US charges five men linked to ‘Scattered Spider’ with wire fraud | #cybercrime | #infosec | National Cyber Security Consulting
Federal authorities unsealed charges Wednesday against five individuals with links to the “Scattered Spider” cybercrime syndicate, accusing them of conducting an extensive phishing scheme that compromised companies nationwide, enabling the theft of non-public data and millions in cryptocurrency. A…
Salt Typhoon: Churning Up a Storm of Consternation
The public first heard the name of Chinese threat actor “Salt Typhoon” on September 25, 2024, when the Wall Street Journal published an article titled “China-Linked Hackers Breach US Internet Providers in New ‘Salt Typhoon’ Cyber Attack.” Many of us were not expecting another typhoon to blow in so …
Azure Key Vault Tradecraft with BARK
BriefThis post details the existing and new functions in BARK that support adversarial tradecraft research relevant to the Azure Key Vault service. The latter part of the post shows an example of how a red team operator may use these commands during the course of an assessment. AuthenticationAzure …
Azure Key Vault Tradecraft with BARK
This post details the existing and new functions in BARK that support Azure Key Vault tradecraft research
Five Privilege Escalation Flaws Found in Ubuntu needrestart
Five LPE flaws in Ubuntu’s needrestart utility enable attackers to gain root access in versions prior to 3.8
Detecting Pacific Rim IOCs with Eclypsium
The Pacific Rim cyberattack saga, detailed in a series of blog posts by Sophos in October 2024, offers a sobering reminder for enterprises: everyone is a target. No enterprise is too small or uninteresting to fall into the attack path of nation-state threat actors. Widely used firewalls and other…
Multiple Vulnerabilities in Wowza Streaming Engine (Fixed) | Rapid7 Blog
Zyxel VPN security flaw targeted by new ransomware attackers | #ransomware | #cybercrime | National Cyber Security Consulting
Researchers spot Helldown exploiting Zyxel VPN to breach networks The flaw was previously undisclosed The crooks mostly target SMBs in the US and Europe There appears to be a new ransomware player in town, exploiting vulnerabilities in Zyxel firewalls and IPSec access points to compromise victims, …
November 20 Advisory: Apache Traffic Server Vulnerabilities [CVE-2024-38479, CVE-2024-50305, CVE-2024-50306]
Trump’s Second Term: What It Means for Cybersecurity Policy and Cyber Threats
As Donald Trump prepares for his second term as the 47th President of the United States, the cybersecurity landscape is poised for significant evolution. With a Republican majority in both the Senate and House, his administration is positioned to implement a swift and assertive policy agenda. While…
Apple, Oracle, and Apache Issue Critical Updates for Actively Exploited and High-Risk Vulnerabilities - SOCRadar® Cyber Intelligence Inc.
Organizations using Apple, Oracle, and Apache software must act quickly as critical security flaws have been disclosed, with some actively exploited in the
Phishing the “Tech Savvy”: Threat Actors who Target Cryptocurrency Wallets and Networks
Cryptocurrency wallets and networks are enticing targets for state-sponsored threat actors and cybercriminals given the lucrativeness of…
Volt Typhoon Attacking U.S. Critical Infrastructure To Maintain Persistent Access
Volt Typhoon, a Chinese state-sponsored threat actor, targets critical infrastructure sectors like communications, energy, transportation,
Update now! Apple confirms vulnerabilities are already being exploited
Apple has released security patches for most of its operating systems, including iOS, Mac, iPadOS, Safari, and visionOS. The updates for iOS and Intel-based Mac systems are especially important, as they tackle vulnerabilities that are being actively exploited by cybercriminals. You should make sur…
Ignoble Scorpius, Distributors of BlackSuit Ransomware | #ransomware | #cybercrime | National Cyber Security Consulting
Executive Summary Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Sc…
Update now! Apple confirms vulnerabilities are already being exploited | Malwarebytes
Apple has released security updates that look especially important for Intel-based Macs because they are already being exploited in the wild.
Chinese APT Group Targets Telecom Firms Linked to BRI
CrowdStrike unveiled a new Chinese-aligned hacking group allegedly spying on telecom providers
The Hidden Threat: How Vulnerabilities Can Shut Down Your Business
Cybersecurity vulnerabilities, such as web security misconfigurations and unpatched applications, pose significant risks that can lead to…
Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign - CyberSRC
The targeting of U.S. telecom giants like T-Mobile by the Chinese threat actor group Salt Typhoon reflects the sophisticated tactics […]
Apple, Oracle, and Apache Issue Critical Updates for Actively Exploited and High-Risk Vulnerabilities
Apple, Oracle, and Apache Issue Critical Updates for Actively Exploited and High-Risk Vulnerabilities Organizations using Apple, Oracle, and Apache software must act quickly as critical security flaws have been disclosed, with some actively exploited in the wild. Apple has patched two severe vulne…
ELPACO-Team Ransomware: A Fresh Variant from the MIMIC Ransomware Family
CYFIRMA has identified a sophisticated dropper binary associated with the “ELPACO-team” ransomware, a new variant of the “MIMIC” ransomware…
6 Common Persistence Mechanisms in Malware
Persistence mechanisms are techniques used by attackers to keep malware active, even after log-offs, reboots, or restarts. In other words, they’re techniques that make malware tougher to detect and even harder to remove once it’s on a system. Let’s dive into a few of the common mechanisms attacke…
6 Common Persistence Mechanisms in Malware - ANY.RUN's Cybersecurity Blog
Learn about the most common mechanisms attackers use to keep their malware persistent on infected systems.
New Cyble Report Highlights Critical Vulnerabilities and Rising Cyber Threats in ANZ for 2024
The 2024 ANZ Threat Landscape Report by Cyble reveals an increase in cybersecurity risks faced by organizations across Australia and
Monthly Threat Actor Group Intelligence Report, September 2024 (ENG)
Monthly Threat Actor Group Intelligence Report, September 2024 (ENG) This report is a summary of Threat Actor group activities analyzed by the NSHC Threat Research Lab based on data and information collected from 21 August 2024 to 20 September 2024. In September, activities by a total of 47 Threa…
Palo Alto CVE-2024-0012 and CVE-2024-9474 Vulnerabilities Explained
Learn about Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474 vulnerabilities and how to defend against them effectively.
AndroxGh0st Malware Exploits Critical Vulnerabilities
What is AndroxGh0st?
ANZ Threat Landscape Report 2024: Key Insights For CISO Defenses
Cyble releases the ANZ Threat Landscape Report 2024, highlighting rising cyber threats and mitigation strategies for CISOs.
ช่องโหว่ RCE ระดับ Critical ใน VMware vCenter Server ถูกใช้ในการโจมตีแล้ว
ประจำวันพุธที่ 20 พฤศจิกายน 2567
Helldown Ransomware Group Tied to Zyxel's Firewall Exploits | #ransomware | #cybercrime | National Cyber Security Consulting
Fraud Management & Cybercrime , Network Firewalls, Network Access Control , Ransomware Firewall Vendor Warns Attackers Using Valid Credentials They Previously Stole Akshaya Asokan (asokan_akshaya) , Mathew J. Schwartz (euroinfosec) • November 19, 2024 Image: Shutterstock Attackers wielding an e…
Apple Issues Security Updates to Patch Zero-Day Vulnerabilities in iOS, macOS, and More - CloudSEK News
Apple releases urgent updates for iOS, macOS, and Safari to fix two zero-day flaws under active exploitation. Update now to protect your device and data.
Technical Intricacies of “BabbleLoader”
The loader market is rapidly evolving, with sophisticated tools like BabbleLoader emerging to deliver malicious payloads while evading…
JVN#16114985: "Kura Sushi Official App Produced by EPARK" for Android uses a hard-coded cryptographic key
US charges five men linked to ‘Scattered Spider’ with wire fraud
Five members of the "Scattered Spider" cybercrime syndicate have been indicted and accused of a nationwide phishing scheme.
Ubuntu Linux impacted by decade-old 'needrestart' flaw that gives root
Five local privilege escalation (LPE) vulnerabilities have been discovered in the needrestart utility used by Ubuntu Linux, which was introduced over 10 years ago in version 21.04.
Emergency Security Updates iOS 18.1.1 and macOS Sequoia 15.1.1
Apple issued a new round of updates to address newly discovered flaws in iPhones and Macs, warning that hackers may be exploiting the weaknesses
US charges five linked to Scattered Spider cybercrime gang
The U.S. Justice Department has charged five suspects believed to be part of the financially motivated Scattered Spider cybercrime gang with conspiracy to commit wire fraud.
Multiples vulnérabilités dans les produits Atlassian - CERT-FR
Monthly Threat Actor Group Intelligence Report, September 2024 (ENG) – Red Alert
Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
<p>Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the …
China’s Expanding Influence: Understanding Global Ambitions and Their Impact on U.S. Interests
Strategic Challenges to China’s Rising Power
Understanding Russian Cyber Attacks on the US and Allied Nations — Phishing, Homograph Attacks, and…
Understanding the Threat
The Bears APT’s
APT’s are groups in cybersecurity that are advanced, persistent and cause real threats that results in damage around many organizations.
The Pandas APT’s
APT’s are groups in cybersecurity that are advanced, persistent and cause real threats that results in damage around many organizations.
Managed Vulnerability Scanning: Key Findings and the Importance of Regular Patching
There is no doubt about the value of conducting Managed Vulnerability Scanning.
🚨 Critical Remote Code Execution (RCE) Bug in VMware vCenter Server Now Exploited in Active…
WIRE TOR — The Ethical Hacking Services
The Devil and the Termite: data-leak sites emerge for Chort and Termite extortion groups
Discover the emergence of new English-speaking extortion groups, Chort and Termite. Learn about their tactics.
Weekly Detection Rule (YARA and Snort) Information - Week 3, November 2024 - ASEC
The following is the information on Yara and Snort rules (week 3, November 2024) collected and shared by the AhnLab TIP service. 1 YARA Rules Detection name Description Source MAL_ELF_Xlogin_Nov24_1 Detects xlogin backdoor samples https://github.com/Neo23x0/signature-base 4 Snort Rules Detection na…
주간 탐지 룰(YARA, Snort) 정보 - 2024년 11월 3주차 - ASEC
AhnLab TIP 서비스에서 수집한, 공개된 YARA, Snort룰(2024년 11월 3주) 정보입니다. 1 YARA Rules 탐지명 설명 출처 MAL_ELF_Xlogin_Nov24_1 xlogin 백도어 샘플 탐지 https://github.com/Neo23x0/signature-base 4 Snort Rules 탐지명 설명 출처 ET WEB_SPECIFIC_APPS Symphony PHP Symfony Profiler Environment Manipulation (CVE-2024-50340) Symphony PHP Symf…
Exploited PAN-OS Zero-Days Threaten Thousands of Firewalls (CVE-2024-0012 and CVE-2024-9474) - SOCRadar® Cyber Intelligence Inc.
Palo Alto Networks recently disclosed two zero-day vulnerabilities affecting their PAN-OS devices, actively exploited in the wild. These flaws, CVE-2024-0012
One Sock Fits All: The use and abuse of the NSOCKS botnet - Lumen Blog
Black Lotus Labs has tracked down a notorious criminal proxy network, with a daily average of 35k bots located mostly in the U.S., allowing users to attack networks with total anonymity
One Sock Fits All: The use and abuse of the NSOCKS botnet - Lumen Blog
Black Lotus Labs has tracked down a notorious criminal proxy network, with a daily average of 35k bots located mostly in the U.S., allowing users to attack networks with total anonymity
Exploited PAN-OS Zero-Days Threaten Thousands of Firewalls (CVE-2024-0012 and CVE-2024-9474)
Exploited PAN-OS Zero-Days Threaten Thousands of Firewalls (CVE-2024-0012 and CVE-2024-9474) Palo Alto Networks recently disclosed two zero-day vulnerabilities affecting their PAN-OS devices, actively exploited in the wild. These flaws, CVE-2024-0012 and CVE-2024-9474, exploit weaknesses in the man…
绿盟科技威胁周报(2024.11.11-2024.11.17) – 绿盟科技技术博客
VMware vCenter Server の重大な RCE バグが攻撃に悪用される - PRSOL:CC
Broadcom は本日、攻撃者が VMware vCenter Server の 2 つの脆弱性を悪用していることを警告しました。 TZL のセキュリティ研究者は、中国の 2024 Matrix Cup ハッキングコンテスト中に RCE 脆弱性(CVE-2024-38812)を報告しました。この脆弱性は、vCenterのDCE/RPCプロトコル実装におけるヒープオーバーフローの脆弱性によって引き起こされ、VMware vSphereやVMware Cloud Foundationを含むvCenterを含む製品に影響を及ぼす。 現在悪用されているもう1つのvCenter Serverの不具合…
Volt Typhoon: U.S. Critical Infrastructure Targeted by State-Sponsored Actors
Volt Typhoon, a state-sponsored actor linked to the People’s Republic of China, has consistently targeted U.S. critical infrastructure with the intent to maintain persistent access. Tenable Research examines the tactics, techniques and procedures of this threat actor.
Middle East Cybersecurity 2024: Challenges Ahead
Regional governments are strengthening Middle East cybersecurity frameworks, with nations like Qatar, Saudi Arabia, and Oman enforcing stricter regulations and fostering cross-sector collaboration.
U.S. CISA adds Progress Kemp LoadMaster, Palo Alto Networks PAN-OS and Expedition bugs to its Known Exploited Vulnerabilities catalog
U.S. CISA adds Progress Kemp LoadMaster, Palo Alto Networks PAN-OS and Expedition bugs to its Known Exploited Vulnerabilities catalog.
CISA Adds 3 New Vulnerabilities to KEV Catalog: Here’s What You Need to Know
Cybersecurity professionals take note: the Cybersecurity and Infrastructure Security Agency (CISA) has added three critical vulnerabilities…
Critical Exploits: VMware vCenter and Kemp LoadMaster Vulnerabilities Under Active Attack
In the ever-evolving landscape of cybersecurity, two newly exploited vulnerabilities have emerged as critical threats, impacting Progress…
Helldown Ransomware: an overview of this emerging threat
Comprehensive Analysis of Helldown: Tactics, Techniques, and Procedures (TTPs) and Exploitation of Zyxel Vulnerabilities %
CISA Adds Three Critical Vulnerabilities To The Known Exploited Vulnerabilities Catalog
: CISA adds CVE-2024-1212, CVE-2024-0012, and CVE-2024-9474 to the Known Exploited Vulnerabilities Catalog (KEV).
Spot the Difference: Earth Kasha's New LODEINFO Campaign And The Correlation Analysis With The APT10 Umbrella
LODEINFO is a malware used in attacks targeting mainly Japan since 2019. Trend Micro has been tracking the group as Earth Kasha. We have identified a new campaign connected to this group with significant updates to their strategy, tactics, and arsenals.
Botnet fueling residential proxies disrupted in cybercrime crackdown
The Ngioweb botnet, which supplies most of the 35,000 bots in the cybercriminal NSOCKS proxy service, is being disrupted as security companies block traffic to and from the two networks.
Helldown ransomware exploits Zyxel VPN flaw to breach networks
The new 'Helldown' ransomware operation is believed to target vulnerabilities in Zyxel firewalls to breach corporate networks, allowing them to steal data and encrypt devices.
D-Link urges users to retire VPN routers impacted by unfixed RCE flaw
D-Link is warning customers to replace end-of-life VPN router models after a critical unauthenticated, remote code execution vulnerability was discovered that will not be fixed on these devices.
在 Baxter Life2000 通风系统中发现的关键漏洞-安全客 - 安全资讯平台
安全客 - 安全资讯平台
CISA tags Progress Kemp LoadMaster flaw as exploited in attacks
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three new flaws in its Known Exploited Vulnerabilities (KEV) catalog, including a critical OS command injection impacting Progress Kemp LoadMaster.
Palo Alto Networks 证实积极利用最近披露的零日漏洞-安全客 - 安全资讯平台
安全客 - 安全资讯平台
Unraveling Raspberry Robin's Layers: Analyzing Obfuscation Techniques and Core Mechanisms
A comprehensive analysis of the inner workings of Raspberry Robin | Multiple layers that use numerous techniques to evade detection & analysis
Botnet serving as ‘backbone’ of malicious proxy network taken offline
Lumen Technology’s Black Lotus Labs took the ngioweb botnet and NSOCKS proxy offline Tuesday.
Latest Report Findings: Retail Trade Faces 111% Jump in Ransomware - ReliaQuest
Between November 1, 2023, and October 31, 2024, spearphishing was the top initial access technique for our customers across most sectors, including retail trade.
Apple fixes two zero-days used in attacks on Intel-based Macs
Apple released emergency security updates to fix two zero-day vulnerabilities that were exploited in attacks on Intel-based Mac systems.
US-CERT Vulnerability Summary for the Week of November 11, 2024 - RedPacket Security
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
CISA: CISA Adds Three Known Exploited Vulnerabilities to Catalog - RedPacket Security
CISA Adds Three Known Exploited Vulnerabilities to Catalog
Recently disclosed VMware vCenter Server bugs are actively exploited in attacks
Threat actors are actively exploiting two VMware vCenter Server vulnerabilities tracked as CVE-2024-38812 and CVE-2024-38813, Broadcom warns.
Security Brief: ClickFix Social Engineering Technique Floods Threat Landscape | Proofpoint US
What happened Proofpoint researchers have identified an increase in a unique social engineering technique called ClickFix. And the lures are getting even more clever.
November 18 Advisory: Active Exploitation of Critical RCE in Palo Alto Networks PAN-OS [CVE-2024-0012 and CVE-2024-9474]
Fixing a Bunch of Scripting Engine Vulnerabilities by Disabling Just-In-Time Compiler (CVE-2024-38178)
August 2024 Windows Updates brought a patch for CVE-2024-38178, a remotely exploitable memory corruption issue in "legacy" Scripting Engine (JScript9.dll). This engine, while part of long-expired Internet Explorer, is still present on all Windows computers and can be invoked via various mechan…
Palo Alto Reports Two More Bugs in PAN-OS That Are Being Actively Exploited
An alarming set of chained vulnerabilities in Palo Alto Networks' PAN-OS software has sparked concerns that attackers could seize administrator
‘ClickFix’ Cyber-Attacks for Malware Deployment on the Rise
Proofpoint researchers have observed the growing use of the ClickFix social engineering tactic, which lures people into running malicious content on their computer
Purple Team Activities: Where Offense Meets Defense to Strengthen Cyber Resilience
Purple team activities serve as a bridge between red and blue teams, combining offensive tactics with defensive strategies to enhance an…
THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 11 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
Nov 18, 2024Ravie LakshmananCybersecurity / Infosec What do hijacked websites, fake job offers, and sneaky ransomware have in common? They’re proof that cybercriminals are finding smarter, sneakier ways to exploit both systems and people. This week makes one thing clear: no system, no person, no …
DONOT’s Assault on Maritime and Defense Manufacturing
Cyble Research and Intelligence Labs (CRIL) identified a campaign linked to the APT group DONOT, targeting Pakistan’s manufacturing sector…
Financially Driven Chinese Threat Actor SilkSpecter Targeting Black Friday Shoppers
In October 2024, EclecticIQ analysts identified a phishing campaign targeting e-commerce shoppers in Europe and the USA, attributed to a…
18th November – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 11th November, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The FBI and CISA issued a joint statement detailing a major Chinese cyber-espionage campaign targeting U.S. telecommunications infrastructure, le…
18th November – Threat Intelligence Report - Check Point Research
For the latest discoveries in cyber research for the week of 11th November, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The FBI and CISA issued a joint statement detailing a major Chinese cyber-espionage campaign targeting U.S. telecommunications infrastructure, led b…
Efficient Distribution of LummaC2 Infostealer via Legitimate Programs
LummaC2 is a sophisticated Infostealer malware that disguises itself as legitimate software to evade detection. It captures sensitive…
T-Mobile is one of the victims of the massive Chinese breach of telco firms | #ransomware | #cybercrime | National Cyber Security Consulting
T-Mobile is one of the victims of the massive Chinese breach of telecom firms Pierluigi Paganini November 18, 2024 T-Mobile confirmed being a victim of recent hacking campaigns linked to China-based threat actors targeting telecom companies. T-Mobile confirms it was hacked as part of a long-running…
T-Mobile is one of the victims of the massive Chinese breach of telco firms
T-Mobile confirmed being a victim of recent hacking campaigns linked to China-based threat actors targeting telecom companies.
APT Group DONOT Launches Cyberattack on Pakistan’s Maritime and Defense Industry
A new hacker collective, known as the APT group DONOT, has targeted critical sectors of Pakistan’s economy, specifically the maritime
CERT-In Flags Two High-Risk Cisco Vulnerabilities Targeting Key Infrastructure
CERT-In has added two high-severity Cisco vulnerabilities (CVE-2024-20484 & CVE-2024-20536) to its catalog, which impact Nexus Dashboard Fabric Controller and Enterprise Chat systems.
Microsoft Executive Accounts Breach: What Happened and Why It Matters
In January 2024, Microsoft revealed a major security breach by a Russian-linked hacking group known as Midnight Blizzard. This group…
CVE Alert: CVE-2024-52867 - RedPacket Security
guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns (e.g.,
PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs Released - CyberSRC
Palo Alto Networks’ disclosure of a new zero-day vulnerability affecting its PAN-OS firewall management interface is critical for organizations using […]
Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials
A threat actor known as BrazenBamboo has exploited an unresolved security flaw in Fortinet’s FortiClient for Windows to extract VPN…
북한 APT Kimsuky(김수키)에서 만든줌 미팅(Zoom Meeting) 사칭 악성코드-Zoom Meeting(2024.9.28)
오늘은 북한 APT Kimsuky(김수키)에서 만든 좀 미팅(Zoom Meeting) 사칭 악성코드인 Zoom Meeting(2024.9.28)에 대해 글을 적어 보겠습니다.해당 악성코드는 줌 비디오 커뮤니케이션 (Zoom Video Communications)에서 만든 줌(Zoom) 은 원격 회의, 채팅, 전화, 비즈니스용 이메일 및 캘린더를 포함한 통합 커뮤니케이션 서비스 (UCaaS) 플랫폼입니다. 해당 악성코드는 일단 아이콘부터 좀처럼 생겼지만, 그것은 아니고 msc 형식 방식을 취하는 것이 특징입니다. 일단 msc 내부 …
Teen swatter-for-hire admits to hundreds of hoax calls • The Register | #cybercrime | #infosec | National Cyber Security Consulting
Infosec in brief A teenager has pleaded guilty to calling in more than 375 fake threats to law enforcement, and now faces years in prison. Alan Filion, now 18, last week pleaded guilty to four counts of making interstate threats to injure another person. Each count could see Filion spend five years…
Suspected Nation-State Adversary Targets Pakistan Navy in Cyber Espionage Campaign
As part of BlackBerry’s continuous monitoring of cyber activities across the Indian subcontinent, we uncovered a sophisticated targeted attack perpetuated against the Pakistan Navy. The TTPs observed in this campaign point to a threat group that possesses a relatively high degree of sophistication,…