Summary: This content discusses a critical SQL injection vulnerability in Fortra FileCatalyst Workflow (CVE-2024-5276) and the availability of a proof-of-concept exploit online.
Threat Actor: N/A
Victim: Enterprise admins using Fortra …
Summary: This content discusses a critical SQL injection vulnerability in Fortra FileCatalyst Workflow (CVE-2024-5276) and the availability of a proof-of-concept exploit online.
Threat Actor: N/A
Victim: Enterprise admins using Fortra …
Summary: The Cybersecurity and Infrastructure Security Agency (CISA) has notified organizations of potential data exposure after an unidentified threat actor accessed CISA’s Chemical Security Assessment Tool. While no evidence of …
Summary: This article discusses Google’s Project Zero framework, which aims to enhance the detection of AI bugs in the field of cybersecurity.
Threat Actor: None mentioned.
Victim: None mentioned.
Key …
Threat Actor: Newly registered threat actor | newly registered threat actor Victim: VirtualBox VME users | VirtualBox VME Price: $50,000 in XMR (Monero) Exfiltrated Data Type: Not specified
Key Points …
This blog investigates the network-based activity detected by Darktrace in compromises stemming from the exploitation of a vulnerability in Palo Alto Networks firewall devices, namely CVE-2024-3400.
IntroductionPerimeter devices such …
ModiLoader aka DBatLoader – Active IOCsJune 21, 2024Multiple IBM i and WebSphere Application Server VulnerabilitiesJune 21, 2024
Analysis SummaryThe SideWinder APT (Advanced Persistent Threat) Group is a sophisticated cyber …
Summary: This content discusses the investigation into UNC3886, a suspected China-nexus cyberespionage group targeting strategic global organizations.
Threat Actor: UNC3886 | UNC3886 Victim: Strategic global organizations | strategic global organizations…
We recently discovered a new threat actor group that we dubbed Void Arachne. This group targets Chinese-speaking users with malicious Windows Installer (MSI) files in a recent campaign. These MSI …
Threat Actor: Unknown | Unknown Victim: Windows 8.1, 10, and 11 | Windows 8.1, 10, and 11 Price: $150,000 in cryptocurrency Exfiltrated Data Type: Not specified
Additional Information:
The threat…Summary: Threat actors are increasingly targeting load balancers, leading to a record exploitation rate for this category of devices over a three-year period.
Threat Actor: Unknown | Unknown Victim: Load …
Threat Actor: Unknown | Unknown Victim: Atlassian Jira | Atlassian Jira Price: 800,000 XMR (Monero) Exfiltrated Data Type: Not specified
Additional Information:
The threat actor is selling a zero-day Remote…The Hi-Tech Crime Trends report by Group-IB highlights a growing cybercriminal focus on Apple devices due to their increasing popularity. This shift has led to a rise in malware …
Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three known exploited vulnerabilities to its catalog, including an Android Pixel Privilege Escalation Vulnerability, a Microsoft Windows Error Reporting …
Summary: Google has released patches for 50 security vulnerabilities.
Threat Actor: None Victim: None
Key Point :
Google has released patches for 50 security vulnerabilities, including two zero-day flaws that…Summary: A Pakistani threat actor known as Cosmic Leopard has been conducting cyber espionage and surveillance on Indian government-associated entities for the past six years.
Threat Actor: Cosmic Leopard | …
Security teams spend a lot of time chasing software vulnerabilities. The fact is, however, that their time would be better spent combating malware because the payoff is better: faster detection, …
Summary: The content discusses the potential exploitation of a recently patched Windows vulnerability by the threat actor behind the Black Basta ransomware.
Threat Actor: Black Basta ransomware | Black Basta …
Summary: A Chinese espionage campaign targeting Fortinet edge devices has resulted in the compromise of at least 20,000 systems worldwide, including governments, international organizations, and defense industry companies.
Threat Actor: …
Summary: Microsoft’s June 2024 Patch Tuesday includes security updates for 51 flaws, including 18 remote code execution flaws and one publicly disclosed zero-day vulnerability.
Threat Actor: None identified.
Victim: None …
CVE-2024-26169) occurs in the Windows Error Reporting Service. If exploited on affected systems, it can permit an attacker to elevate their privileges. The vulnerability was patched on March 12, 2024, …
Summary: Exploit activity targeting a recent information disclosure flaw in Check Point’s VPN technology has increased, emphasizing the need for organizations to address the vulnerability immediately.
Threat Actor: Unknown | …
This staggering amount underscores the imminent need for cyber security to be treated as a global priority. Moreover, with the explosion …
Summary: Attackers have exploited a zero-day vulnerability in TikTok’s direct messages feature to hijack high-profile accounts belonging to companies and celebrities, including Sony, CNN, and Paris Hilton.
Threat Actor: Unknown …
Summary: NATO allies are being urged to allow their militaries to be proactive in cyberspace to prevent cyberattacks that could disrupt the deployment of forces during a conflict, according to …
Summary: This article discusses the threat of cryptocurrency fraud, endpoint security, and fraud management & cybercrime.
Threat Actor: North Korea’s Lazarus Group | North Korea’s Lazarus Group Victim: Not specified …
In this blog we examine how Darktrace was able to detect and block malicious phishing emails sent via Microsoft Teams that were impersonating an international hotel chain.
Social Engineering in…Summary: The content discusses the increase in vulnerability exploitation as an initial access vector in 2023, with a focus on the MOVEit breach. It also highlights the targeting of zero-day …
This blog delves into Darktrace’s investigation into the exploitation of the Citrix Bleed vulnerability on the network of a customer in late 2024. Darktrace’s Self-Learning AI ensured the customer was …
Summary: This content discusses the cybersecurity implications of using Dynamic DNS (DDNS) services embedded in appliances, such as those provided by vendors like Fortinet or QNAP, which increases the discoverability …
Summary: The MITRE Corporation provides an update on the December 2023 attack, revealing that a China-linked nation-state actor breached their systems using zero-day vulnerabilities and an investigation is ongoing.
Threat …
Summary: A report has found that a majority of currently exploited software vulnerabilities are missing from the US National Vulnerability Database (NVD).
Threat Actor: N/A Victim: N/A
Key Point :…
Threat Actor: Unknown | Unknown Victim: Organizations using Pulse Connect Secure VPN | Pulse Connect Secure VPN Price: Not specified Exfiltrated Data Type: Not specified
Additional Information:
The threat actor…Summary: Google has released an emergency security update to address a zero-day vulnerability in the Chrome browser that is actively being exploited in the wild.
Threat Actor: Unknown | Unknown …
Summary: This article discusses the importance of making software bills of materials (SBOMs) more easily shareable in order to enhance visibility into enterprise software supply chains and improve security.
Threat …
As organizations prepare for the challenges and opportunities of 2024, the critical importance of cybersecurity preparedness is increasingly apparent. In an era characterized by rapid digital transformation and continuous innovation, …
Introduction
APT41, known by numerous aliases such as Amoeba, BARIUM, BRONZE ATLAS, BRONZE EXPORT, Blackfly, Brass Typhoon, Earth Baku, G0044, G0096, Grayfly, HOODOO, LEAD, Red Kelpie, TA415, WICKED PANDA, and …
Summary: The U.S. Securities and Exchange Commission (SEC) has announced that the Intercontinental Exchange Inc. (ICE), which owns the New York Stock Exchange (NYSE), will pay a $10 million penalty …
Written by: Michael Raggi
Mandiant Intelligence is tracking a growing trend among China-nexus cyber espionage operations where advanced persistent threat (APT) actors utilize proxy networks known as “ORB networks” (operational …
Summary: An extensive security audit of QNAP QTS, the operating system for the company’s NAS products, has uncovered fifteen vulnerabilities, with eleven remaining unfixed.
Threat Actor: WatchTowr Labs | WatchTowr …
Summary: The Open Source Security Foundation (OpenSSF) has launched an email mailing list called Siren to share threat intelligence related to open source projects, addressing the growing concerns about the …
Summary: The content discusses the expanding enterprise attack surface and the challenges faced by security teams in managing and securing it.
Threat Actor: N/A
Victim: N/A
Key Point :
The…Summary: The Norwegian National Cyber Security Centre (NCSC) recommends replacing SSLVPN/WebVPN solutions with alternatives due to the repeated exploitation of related vulnerabilities in edge network devices to breach corporate networks.…
Summary: Cloud security incidents are increasing, with 61% of organizations reporting breaches in the last year, highlighting the growing risk landscape in cloud environments.
Threat Actor: N/A
Victim: N/A
Key …
Summary: This content discusses the primary intrusion point for ransomware attacks, which are remote-access tools, and highlights the shift in focus from remote desktop protocol to targeting self-managed VPNs.
Threat …
Summary: This content discusses the importance of taking a holistic approach to vulnerability management in order to effectively address the risks facing cyber-physical systems (CPS) environments.
Threat Actor: N/A
Victim: …
Summary: This report examines the threat posed by Russia-linked advanced persistent threat (APT) groups on operational technology (OT) by analyzing key cyber attacks from the past 12 months, providing detection …
Summary: Google has released an emergency security update for Chrome to address a third zero-day vulnerability that has been exploited in attacks within a week.
Threat Actor: Unknown | Unknown …