FBI says BianLian based in Russia, moving from ransomware attacks to extortion | #ransomware | #cybercrime | National Cyber Security Consulting

BianLian ransomware actors are likely based in Russia and have multiple Russia-based affiliates, according to new information shared by the FBI and Australian law enforcement.  BianLian has drawn scrutiny for attacks on charities like Save The Children as well as healthcare firms like Boston Childr…

CISA: CISA Releases Four Industrial Control Systems Advisories - RedPacket Security

CISA Releases Four Industrial Control Systems Advisories

CISA: Foreign Threat Actor Conducting Large-Scale Spear-Phishing Campaign with RDP Attachments - RedPacket Security

Foreign Threat Actor Conducting Large-Scale Spear-Phishing Campaign with RDP Attachments

 US charges five men linked to ‘Scattered Spider’ with wire fraud | #cybercrime | #infosec | National Cyber Security Consulting

Federal authorities unsealed charges Wednesday against five individuals with links to the “Scattered Spider” cybercrime syndicate, accusing them of conducting an extensive phishing scheme that compromised companies nationwide, enabling the theft of non-public data and millions in cryptocurrency.  A…

Salt Typhoon: Churning Up a Storm of Consternation

The public first heard the name of Chinese threat actor “Salt Typhoon” on September 25, 2024, when the Wall Street Journal published an article titled “China-Linked Hackers Breach US Internet Providers in New ‘Salt Typhoon’ Cyber Attack.” Many of us were not expecting another typhoon to blow in so …

Azure Key Vault Tradecraft with BARK

BriefThis post details the existing and new functions in BARK that support adversarial tradecraft research relevant to the Azure Key Vault service. The latter part of the post shows an example of how a red team operator may use these commands during the course of an assessment. AuthenticationAzure …

Azure Key Vault Tradecraft with BARK

This post details the existing and new functions in BARK that support Azure Key Vault tradecraft research

Five Privilege Escalation Flaws Found in Ubuntu needrestart

Five LPE flaws in Ubuntu’s needrestart utility enable attackers to gain root access in versions prior to 3.8

Detecting Pacific Rim IOCs with Eclypsium

The Pacific Rim cyberattack saga, detailed in a series of blog posts by Sophos in October 2024, offers a sobering reminder for enterprises: everyone is a target. No enterprise is too small or uninteresting to fall into the attack path of nation-state threat actors.  Widely used firewalls and other…

Multiple Vulnerabilities in Wowza Streaming Engine (Fixed) | Rapid7 Blog

Zyxel VPN security flaw targeted by new ransomware attackers | #ransomware | #cybercrime | National Cyber Security Consulting

Researchers spot Helldown exploiting Zyxel VPN to breach networks The flaw was previously undisclosed The crooks mostly target SMBs in the US and Europe There appears to be a new ransomware player in town, exploiting vulnerabilities in Zyxel firewalls and IPSec access points to compromise victims, …

November 20 Advisory: Apache Traffic Server Vulnerabilities [CVE-2024-38479, CVE-2024-50305, CVE-2024-50306]

Trump’s Second Term: What It Means for Cybersecurity Policy and Cyber Threats

As Donald Trump prepares for his second term as the 47th President of the United States, the cybersecurity landscape is poised for significant evolution. With a Republican majority in both the Senate and House, his administration is positioned to implement a swift and assertive policy agenda. While…

Apple, Oracle, and Apache Issue Critical Updates for Actively Exploited and High-Risk Vulnerabilities - SOCRadar® Cyber Intelligence Inc.

Organizations using Apple, Oracle, and Apache software must act quickly as critical security flaws have been disclosed, with some actively exploited in the

Phishing the “Tech Savvy”: Threat Actors who Target Cryptocurrency Wallets and Networks

Cryptocurrency wallets and networks are enticing targets for state-sponsored threat actors and cybercriminals given the lucrativeness of…

Volt Typhoon Attacking U.S. Critical Infrastructure To Maintain Persistent Access

Volt Typhoon, a Chinese state-sponsored threat actor, targets critical infrastructure sectors like communications, energy, transportation,

Update now! Apple confirms vulnerabilities are already being exploited

Apple has released security patches for most of its operating systems, including iOS, Mac, iPadOS, Safari, and visionOS. The updates for iOS and Intel-based Mac systems are especially important, as they tackle vulnerabilities that are being actively exploited by cybercriminals. You should make sur…

Ignoble Scorpius, Distributors of BlackSuit Ransomware | #ransomware | #cybercrime | National Cyber Security Consulting

Executive Summary Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Sc…

Update now! Apple confirms vulnerabilities are already being exploited | Malwarebytes

Apple has released security updates that look especially important for Intel-based Macs because they are already being exploited in the wild.

Chinese APT Group Targets Telecom Firms Linked to BRI

CrowdStrike unveiled a new Chinese-aligned hacking group allegedly spying on telecom providers

The Hidden Threat: How Vulnerabilities Can Shut Down Your Business

Cybersecurity vulnerabilities, such as web security misconfigurations and unpatched applications, pose significant risks that can lead to…

Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign - CyberSRC

The targeting of U.S. telecom giants like T-Mobile by the Chinese threat actor group Salt Typhoon reflects the sophisticated tactics […]

Apple, Oracle, and Apache Issue Critical Updates for Actively Exploited and High-Risk Vulnerabilities

Apple, Oracle, and Apache Issue Critical Updates for Actively Exploited and High-Risk Vulnerabilities Organizations using Apple, Oracle, and Apache software must act quickly as critical security flaws have been disclosed, with some actively exploited in the wild. Apple has patched two severe vulne…

ELPACO-Team Ransomware: A Fresh Variant from the MIMIC Ransomware Family

CYFIRMA has identified a sophisticated dropper binary associated with the “ELPACO-team” ransomware, a new variant of the “MIMIC” ransomware…

6 Common Persistence Mechanisms in Malware

Persistence mechanisms are techniques used by attackers to keep malware active, even after log-offs, reboots, or restarts. In other words, they’re techniques that make malware tougher to detect and even harder to remove once it’s on a system.  Let’s dive into a few of the common mechanisms attacke…

6 Common Persistence Mechanisms in Malware - ANY.RUN's Cybersecurity Blog

Learn about the most common mechanisms attackers use to keep their malware persistent on infected systems. 

New Cyble Report Highlights Critical Vulnerabilities and Rising Cyber Threats in ANZ for 2024

The 2024 ANZ Threat Landscape Report by Cyble reveals an increase in cybersecurity risks faced by organizations across Australia and

Monthly Threat Actor Group Intelligence Report, September 2024 (ENG)

Monthly Threat Actor Group Intelligence Report, September 2024 (ENG) This report is a summary of Threat Actor group activities analyzed by the NSHC Threat Research Lab based on data and information collected from 21 August 2024 to 20 September 2024. In September, activities by a total of 47 Threa…

Palo Alto CVE-2024-0012 and CVE-2024-9474 Vulnerabilities Explained

Learn about Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474 vulnerabilities and how to defend against them effectively.

AndroxGh0st Malware Exploits Critical Vulnerabilities

What is AndroxGh0st?

ANZ Threat Landscape Report 2024: Key Insights For CISO Defenses

Cyble releases the ANZ Threat Landscape Report 2024, highlighting rising cyber threats and mitigation strategies for CISOs.

ช่องโหว่ RCE ระดับ Critical ใน VMware vCenter Server ถูกใช้ในการโจมตีแล้ว

ประจำวันพุธที่ 20 พฤศจิกายน 2567

Helldown Ransomware Group Tied to Zyxel's Firewall Exploits | #ransomware | #cybercrime | National Cyber Security Consulting

Fraud Management & Cybercrime , Network Firewalls, Network Access Control , Ransomware Firewall Vendor Warns Attackers Using Valid Credentials They Previously Stole Akshaya Asokan (asokan_akshaya) , Mathew J. Schwartz (euroinfosec) • November 19, 2024     Image: Shutterstock Attackers wielding an e…

Apple Issues Security Updates to Patch Zero-Day Vulnerabilities in iOS, macOS, and More - CloudSEK News

Apple releases urgent updates for iOS, macOS, and Safari to fix two zero-day flaws under active exploitation. Update now to protect your device and data.

Technical Intricacies of “BabbleLoader”

The loader market is rapidly evolving, with sophisticated tools like BabbleLoader emerging to deliver malicious payloads while evading…

Emergency Security Updates iOS 18.1.1 and macOS Sequoia 15.1.1

Apple issued a new round of updates to address newly discovered flaws in iPhones and Macs, warning that hackers may be exploiting the weaknesses

Multiples vulnérabilités dans les produits Atlassian - CERT-FR

Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution

<p>Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the …

US charges five linked to Scattered Spider cybercrime gang

The U.S. Justice Department has charged five suspects believed to be part of the financially motivated Scattered Spider cybercrime gang with conspiracy to commit wire fraud.

Monthly Threat Actor Group Intelligence Report, September 2024 (ENG) – Red Alert

Ubuntu Linux impacted by decade-old 'needrestart' flaw that gives root

Five local privilege escalation (LPE) vulnerabilities have been discovered in the needrestart utility used by Ubuntu Linux, which was introduced over 10 years ago in version 21.04.

JVN#16114985: "Kura Sushi Official App Produced by EPARK" for Android uses a hard-coded cryptographic key

 US charges five men linked to ‘Scattered Spider’ with wire fraud

Five members of the "Scattered Spider" cybercrime syndicate have been indicted and accused of a nationwide phishing scheme.

China’s Expanding Influence: Understanding Global Ambitions and Their Impact on U.S. Interests

Strategic Challenges to China’s Rising Power

Understanding Russian Cyber Attacks on the US and Allied Nations — Phishing, Homograph Attacks, and…

Understanding the Threat

The Bears APT’s

APT’s are groups in cybersecurity that are advanced, persistent and cause real threats that results in damage around many organizations.

The Pandas APT’s

APT’s are groups in cybersecurity that are advanced, persistent and cause real threats that results in damage around many organizations.

Managed Vulnerability Scanning: Key Findings and the Importance of Regular Patching

There is no doubt about the value of conducting Managed Vulnerability Scanning.

🚨 Critical Remote Code Execution (RCE) Bug in VMware vCenter Server Now Exploited in Active…

WIRE TOR — The Ethical Hacking Services

The Devil and the Termite: data-leak sites emerge for Chort and Termite extortion groups

Discover the emergence of new English-speaking extortion groups, Chort and Termite. Learn about their tactics.

주간 탐지 룰(YARA, Snort) 정보 - 2024년 11월 3주차 - ASEC

AhnLab TIP 서비스에서 수집한, 공개된 YARA, Snort룰(2024년 11월 3주) 정보입니다. 1 YARA Rules 탐지명 설명 출처 MAL_ELF_Xlogin_Nov24_1 xlogin 백도어 샘플 탐지 https://github.com/Neo23x0/signature-base 4 Snort Rules 탐지명 설명 출처 ET WEB_SPECIFIC_APPS Symphony PHP Symfony Profiler Environment Manipulation (CVE-2024-50340) Symphony PHP Symf…

Weekly Detection Rule (YARA and Snort) Information - Week 3, November 2024 - ASEC

The following is the information on Yara and Snort rules (week 3, November 2024) collected and shared by the AhnLab TIP service. 1 YARA Rules Detection name Description Source MAL_ELF_Xlogin_Nov24_1 Detects xlogin backdoor samples https://github.com/Neo23x0/signature-base 4 Snort Rules Detection na…

Exploited PAN-OS Zero-Days Threaten Thousands of Firewalls (CVE-2024-0012 and CVE-2024-9474) - SOCRadar® Cyber Intelligence Inc.

Palo Alto Networks recently disclosed two zero-day vulnerabilities affecting their PAN-OS devices, actively exploited in the wild. These flaws, CVE-2024-0012

One Sock Fits All: The use and abuse of the NSOCKS botnet - Lumen Blog

Black Lotus Labs has tracked down a notorious criminal proxy network, with a daily average of 35k bots located mostly in the U.S., allowing users to attack networks with total anonymity

One Sock Fits All: The use and abuse of the NSOCKS botnet - Lumen Blog

Black Lotus Labs has tracked down a notorious criminal proxy network, with a daily average of 35k bots located mostly in the U.S., allowing users to attack networks with total anonymity

Exploited PAN-OS Zero-Days Threaten Thousands of Firewalls (CVE-2024-0012 and CVE-2024-9474)

Exploited PAN-OS Zero-Days Threaten Thousands of Firewalls (CVE-2024-0012 and CVE-2024-9474) Palo Alto Networks recently disclosed two zero-day vulnerabilities affecting their PAN-OS devices, actively exploited in the wild. These flaws, CVE-2024-0012 and CVE-2024-9474, exploit weaknesses in the man…

绿盟科技威胁周报（2024.11.11-2024.11.17） – 绿盟科技技术博客

VMware vCenter Server の重大な RCE バグが攻撃に悪用される - PRSOL:CC

Broadcom は本日、攻撃者が VMware vCenter Server の 2 つの脆弱性を悪用していることを警告しました。 TZL のセキュリティ研究者は、中国の 2024 Matrix Cup ハッキングコンテスト中に RCE 脆弱性（CVE-2024-38812）を報告しました。この脆弱性は、vCenterのDCE/RPCプロトコル実装におけるヒープオーバーフローの脆弱性によって引き起こされ、VMware vSphereやVMware Cloud Foundationを含むvCenterを含む製品に影響を及ぼす。 現在悪用されているもう1つのvCenter Serverの不具合…

Volt Typhoon: U.S. Critical Infrastructure Targeted by State-Sponsored Actors

Volt Typhoon, a state-sponsored actor linked to the People’s Republic of China, has consistently targeted U.S. critical infrastructure with the intent to maintain persistent access. Tenable Research examines the tactics, techniques and procedures of this threat actor.

Middle East Cybersecurity 2024: Challenges Ahead

Regional governments are strengthening Middle East cybersecurity frameworks, with nations like Qatar, Saudi Arabia, and Oman enforcing stricter regulations and fostering cross-sector collaboration.

U.S. CISA adds Progress Kemp LoadMaster, Palo Alto Networks PAN-OS and Expedition bugs to its Known Exploited Vulnerabilities catalog

U.S. CISA adds Progress Kemp LoadMaster, Palo Alto Networks PAN-OS and Expedition bugs to its Known Exploited Vulnerabilities catalog.

CISA Adds 3 New Vulnerabilities to KEV Catalog: Here’s What You Need to Know

Cybersecurity professionals take note: the Cybersecurity and Infrastructure Security Agency (CISA) has added three critical vulnerabilities…

Critical Exploits: VMware vCenter and Kemp LoadMaster Vulnerabilities Under Active Attack

In the ever-evolving landscape of cybersecurity, two newly exploited vulnerabilities have emerged as critical threats, impacting Progress…

Helldown Ransomware: an overview of this emerging threat

Comprehensive Analysis of Helldown: Tactics, Techniques, and Procedures (TTPs) and Exploitation of Zyxel Vulnerabilities %

CISA Adds Three Critical Vulnerabilities To The Known Exploited Vulnerabilities Catalog

: CISA adds CVE-2024-1212, CVE-2024-0012, and CVE-2024-9474 to the Known Exploited Vulnerabilities Catalog (KEV).

Apple fixes two zero-days used in attacks on Intel-based Macs

Apple released emergency security updates to fix two zero-day vulnerabilities that were exploited in attacks on Intel-based Mac systems.

Botnet serving as ‘backbone’ of malicious proxy network taken offline 

Lumen Technology’s Black Lotus Labs took the ngioweb botnet and NSOCKS proxy offline Tuesday.

Botnet fueling residential proxies disrupted in cybercrime crackdown

The Ngioweb botnet, which supplies most of the 35,000 bots in the cybercriminal NSOCKS proxy service, is being disrupted as security companies block traffic to and from the two networks.

Spot the Difference: Earth Kasha's New LODEINFO Campaign And The Correlation Analysis With The APT10 Umbrella

LODEINFO is a malware used in attacks targeting mainly Japan since 2019. Trend Micro has been tracking the group as Earth Kasha. We have identified a new campaign connected to this group with significant updates to their strategy, tactics, and arsenals.

Unraveling Raspberry Robin's Layers: Analyzing Obfuscation Techniques and Core Mechanisms

A comprehensive analysis of the inner workings of Raspberry Robin | Multiple layers that use numerous techniques to evade detection & analysis

Palo Alto Networks 证实积极利用最近披露的零日漏洞-安全客 - 安全资讯平台

安全客 - 安全资讯平台

CISA tags Progress Kemp LoadMaster flaw as exploited in attacks

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three new flaws in its Known Exploited Vulnerabilities (KEV) catalog, including a critical OS command injection impacting Progress Kemp LoadMaster.

D-Link urges users to retire VPN routers impacted by unfixed RCE flaw

D-Link is warning customers to replace end-of-life VPN router models after a critical unauthenticated, remote code execution vulnerability was discovered that will not be fixed on these devices.

Helldown ransomware exploits Zyxel VPN flaw to breach networks

The new 'Helldown' ransomware operation is believed to target vulnerabilities in Zyxel firewalls to breach corporate networks, allowing them to steal data and encrypt devices.

在 Baxter Life2000 通风系统中发现的关键漏洞-安全客 - 安全资讯平台

安全客 - 安全资讯平台

Latest Report Findings: Retail Trade Faces 111% Jump in Ransomware - ReliaQuest

Between November 1, 2023, and October 31, 2024, spearphishing was the top initial access technique for our customers across most sectors, including retail trade.

US-CERT Vulnerability Summary for the Week of November 11, 2024 - RedPacket Security

Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.

CISA: CISA Adds Three Known Exploited Vulnerabilities to Catalog - RedPacket Security

CISA Adds Three Known Exploited Vulnerabilities to Catalog

Recently disclosed VMware vCenter Server bugs are actively exploited in attacks

Threat actors are actively exploiting two VMware vCenter Server vulnerabilities tracked as CVE-2024-38812 and CVE-2024-38813, Broadcom warns.

Security Brief: ClickFix Social Engineering Technique Floods Threat Landscape | Proofpoint US

What happened  Proofpoint researchers have identified an increase in a unique social engineering technique called ClickFix. And the lures are getting even more clever. 

November 18 Advisory: Active Exploitation of Critical RCE in Palo Alto Networks PAN-OS [CVE-2024-0012 and CVE-2024-9474]

Fixing a Bunch of Scripting Engine Vulnerabilities by Disabling Just-In-Time Compiler (CVE-2024-38178)

  August 2024 Windows Updates brought a patch for CVE-2024-38178, a remotely exploitable memory corruption issue in "legacy" Scripting Engine (JScript9.dll). This engine, while part of long-expired Internet Explorer, is still present on all Windows computers and can be invoked via various mechan…

Palo Alto Reports Two More Bugs in PAN-OS That Are Being Actively Exploited

An alarming set of chained vulnerabilities in Palo Alto Networks' PAN-OS software has sparked concerns that attackers could seize administrator

Lynx Ransomware Threat Intel

Source

‘ClickFix’ Cyber-Attacks for Malware Deployment on the Rise

Proofpoint researchers have observed the growing use of the ClickFix social engineering tactic, which lures people into running malicious content on their computer

Purple Team Activities: Where Offense Meets Defense to Strengthen Cyber Resilience

Purple team activities serve as a bridge between red and blue teams, combining offensive tactics with defensive strategies to enhance an…

THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 11 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting

Nov 18, 2024Ravie LakshmananCybersecurity / Infosec What do hijacked websites, fake job offers, and sneaky ransomware have in common? They’re proof that cybercriminals are finding smarter, sneakier ways to exploit both systems and people. This week makes one thing clear: no system, no person, no …

DONOT’s Assault on Maritime and Defense Manufacturing

Cyble Research and Intelligence Labs (CRIL) identified a campaign linked to the APT group DONOT, targeting Pakistan’s manufacturing sector…

Financially Driven Chinese Threat Actor SilkSpecter Targeting Black Friday Shoppers

In October 2024, EclecticIQ analysts identified a phishing campaign targeting e-commerce shoppers in Europe and the USA, attributed to a…

18th November – Threat Intelligence Report

For the latest discoveries in cyber research for the week of 11th November, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The FBI and CISA issued a joint statement detailing a major Chinese cyber-espionage campaign targeting U.S. telecommunications infrastructure, le…

18th November – Threat Intelligence Report - Check Point Research

For the latest discoveries in cyber research for the week of 11th November, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The FBI and CISA issued a joint statement detailing a major Chinese cyber-espionage campaign targeting U.S. telecommunications infrastructure, led b…

Efficient Distribution of LummaC2 Infostealer via Legitimate Programs

LummaC2 is a sophisticated Infostealer malware that disguises itself as legitimate software to evade detection. It captures sensitive…

T-Mobile is one of the victims of the massive Chinese breach of telco firms | #ransomware | #cybercrime | National Cyber Security Consulting

T-Mobile is one of the victims of the massive Chinese breach of telecom firms Pierluigi Paganini November 18, 2024 T-Mobile confirmed being a victim of recent hacking campaigns linked to China-based threat actors targeting telecom companies. T-Mobile confirms it was hacked as part of a long-running…

T-Mobile is one of the victims of the massive Chinese breach of telco firms

T-Mobile confirmed being a victim of recent hacking campaigns linked to China-based threat actors targeting telecom companies.

APT Group DONOT Launches Cyberattack on Pakistan’s Maritime and Defense Industry

A new hacker collective, known as the APT group DONOT, has targeted critical sectors of Pakistan’s economy, specifically the maritime

CERT-In Flags Two High-Risk Cisco Vulnerabilities Targeting Key Infrastructure

CERT-In has added two high-severity Cisco vulnerabilities (CVE-2024-20484 & CVE-2024-20536) to its catalog, which impact Nexus Dashboard Fabric Controller and Enterprise Chat systems.

Microsoft Executive Accounts Breach: What Happened and Why It Matters

In January 2024, Microsoft revealed a major security breach by a Russian-linked hacking group known as Midnight Blizzard. This group…

CVE Alert: CVE-2024-52867 - RedPacket Security

guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns (e.g.,

PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs Released - CyberSRC

Palo Alto Networks’ disclosure of a new zero-day vulnerability affecting its PAN-OS firewall management interface is critical for organizations using […]

Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials

A threat actor known as BrazenBamboo has exploited an unresolved security flaw in Fortinet’s FortiClient for Windows to extract VPN…