Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
While responding to an incident at one of our clients, the PT ESC CSIRT team discovered a previously unknown backdoor written in Go, which we attributed to a cybercrime gang dubbed ExCobalt.
ExCobalt focuses on cyberespionage and includes several members active since at least 2016 and presumably once part of the notorious Cobalt gang. Cobalt attacked financial institutions to steal funds.…
This post reviews strategies for identifying and mitigating potential attack vectors against virtual machine (VM) services in the cloud. Organizations can use this information to understand the potential risks associated with their VM services and strengthen their defense mechanisms. This research focuses on VM services offered by three major cloud service providers (CSPs): Amazon Web Services (AWS), Azure and Google Cloud Platform (GCP).…
Summary: China’s cybersecurity experts have become dominant players in global capture-the-flag competitions, exploit contests, and bug bounty programs, and the Chinese government is using their expertise to strengthen the nation’s cyber-offensive capabilities.
Threat Actor: China | China Victim: N/A
Key Point :
China’s cybersecurity experts have evolved from hesitant participants to dominant players in global hacking competitions and bug bounty programs.…Summary: This content discusses the persistent threat of SQL injection (SQLi) attacks, which remain a common source of web application vulnerabilities. It also highlights the emerging risk of SQLi attacks targeting software developed on low-code and no-code platforms.
Threat Actor: Cybercriminals | Cybercriminals Victim: Manufacturers and others | Manufacturers
Key Point :
SQL injection (SQLi) attacks have persisted since the late 1990s and remain a significant vulnerability in web applications.…Summary: This content discusses critical-rated flaws in VMware’s vCenter Server, which could potentially lead to remote code execution if exploited by a malicious actor.
Threat Actor: Unknown | Unknown Victim: VMware | VMware
Key Point :
VMware has identified two critical-rated flaws in its vCenter Server, which are heap-overflow vulnerabilities in the implementation of the DCE/RPC protocol.…Recorded Futures Insikt Group identified that Vortax, a purported virtual meeting software, spreads three infostealersRhadamanthys, Stealc, and Atomic macOS Stealer (AMOS). This extensive campaign targets cryptocurrency users, exploiting macOS vulnerabilities. Operated by the threat actor markopolo, this campaign has significant implications for macOS security, indicating a potential increase in AMOS attacks.…
Threat Actor: Unknown | Unknown Victim: Windows Vista and later devices | Windows Vista and later devices Price: $5,000 USD (negotiable) Exfiltrated Data Type: Not specified
Additional Information:
The threat actor is selling an exploit for CVE-2024-30078, a Remote Code Execution (RCE) vulnerability in the WiFi driver affecting all Windows Vista and later devices.…Summary: A 22-year-old man from the UK, known as “Tyler,” has been arrested in Spain for allegedly leading the cybercrime group Scattered Spider, which is responsible for hacking into numerous organizations including Twilio, LastPass, DoorDash, and Mailchimp.
Threat Actor: Scattered Spider | Scattered Spider Victim: Various organizations including Twilio, LastPass, DoorDash, and Mailchimp | Twilio, LastPass, DoorDash, Mailchimp
Key Point :
A 22-year-old man from the UK, known as “Tyler,” has been arrested in Spain for allegedly leading the cybercrime group Scattered Spider.…Threat Actor: Unknown | Unknown Victim: Dahua Cameras | Dahua Cameras Price: $400,000 Exfiltrated Data Type: Not specified
Additional Information:
The threat actor is selling a 0day vulnerability for Dahua cameras. The vulnerability is claimed to be compatible with all versions of the device. The vulnerability allows unrestricted access to all functions of the camera, including full management and control capabilities.…Summary: ASUS has addressed a critical remote authentication bypass vulnerability affecting seven router models, allowing a remote attacker to log into the device without authentication.
Threat Actor: N/A
Victim: ASUS
Key Point :
The vulnerability, tracked as CVE-2024-3080, impacts several ASUS router models, including ZenWiFi XT8, RT-AX57, RT-AC86U, and RT-AC68U.…Manila, Philippines — A cyber attack was reported earlier today as the Maritime Industry Authority (MARINA) is the latest agency that was attacked by Ph1ns. This individual, also implicated in recent attacks on government entities including the Department of Science and Technology (DOST) and the Philippine National Police (PNP), successfully breached MARINA’s critical systems.…
Summary: The content discusses the increasing exploitation of vulnerabilities in edge services and infrastructure devices by cyber threat actors.
Threat Actor: Cyber threat actors | cyber threat actors Victim: Organizations using vulnerable edge services and infrastructure devices | organizations using vulnerable edge services and infrastructure devices
Key Point:
Vulnerabilities in edge services and infrastructure devices are increasingly targeted by cyber threat actors as they provide an ideal initial access point into a network.…HTTP request smuggling is a technique used to interfere with the way a website processes sequences of HTTP requests received from users. This vulnerability can be critical, enabling attackers to bypass security controls, access sensitive data, and compromise other users.
How Request Smuggling Vulnerabilities AriseRequest smuggling mainly affects HTTP/1 requests and can occur due to differences in handling the Content-Length and Transfer-Encoding headers, which both specify the length of an HTTP message.…
The video is a walkthrough of a lab on Pwn Labs focusing on using Amazon Inspector for vulnerability management and remediation. Here are the key points covered in the video:
Introduction to Pwn Labs:Pwn Labs offers hands-on labs for cloud security training, similar to TryHackMe and Hack The Box, but focused on AWS, Azure, and GCP.…If you’re pentesting web applications, you certainly come across a lot of JavaScript. Nearly every web application nowadays is using it. Frameworks like Angular, React and Vue.js place a lot of functionality and business logic of web applications into the front end. Thus, to thoroughly pentest web applications, you have to analyze their client-side JavaScript.…
Summary: This content discusses the proactive approach taken by Protect AI to identify and address security risks in AI systems, specifically focusing on vulnerabilities in the tools used to build machine learning models in the OSS AI/ML supply chain.
Threat Actor: N/A
Victim: N/A
Key Point :
Protect AI’s huntr is the world’s first AI/ML bug bounty program, where a community of 15,000+ members hunts for vulnerabilities in the OSS AI/ML supply chain.…Summary: This article discusses a potential breach at AI company Hugging Face, where attackers may have gained unauthorized access to secrets stored in their Spaces platform.
Threat Actor: Unknown | Hugging Face Victim: Hugging Face | Hugging Face
Key Points:
Hugging Face disclosed a potential breach where attackers may have accessed secrets stored in their Spaces platform.…The Hi-Tech Crime Trends report by Group-IB highlights a growing cybercriminal focus on Apple devices due to their increasing popularity. This shift has led to a rise in malware targeting iOS and macOS, with the App Store becoming a frequent target for distributing malware. The introduction of third-party app stores under the EU’s Digital Markets Act is expected to further exploit this trend.…
Hackers often attack online banking platforms, e-commerce portals, and payment systems for illicit purposes.
Resecurity researchers have recently revealed that the Smishing Triad group has launched a fresh smishing campaign targeting Pakistani mobile users.
The gang members send harmful messages pretending to be Pakistan Post via iMessage and SMS in an attempt to steal personal and financial information.…
On May 7, 2024, Devcore Principal Security Researcher Orange Tsai discovered and reported a critical Remote Code Execution (RCE) vulnerability, CVE-2024-4577, to the PHP official team. This vulnerability stems from errors in character encoding conversions, particularly affecting the “Best Fit” feature on Windows operating systems. …