designed for unauthorized device monitoring, leaked victims’ phone screenshots through a publicly accessible URL.
The incident highlights the dangers of stalkerware, which not only facilitates illegal surveillance but also puts victims at risk of further compromise through data breaches.…
During a recent red team operation, NetSPI discovered a local privilege escalation path in the default installation of Microsoft Service Fabric Runtime, a software commonly used for local application development. This vulnerability would allow a low privilege user, with a foothold on a host running the service fabric deployment, to elevate their privileges up to System. …
Threat Actor: Unknown | Unknown Victim: BreingAir | BreingAir Price: Not disclosed Exfiltrated Data Type: User credentials (client, employee, and admin)
Additional Information:
The threat actor claims to be selling sensitive data from BreingAir, an airline company based in Alaska, USA. The compromised data includes 28,378 client/employee user credentials, including email/login information and passwords encrypted using the MD5 hashing algorithm.…Summary: This article discusses a recent ransomware attack by the Ransomhub group on an Industrial Control Systems (ICS) of a Spanish bioenergy plant, highlighting the dangers of cyberattacks on ICS.
Threat Actor: Ransomhub | Ransomhub Victim: Spanish bioenergy plant | Spanish bioenergy plant
Key Point :
The recent ransomware attack by the Ransomhub group targeted the Supervisory Control and Data Acquisition (SCADA) system of a Spanish bioenergy plant, highlighting the vulnerability of Industrial Control Systems (ICS) to cyberattacks.…Summary: The content discusses the critical vulnerabilities in several WordPress plugins and the urgent need for users to take action to protect their websites from unauthorized access and exploitation by malicious actors.
Threat Actor: N/A
Victim: N/A
Key Point :
The Cyber Security Agency of Singapore has issued a critical alert regarding vulnerabilities in multiple WordPress plugins, emphasizing the importance of immediate action to address these risks.…Summary: CISOs are increasingly confident in their ability to defend against cyber threats, despite the growing fear of cyber attacks.
Threat Actor: N/A
Victim: N/A
Key Point :
70% of surveyed CISOs feel at risk of a material cyber attack over the next 12 months, compared to 68% the year before, and 48% in 2022.…Summary: This content discusses the cybersecurity implications of using Dynamic DNS (DDNS) services embedded in appliances, such as those provided by vendors like Fortinet or QNAP, which increases the discoverability of customer devices by attackers.
Threat Actor: Attackers
Victim: Customers using appliances with embedded Dynamic DNS (DDNS) services, such as those provided by vendors like Fortinet or QNAP.…
Summary: A report has found that a majority of currently exploited software vulnerabilities are missing from the US National Vulnerability Database (NVD).
Threat Actor: N/A Victim: N/A
Key Point :
A VulnCheck report has revealed that 30 out of 59 known exploited vulnerabilities have not yet been analyzed by the NVD team.…Summary: This article discusses how hackers could exploit a bug on the Replicate artificial intelligence platform to steal data and manipulate AI models.
Threat Actor: Hackers | Hackers Victim: Replicate artificial intelligence platform | Replicate artificial intelligence platform
Key Point :
Attackers could have exploited a critical vulnerability in the Replicate artificial intelligence platform to access private AI models and steal data.…Summary: A new Google Ads malvertising campaign is tricking users into downloading trojanized installers for the Arc web browser, infecting them with malware payloads.
Threat Actor: Cybercriminals | Cybercriminals Victim: Users downloading the Arc web browser | Arc web browser
Key Point:
Cybercriminals set up malicious advertisements on Google Search to target users looking to download the new Arc web browser.…Summary: Cisco has addressed a vulnerability in the web-based management interface of the Firepower Management Center (FMC) Software, which could allow an attacker to conduct SQL injection attacks and potentially gain root privileges.
Threat Actor: N/A
Victim: Cisco
Key Point:
Cisco has patched a vulnerability in its Firepower Management Center (FMC) Software that could allow an attacker to conduct SQL injection attacks.…