Cybersecurity researchers have found that third-party plugins available for OpenAI ChatGPT could act as a new attack surface for threat actors looking to gain unauthorized access to sensitive data.
According …
Cybersecurity researchers have found that third-party plugins available for OpenAI ChatGPT could act as a new attack surface for threat actors looking to gain unauthorized access to sensitive data.
According …
Written by World Watch team from CERT Orange Cyberdefense (Marine PICHON, Vincent HINDERER, Maël SARP and Ziad MASLAH) and Sekoia TDR team (Livia TIBIRNA, Amaury G. and Grégoire CLERMONT)
TL;DR…Mar 12, 2024NewsroomWordPress / Website Security
A new malware campaign is leveraging a high-severity security flaw in the Popup Builder plugin for WordPress to inject malicious JavaScript code.
According to …
In late 2022, 4 ransomware strains were discovered that are derived from Conti‘s leaked ransomware strain. One of them was Meow ransomware. The operation of this crypto-ransomware was observed from late …
Hackers are breaching WordPress sites by exploiting a vulnerability in outdated versions of the Popup Builder plugin, infecting over 3,300 websites with malicious code.
The flaw leveraged in the attacks …
As of today, a large majority of intrusion sets and threat actors leverage crypters prior to delivering and executing malicious payloads on a target system. They use it to build …
The cybercrime group called GhostSec has been linked to a Golang variant of a ransomware family called GhostLocker.
“TheGhostSec and Stormous ransomware groups are jointly conducting double extortion ransomware attacks …
Cybercriminals have developed an enhanced version of the infamous GhostLocker ransomware that they are deploying in attacks across the Middle East, Africa, and Asia.
Two ransomware groups, GhostSec and Stormous, …
Last updated at Tue, 05 Mar 2024 22:21:55 GMT
Overview
In February 2024, Rapid7’s vulnerability research team identified two new vulnerabilities affecting JetBrains TeamCity CI/CD server:
CVE-2024-27198 is an authentication…With enterprise applications defaulting to cloud infrastructure, application security testing increasingly resembles penetration testing across an distributed attack surface area of the application — a similarity that is opening new …
LockBitSupp, the individual(s) behind the persona representing the LockBit ransomware service on cybercrime forums such as Exploit and XSS, “has engaged with law enforcement,” authorities said. The development comes following …
Threat actors operating with interests aligned to Belarus and Russia have been linked to a new cyber espionage campaign that likely exploited cross-site scripting (XSS) vulnerabilities in Roundcube webmail servers …
Today’s attackers are taking advantage of changing business dynamics to target people everywhere they work. Staying current on the latest cybersecurity attack vectors and threats is an essential part of …
Recorded Future’s Insikt Group has identified TAG-70, a threat actor likely operating on behalf of Belarus and Russia, conducting cyber-espionage against targeting government, military, and national infrastructure entities in Europe …
Published On : 2024-02-13
EXECUTIVE SUMMARYIn this report, we discuss the recently observed XSSLite Stealer that is being discussed within multiple hacking communities. It was released as part of …
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity security flaw impacting Roundcube email software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of …
By Oleg Zaytsev (Guardio Labs)
The Guardio Labs research team uncovered a critical zero-day vulnerability in the popular Opera …
The Sysdig Threat Research Team discovered techniques that allowed the AWS WAF to be bypassed using a specialized DOM event. Web Application Firewalls (WAFs) serve as the first line of …
Published On : 2024-01-03
EXECUTIVE SUMMARYThis report provides a glimpse into the evolving landscape of RAT development and malicious activities performed by threat actors working under name of ‘Anonymous …
Previously, I wrote a blog going through some of MetaStealer’s functionalities and did a brief comparison with Redline since they are both very similar but, at the same time, different. …
On Christmas Eve, Resecurity’s HUNTER (HUMINT) spotted the author of perspective password stealer Meduza has released a new version (2.2). This product has already generated significant interest in Dark Web …
This report is a little different than our typical content. We were able to analyze data from a perspective we typically don’t get to see… a threat actor’s host! In …
This post is also available in: 日本語 (Japanese)
Executive SummarySince the end of August 2023, we have observed a significant rise in compromised servers specializing in clickbait and ad …
Resecurity has identified an alarming rise in ransomware operators targeting the energy sector, including nuclear facilities and related research entities. Over the last year, ransomware attackers have targeted energy installations …
ESET Research
ESET Research recommends updating Roundcube Webmail to the latest available version as soon as possible
Matthieu Faou
25 Oct 2023 • , 5 min. read
ESET Research has …
This entry delves into threat actors’ intricate methods to implant malicious payloads within seemingly legitimate applications and codebases.
IntroductionAs technology evolves and the world becomes more interconnected, so do …
In early September, Zscaler ThreatLabz discovered a new Malware-as-a-Service (MaaS) threat called “BunnyLoader” being sold on various forums. BunnyLoader provides various functionalities such as downloading and executing a second-stage …
Last updated at Thu, 07 Sep 2023 14:02:21 GMT
Tyler Starks, Christiaan Beek, Robert Knapp, Zach Dayton, and Caitlin Condon contributed to this blog.
Rapid7’s managed detection and response (MDR) …
Analysis and Report by Fabian Marquardt (@marqufabi)
Recently, Telekom Security CTI was made aware via trust groups in which we are engaged about a new malware campaign that is distributed …
The developers behind the information-stealing malware, Raccoon Stealer, have broken their six-month silence on hacker forums. They are now promoting an updated version of the 2.3.0 (2.3.0.1 since August 15, …
As technology continues to evolve, there is a growing concern about the potential for large language models (LLMs), like ChatGPT, to be used for criminal purposes. In this blog we …
Trustwave SpiderLabs discovered a new version of the Rilide Stealer extension targeting Chromium-based browsers such as Google Chrome, Microsoft Edge, Brave, and Opera. This malware uses a creative way to …
Trustwave SpiderLabs uncovered a new strain of malware that it dubbed Rilide, which targets Chromium-based browsers such as Google Chrome, Microsoft Edge, Brave, and Opera.…
In January 2023, through our Dark Web monitoring routine, Sekoia.io identified a new information stealer advertised as Stealc by its alleged developer, going by the handle …
Written by Jon DiMaggio.
Table of Contents
I gotta story to tell…
The LockBit ransomware gang is one of the most notorious organized cybercrime syndicates that exists today. The gang …
After Microsoft announced this year that macros from the Internet will be blocked by default in Office, many threat actors have switched to different file types such as Windows Shortcut …
Published On : 2022-09-25
Erbium Stealer Malware Report Executive SummaryThe Erbium malware is an information-stealer/ info stealer, which is distributed as Malware-as- a-Service (MaaS). CYFIRMA research team observed this …
In July 2022, Sekoia.io discovered a new Golang botnet advertised by its alleged developer as Aurora botnet since April 2022. Since we published an analysis of the …
The parasitic Water Labbu capitalizes on the social engineering schemes of other scammers, injecting malicious JavaScript code into their malicious decentralized application websites to steal cryptocurrency.
We discovered a threat …
Editor’s Note: The following post is an excerpt of a full report. To read the entire analysis, click here to download the report as a PDF.
This report profiles the …
Following the recent Twilio hack leading to the leakage of 2FA (OTP) codes, cybercriminals continue to upgrade their attack arsenal to orchestrate advanced phishing campaigns targeting users worldwide. Resecurity has …
Author: Tomer Bar, VP Security Research, SafeBreach
SafeBreach Labs researchers are constantly monitoring the hacker underground, sourcing intelligence feeds, and conducting original research to uncover new threats and ensure our …
Summary
Actions for ZCS administrators to take today to mitigate malicious cyber activity:
• Patch all systems and prioritize patching known exploited vulnerabilities.
• Deploy detection signatures and hunt for …