IOC.ONE
OSINT Cyber Threat Intelligence Database
12.10.2024 | 4hou.com
Underground 勒索软件团伙声称对卡西欧发起网络攻击 - 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com

卡西欧的攻击是否会成为威胁组织进入主流的突破口,进而带来更高的攻击量节奏,还有待观察。

Details & Relations Graph Source
12.10.2024 | prsol.cc
Akira および Fog ランサムウェアが Veeam RCE の重大な欠陥を悪用 - PRSOL:CC

ランサムウェア集団は、攻撃者が脆弱なVeeam Backup & Replication (VBR)サーバー上でリモート・コード実行(RCE)を可能にする重大なセキュリティ脆弱性を悪用しています。 Code Whiteのセキュリティ研究者であるFlorian Hauserは、現在CVE-2024-40711として追跡されているこのセキュリティの欠陥が、認証されていない脅威者が複雑性の低い攻撃で悪用できる、信頼されていないデータのデシリアライズの弱点に起因することを発見しました。 Veeamは9月4日にこの脆弱性を公表し、セキュリティ・アップデートをリリースしましたが、watchTowr La…

Details & Relations Graph Source
12.10.2024 | medium.com
My Week of Learning: Web Vulnerabilities and Security Concepts 🛡️💻

This week, I focused on enhancing my understanding of various web vulnerabilities through the PortSwigger Web Security Academy.Each day, I…

Details & Relations Graph Source
12.10.2024 | medium.com
“Mastering the Human Mind: The Advanced Art of Social Engineering in Cybersecurity”

In the world of cybersecurity, while we often emphasize firewalls, encryption protocols, and intrusion detection systems, the most vulnerable element remains the human. This concept, called social…

Details & Relations Graph Source
12.10.2024 | nationalcybersecurity.com
Ransomware operators exploited Veeam Backup & Replication flaw CVE-2024-40711 in recent attacks | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting

Ransomware operators exploited Veeam Backup & Replication flaw CVE-2024-40711 in recent attacks Pierluigi Paganini October 12, 2024 Sophos reports ransomware operators are exploiting a critical code execution flaw in Veeam Backup & Replication. Sophos researchers warn that ransomware operators are …

Details & Relations Graph Source
12.10.2024 | prsol.cc
米英、ZimbraやTeamCityサーバを狙うロシアのAPT29ハッカーに警告 - PRSOL:CC

米国と英国のサイバー機関は本日、ロシアの対外情報庁(SVR)に関連する APT29 ハッカーが、脆弱性のある Zimbra と JetBrains TeamCity サーバを「大規模に」標的にしていると警告した。 NSA、FBI、米サイバー司令部のサイバー国家任務部隊(CNMF)、英国の NCSC による共同勧告は、ネットワーク防御者に対し、これらの進行中の攻撃をブロックするために、露出したサーバーにパッチを当てるよう警告している。 4つのサイバー機関によると、このハッキング・グループは、CVE-2022-27924およびCVE-2023-42793のエクスプロイトを使用して、オンラインで公…

Details & Relations Graph Source
12.10.2024 | securityaffairs.com
Ransomware operators exploited Veeam Backup & Replication flaw CVE-2024-40711 in recent attacks

Sophos reports ransomware operators are exploiting a critical code execution flaw in Veeam Backup & Replication.

Details & Relations Graph Source
12.10.2024 | anquanke.com
美国CISA将Windows和高通漏洞添加到其已知利用漏洞目录中-安全客 - 安全资讯平台

安全客 - 安全资讯平台

Details & Relations Graph Source
12.10.2024 | aqniu.com
个人数据资产可以变现了?国家数据局已官方辟谣;Palo Alto紧急修复多个严重的防火墙劫持漏洞 | 牛­览 - 安全牛

安全牛

Details & Relations Graph Source
12.10.2024 | anquanke.com
权威力荐|360安全大模型获机构首推,树立网安行业新标杆!-安全客 - 安全资讯平台

安全客 - 安全资讯平台

Details & Relations Graph Source
12.10.2024 | shadowstackre.com
Good Day Ransomware analysis — ShadowStackRE

Good Day ransomware technical malware analysis

Details & Relations Graph Source
11.10.2024 | tistory.com
북한 해킹 단체 Konni(코니) 만든것으로 추정이 되는 악성코드-국내코로나19재감염사례현황.pdf.lnk(2024.10.5)

오늘은 북한 해킹 단체 Konni(코니) 만든 것으로 추정되는 악성코드 국내코로나 19 재감염사례현황.pdf.lnk(2024.10.5)에 대해 글을 적어 보겠습니다. 여기서 어디까지는 Konni(코니) 인것 같다는 것이 공식이 아닙니다.코로나 19 는 2019년 11월 중국 후베이성 우한시에서 처음으로 발생하여 보고된 새로운 유형의 변종 코로나바이러스인 SARS-CoV-2에 의해 발병한 급성 호흡기 전염병입니다. 아무튼, 현재는 블루 단계 관심을 두세요. 단계입니다.일단 해당 악성코드 이름을 보면 국내코로나19재감염사례현황 인 것…

Details & Relations Graph Source
11.10.2024 | gridinsoft.com
GitLab Patches 6 Critical Vulnerabilities, Including RCE –

GitLab released a fix for a pack of 6 vulnerabilities, with quite a few critical among them, and one being an RCE flaw.

Details & Relations Graph Source
11.10.2024 | medium.com
Securing the Quantum Future: The Role of Confidential Computing in Blockchain Networks

Introduction

Details & Relations Graph Source
11.10.2024 | medium.com
Cybersecurity News Review — Week 41

This week is packed with cybersecurity developments, but don’t worry — this newsletter is designed to help you efficiently digest all the key updates. Mozilla has released an urgent update for…

Details & Relations Graph Source
11.10.2024 | prsol.cc
カシオへの攻撃を主張する地下ランサムウェア、盗まれたデータが流出 - PRSOL:CC

アンダーグラウンドのランサムウェア集団が、10月5日に日本の大手ハイテク企業カシオを攻撃した犯行声明を発表した。 今週初め、カシオはウェブサイト上でこの攻撃を公表したが、個人データやその他の機密情報がこの攻撃で盗まれたかどうかを調査するため、外部のIT専門家に依頼したとし、事件の詳細は伏せていた。 今日、アンダーグラウンドのランサムウェアグループは、ダークウェブの恐喝ポータルにカシオを追加し、日本企業から盗まれたとされる大量のデータを流出させた。 流出したデータには以下が含まれる: 機密文書(社外秘) 法的文書 従業員の個人データ 機密NDA 従業員の給与情報 特許情報 会社の財務書類 プロ…

Details & Relations Graph Source
11.10.2024 | nationalcybersecurity.com
Fog, Akira ransomware groups exploit critical Veeam backup flaw | #ransomware | #cybercrime | National Cyber Security Consulting

The Fog and Akira ransomware gangs have been observed exploiting a critical vulnerability that lets them run a remote code execution (RCE) on Veeam Backup and Replications servers. While Veeam disclosed this critical deserialization bug and released a patch for CVE-2024-40711 on Sept. 4, publicatio…

Details & Relations Graph Source
11.10.2024 | nationalcybersecurity.com
Fog, Akira ransomware groups exploit critical Veeam backup flaw | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting

The Fog and Akira ransomware gangs have been observed exploiting a critical vulnerability that lets them run a remote code execution (RCE) on Veeam Backup and Replications servers. While Veeam disclosed this critical deserialization bug and released a patch for CVE-2024-40711 on Sept. 4, publicatio…

Details & Relations Graph Source
11.10.2024 | securityaffairs.com
GitLab fixed a critical flaw that could allow arbitrary CI/CD pipeline execution

GitLab issued updates for CE and EE to address multiple flaws, including a critical bug allowing CI/CD pipeline runs on unauthorized branches.

Details & Relations Graph Source
11.10.2024 | malware.news
Expanding the Investigation: Deep Dive into Latest TrickMo Samples

Executive Summary On September 10, Cleafy publicly disclosed a new variant of the Banking Trojan called TrickMo. This variant employed innovative techniques to evade detection and analysis, such as zip file manipulation and obfuscation.  While Cleafy did not release any Indicators of Compromise (IO…

Details & Relations Graph Source
11.10.2024 | zimperium.com
Expanding the Investigation: Deep Dive into Latest TrickMo Samples - Zimperium

Our analysis of TrickMo suggests that many of these samples remain undetected by the broader security community.

Details & Relations Graph Source
11.10.2024 | medium.com
CVE-2024-8015 :: CVSS Score 9.1

Update also includes CVE-2024–7292, CVE-2024–7293 and CVE-2024–7294

Details & Relations Graph Source
11.10.2024 | nextron-systems.com
Lynx Ransomware In Depth - Nextron Systems
Details & Relations Graph Source
11.10.2024 | infosecurity-magazine.com
NHS England Warns of Critical Veeam Vulnerability Under Active Exploit

NHS England has issued an alert regarding a critical Veeam Backup & Replication vulnerability that is being actively exploited, potentially leading to remote code execution

Details & Relations Graph Source
11.10.2024 | fortinet.com
Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA | FortiGuard Labs

A case where an advanced adversary was observed exploiting three vulnerabilities affecting the Ivanti Cloud Services Appliance (CSA). This incident is a prime example of how threat actors chain zer…

Details & Relations Graph Source
11.10.2024 | heimdalsecurity.com
CISA: Threat Actors Exploit F5 BIG-IP Cookies for Network Reconnaissance

In a new advisory, CISA warns about a new action of threat actors, who exploit F5 BIG-IP cookies to enter networks and gather information.

Details & Relations Graph Source
11.10.2024 | prsol.cc
GitLab、任意のブランチパイプラインを実行する重大な欠陥を警告 - PRSOL:CC

GitLabは、Community Edition (CE)およびEnterprise Edition (EE)の複数の不具合に対応するセキュリティアップデートをリリースしました。 CVE-2024-9164として追跡されているこの脆弱性は、権限のないユーザーがリポジトリの任意のブランチ上で継続的インテグレーション/継続的デリバリー(CI/CD)パイプラインを起動できるようにするものです。 CI/CD パイプラインは、コードのビルド、テスト、デプロイなどのタスクを実行する自動化されたプロセスで、通常は適切な権限を持つユーザーのみが利用できます。 ブランチの保護をバイパスできる攻撃者は、コード…

Details & Relations Graph Source
11.10.2024 | thehackernews.com
CISA Warns of Threat Actors Exploiting F5 BIG-IP Cookies for Network Reconnaissance

CISA warns of unencrypted F5 BIG-IP cookies enabling network reconnaissance and highlights Russian APT29 cyber threats.

Details & Relations Graph Source
11.10.2024 | medium.com
Cyber Briefing: 2024.10.11

👉 What are the latest cybersecurity alerts, incidents, and news?

Details & Relations Graph Source
11.10.2024 | harfanglab.io
HijackLoader evolution: abusing genuine signing certificates

Summary Since mid-September 2024, our telemetry has revealed a significant increase in “Lumma Stealer”1 malware deployments via the “HijackLoader”2 malicious loader. On October 2, 2024, HarfangLab EDR detected and blocked yet another HijackLoader deployment attempt – except this time, the malware s…

Details & Relations Graph Source
11.10.2024 | threatdown.com
Patch now! Palo Alto Expedition vulnerabilities could leak firewall credentials - ThreatDown by Malwarebytes

A set of vulnerabilities in Palo Alto Networks Expedition could allow an attacker to read database contents and arbitrary files…

Details & Relations Graph Source
11.10.2024 | nationalcybersecurity.com
Critical Veeam RCE leveraged in Akira, Fog ransomware attacks | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting

BleepingComputer reports that both Akira and Fog ransomware payloads were attempted to be launched in intrusions involving the exploitation of the critical remote code execution flaw in Veeam Backup & Replication servers, tracked as CVE-2024-40711, during the past month. All of the attacks also ent…

Details & Relations Graph Source
11.10.2024 | thehackernews.com
New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution

GitLab fixes eight security flaws, including a critical CI/CD pipeline vulnerability CVE-2024-9164. Update now!

Details & Relations Graph Source
11.10.2024 | medium.com
New GitLab Flaw Could Let Attackers Run Arbitrary CI/CD Pipelines

Introduction

Details & Relations Graph Source
11.10.2024 | infosecurity-magazine.com
Russia's SVR Targets Zimbra, TeamCity Servers for Cyber Espionage

Russian-backed APT29 has been spying on US and European organizations since at least 2021, a US-UK joint advisory said

Details & Relations Graph Source
11.10.2024 | nationalcybersecurity.com
Hackers Exploiting Veeam RCE Vulnerability to Deploy Ransomware | #ransomware | #cybercrime | National Cyber Security Consulting

A critical vulnerability in Veeam Backup & Replication software, identified as CVE-2024-40711, is being exploited by hackers to deploy ransomware. The vulnerability, which allows for unauthenticated remote code execution (RCE), was reported by Florian Hauser with CODE WHITE Gmbh and has been tracke…

Details & Relations Graph Source
11.10.2024 | checkpoint.com
September 2024’s Most Wanted Malware: Notable AI-Driven Techniques and Persistent RansomHub Threats - Check Point Blog

Check Point’s latest threat index emphasizes the shift towards AI-driven malware tactics in the current cyber landscape Check Point’s Global Threat Index

Details & Relations Graph Source
11.10.2024 | nationalcybersecurity.com
Weekly Intelligence Report - 11 Oct 2024 | #ransomware | #cybercrime | National Cyber Security Consulting

Published On : 2024-10-11 Ransomware of the Week CYFIRMA Research and Advisory Team would like to highlight ransomware trends and insights gathered while monitoring various forums. This includes multiple – industries, geography, and technology – which could be relevant to your organization. Type: R…

Details & Relations Graph Source
11.10.2024 | qualys.com
Palo Alto Networks Expedition Multiple Vulnerabilities (CVE-2024-9463, CVE-2024-9464, CVE-2024-9465, CVE-2024-9466, & CVE-2024-9467) – Qualys ThreatPROTECT
Details & Relations Graph Source
11.10.2024 | securityboulevard.com
The Sky is Falling! (Again)

We’ve been here before, haven’t we? Every other week, a new vulnerability with a sky-high CVSS score causes a frenzy. This time, it’s a 9.9 CVSS vulnerability that was billed as a gift to hackers – a remote exploit that would supposedly render all Linux systems defenseless. The announcement of the …

Details & Relations Graph Source
11.10.2024 | tistory.com
김수키(Kimsuky)에서 만든 연세대학교 웹메일 피싱 사이트-rfa(.)lol/yonsei(2024.10.8)

오늘은 김수키(Kimsuky)에서 만든 연세대학교 웹메일 피싱 사이트에 대해 알아보겠습니다. 일단 해당 피싱 사이트 주소만 보면 rfa(자유아시아방송, Radio Free Asia) 관련 되어져 있는 것을 확인할 수가 있습니다.자유아시아방송은 미국 국제방송청에서 운영하는 방송사 및 이 방송사에서 운영하는 단파방송입니다.피싱 사이트 주소hxxps://rfa(.)lol/yonsei101(.)36(.)114(.)91정상적인 자유아시아방송은 org 입니다.인증서 정보: Let's Encrypt뭐~저는 피싱 사이트 라고 하고 있습니다. 일…

Details & Relations Graph Source
11.10.2024 | trendmicro.com
Earth Simnavaz Levies Advanced Cyberattacks Against UAE and Gulf Regions
Details & Relations Graph Source
11.10.2024 | jvn.jp
JVN#74538317: Multiple vulnerabilities in Exment
Details & Relations Graph Source
11.10.2024 | anquanke.com
Progress 修补 Telerik 报告服务器中的重大安全漏洞 CVE-2024-8015 (CVSS 9.1)-安全客 - 安全资讯平台

安全客 - 安全资讯平台

Details & Relations Graph Source
10.10.2024 | prsol.cc
パロアルトネットワークス、公開悪用によるファイアウォール乗っ取りバグを警告 - PRSOL:CC

パロアルトネットワークスは本日、攻撃者がPAN-OSファイアウォールを乗っ取るために連鎖させることができるセキュリティ脆弱性(公開エクスプロイトコード付き)にパッチを適用するよう顧客に警告した。 この欠陥はパロアルトネットワークスのExpeditionソリューションで発見されたもので、他のチェックポイント、シスコ、またはサポートされているベンダーからの設定の移行を支援します。 この脆弱性を悪用して、ユーザー認証情報などの機密データにアクセスし、ファイアウォールの管理者アカウントを乗っ取ることができます。 「パロアルトネットワークスのExpeditionには複数の脆弱性があり、攻撃者はExpe…

Details & Relations Graph Source
10.10.2024 | malware.news
2024-10-03 Amnesia Stealer Samples

2024-10-03 Threatmon: Amnesia Stealer  Amnesia Stealer, a customizable open-source malware, was identified by ThreatMon on September 17, 2024.Functions as Malware-as-a-Service (MaaS), making it easily accessible for cybercriminals.Uses Discord and Telegram for Command & Control (C2) operations.C…

Details & Relations Graph Source
10.10.2024 | flashpoint.io
PureLogs: The Low-Cost Infostealer with a High-Impact Threat

In this blog post we talk about PureLogs, what it is, and how organizations can protect themselves against this emerging threat.

Details & Relations Graph Source
10.10.2024 | paloaltonetworks.com
Lynx Ransomware: A Rebranding of INC Ransomware

Discover recent attacks using Lynx ransomware, a rebrand of INC, targeting multiple crucial sectors in the U.S. and UK with prevalent double-extortion tactics. Discover recent attacks using Lynx ransomware, a rebrand of INC, targeting multiple crucial sectors in the U.S. and UK with prevalent doubl…

Details & Relations Graph Source
10.10.2024 | arcticwolf.com
CVE-2024-9164: Critical Arbitrary Branch Pipeline Vulnerability in GitLab EE - Arctic Wolf

On 9 October 2024, GitLab released patches for a critical vulnerability affecting various versions of GitLab EE, identified as CVE-2024-9164.

Details & Relations Graph Source
10.10.2024 | malware.news
What NIST’s latest password standards mean, and why the old ones weren’t working

Say goodbye to the days of using the “@” symbol to mean “a” in your password or replacing an “S” with a “$.”  The U.S. National Institute of Standards and Technology (NIST) recently announced new guidelines for the ways website and organizations should handle password creation and management that w…

Details & Relations Graph Source
10.10.2024 | thehackernews.com
OpenAI Blocks 20 Global Malicious Campaigns Using AI for Cybercrime and Disinformation

OpenAI disrupts 20 malicious operations exploiting AI for cybercrime, including malware debugging, social media manipulation, and misinformation.

Details & Relations Graph Source
10.10.2024 | arcticwolf.com
CVE-2024-9164 | Arctic Wolf

On October 9, 2024, GitLab released patches for a critical vulnerability affecting various versions of GitLab EE, identified as CVE-2024-9164. Find Arctic Wolf's recommendations.

Details & Relations Graph Source
10.10.2024 | redpacketsecurity.com
CISA: CISA Releases Twenty-One Industrial Control Systems Advisories - RedPacket Security

CISA Releases Twenty-One Industrial Control Systems Advisories

Details & Relations Graph Source
10.10.2024 | thecyberexpress.com
Russian SVR Exploiting Unpatched Vulnerabilities in Global Cyber Campaign

Russian Foreign Intelligence Service (SVR) cyber actors are once again in the spotlight, exploiting widespread vulnerabilities in a global campaign

Details & Relations Graph Source
10.10.2024 | tistory.com
윈도우 10,윈도우 11 KB5044273 KB5044284 보안 업데이트

마이크로소프트에서 제공하는 운영체제인 윈도우 10,윈도우 11 에 대한 각각 기능 개선및 보안 업데이트가 진행이 되었습니다.윈도우 10 KB5044273의 새로운 기능KB5044273 업데이트에는 파일 탐색기 또는 작업 표시줄을 사용할 때 Windows Server가 응답을 중지하는 버그에 대한 수정 사항을 포함 업데이트해당 업데이트에는 총 9개의 수정 사항이 포함시작 메뉴 새로운 업데이트로 인해 프로필 사진이 다른 위치로 이동할 수 있음 메뉴의 왼쪽 창에 새로운 배경색도 있음이러한 색상 변경으로 말미암아 메뉴의 명령이 더욱 돋보…

Details & Relations Graph Source
10.10.2024 | tistory.com
모질라 파이어폭스 131.0.2 적극적으로 악용되는 취약점 수정

모질라 재단에서 제공을 하고 잇는 브라우저인 파이어폭스에 대해 use-after-free 취약점을 해결하기 위해 Firefox 브라우저에 대한 긴급 보안 업데이트를 발표CVE-2024-9680으로 추적되고 ESET 연구원 Damien Schaeffer가 발견한 이 취약점은 애니메이션 타임라인의 use-after-free 입니다해당 유형의 결함은 해제된 메모리가 프로그램에서 계속 사용될 때 발생하며, 이를 통해 악의적인 행위자가 자신의 악성 데이터를 메모리 영역에 추가하여 코드를 실행할 수 있음Firefox 웹 애니메이션 API의 …

Details & Relations Graph Source
10.10.2024 | tistory.com
모질라 파이어폭스 131.0.2 적극적으로 악용되는 취약점 수정

모질라 재단에서 제공을 하고 잇는 브라우저인 파이어폭스에 대해 use-after-free 취약점을 해결하기 위해 Firefox 브라우저에 대한 긴급 보안 업데이트를 발표CVE-2024-9680으로 추적되고 ESET 연구원 Damien Schaeffer가 발견한 이 취약점은 애니메이션 타임라인의 use-after-free 입니다해당 유형의 결함은 해제된 메모리가 프로그램에서 계속 사용될 때 발생하며, 이를 통해 악의적인 행위자가 자신의 악성 데이터를 메모리 영역에 추가하여 코드를 실행할 수 있음Firefox 웹 애니메이션 API의 …

Details & Relations Graph Source
10.10.2024 | threatdown.com
Update now! Five zero-days fixed October Patch Tuesday - ThreatDown by Malwarebytes

Microsoft’s October Patch Tuesday covers five zero-days, two of which are being actively exploited.

Details & Relations Graph Source
10.10.2024 | arcticwolf.com
Microsoft Patch Tuesday - October 2024: | Arctic Wolf

On October 7, 2024, Microsoft released its October security update, addressing 117 vulnerabilities. Arctic Wolf has highlighted four of these vulnerabilities, which were either classified by Microsoft as critical or reported to have been exploited in the wild. 

Details & Relations Graph Source
10.10.2024 | malware.news
Technical Analysis of a Novel IMEEX Framework

The IMEEX framework is a newly discovered, custom-built malware designed to target Windows systems. Delivered as a 64-bit DLL, it offers attackers extensive control over compromised machines. This framework is notable for its robust capabilities, featuring a wide array of functionalities, including…

Details & Relations Graph Source
10.10.2024 | ahnlab.com
GitLab Product Security Update Advisory - ASEC

Overview  An update has been released to address vulnerabilities in GitLab Products. Users of the affected versions are advised to update to the latest version.   Affected Products   CVE-2024-9164 GitLab EE versions: 12.5 (inclusive) ~ 17.2.9 (excluded) GitLab EE versions: 17.3 (inclusive) ~ 17.3.5…

Details & Relations Graph Source
10.10.2024 | ahnlab.com
Cisco Family October 2024 Secondary Security Update Advisory - ASEC

Overview Cisco (https://www.cisco.com) has released a security update that fixes vulnerabilities in products it has been made. Users of affected systems are advised to update to the latest version. Affected Products   Cisco Small Business RV Series Routers Cisco Nexus Dashboard Fabric Controller (N…

Details & Relations Graph Source
10.10.2024 | ahnlab.com
Cisco 제품군 2024년 10월 2차 보안 업데이트 권고 - ASEC

개요 Cisco (https://www.cisco.com) 에서는 공급한 제품의 취약점을 해결하는 보안 업데이트를 발표하였습니다. 해당하는 시스템 사용자는 최신 버전으로 업데이트하시기 바랍니다. 대상 제품   Cisco Small Business RV Series Routers Cisco Nexus Dashboard Fabric Controller(NDFC)  Cisco Nexus Dashboard Orchestrator(NDO) Cisco Nexus Dashboard Insights Cisco Meraki MX Firmware …

Details & Relations Graph Source
10.10.2024 | ahnlab.com
주간 피싱 이메일 유포 사례 (2024/09/29~2024/10/05) - ASEC

본 포스팅에서는 2024년 09월 29일부터 10월 05일까지 한 주간 확인된 피싱 이메일 공격의 유포 사례 정보(이메일 제목, 첨부파일, URL)를 제공한다. 가짜 로그인 페이지 유형(FakePage)과 악성코드 유형(정보유출, 다운로더, 취약점, 백도어 등)을 구분하여 소개한다. 유포 사례에서 다루는 피싱 이메일은 첨부파일이 있는 이메일만을 대상으로 한다. 이메일 제목과 첨부파일 명에 등장하는 숫자는 일반적으로 고유 ID 값으로서, 이메일 수신자에 따라 […]

Details & Relations Graph Source
10.10.2024 | intezer.com
Technical Analysis of a Novel IMEEX Framework

The IMEEX framework is a newly discovered, custom-built malware designed to target Windows systems. Delivered as a 64-bit DLL, it offers attackers extensive control over compromised machines. This framework is notable for its robust capabilities, featuring a wide array of functionalities, including…

Details & Relations Graph Source
10.10.2024 | malware.news
Technical Analysis of DarkVision RAT

IntroductionDarkVision RAT is a highly customizable remote access trojan (RAT) that first surfaced in 2020, offered on Hack Forums and their website for as little as $60. Written in C/C++, and assembly, DarkVision RAT has gained popularity due to its affordability and extensive feature set, making …

Details & Relations Graph Source
10.10.2024 | talosintelligence.com
What NIST’s latest password standards mean, and why the old ones weren’t working

Rather than setting a regular cadence for changing passwords, users only need to change their passwords if there is evidence of a breach.

Details & Relations Graph Source
10.10.2024 | socradar.io
Critical Vulnerabilities in Palo Alto Networks Expedition Could Expose Firewall Credentials, Patch Available - SOCRadar® Cyber Intelligence Inc.

Palo Alto Networks has released patches addressing a set of critical vulnerabilities in its Expedition tool, which, if left unpatched, could lead to severe

Details & Relations Graph Source
10.10.2024 | wiz.io
3 Critical CVEs in Palo Alto Networks Expedition | Wiz Blog

Urgent: Multiple critical vulnerabilities in Palo Alto Expedition require immediate patching. Learn about CVE-2024-9463 to CVE-2024-9467 and mitigation steps.

Details & Relations Graph Source
10.10.2024 | nationalcybersecurity.com
OpenAI Blocks 20 Global Malicious Campaigns Using AI for Cybercrime and Disinformation | #cybercrime | #infosec | National Cyber Security Consulting

Oct 10, 2024Ravie LakshmananCybercrime / Disinformation OpenAI on Wednesday said it has disrupted more than 20 operations and deceptive networks across the world that attempted to use its platform for malicious purposes since the start of the year. This activity encompassed debugging malware, wri…

Details & Relations Graph Source
10.10.2024 | medium.com
Juniper Networks Under Fire: Critical Security Flaws Threaten Enterprise Networks

In a recent wave of updates, Juniper Networks has released security patches to address multiple critical vulnerabilities across several of…

Details & Relations Graph Source
10.10.2024 | malware.news
Cyber Signals Issue 8 | Education under siege: How cybercriminals target our schools

Introduction | Security snapshot | Threat briefing Defending against attacks | Expert profile  Education is essentially an “industry of industries,” with K-12 and higher education enterprises handling data that could include health records, financial data, and other regulated information. At the s…

Details & Relations Graph Source
10.10.2024 | thehackernews.com
CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches

CISA flags a critical Fortinet flaw under active exploitation. Palo Alto Networks and Cisco also release urgent security patches.

Details & Relations Graph Source
10.10.2024 | securityaffairs.com
U.S. CISA adds Ivanti CSA and Fortinet bugs to its Known Exploited Vulnerabilities catalog

U.S. CISA adds Ivanti CSA and Fortinet vulnerabilities to its Known Exploited Vulnerabilities catalog (KEV).

Details & Relations Graph Source
10.10.2024 | malware.news
Critical Vulnerabilities in Palo Alto Networks Expedition Could Expose Firewall Credentials, Patch Available

Critical Vulnerabilities in Palo Alto Networks Expedition Could Expose Firewall Credentials, Patch Available Palo Alto Networks has released patches addressing a set of critical vulnerabilities in its Expedition tool, which, if left unpatched, could lead to severe security risks. These flaws allow …

Details & Relations Graph Source
10.10.2024 | securityboulevard.com
Technical Analysis of DarkVision RAT

IntroductionDarkVision RAT is a highly customizable remote access trojan (RAT) that first surfaced in 2020, offered on Hack Forums and their website for as little as $60. Written in C/C++, and assembly, DarkVision RAT has gained popularity due to its affordability and extensive feature set, making …

Details & Relations Graph Source
10.10.2024 | censys.com
The Global State of Internet of Healthcare Things (IoHT) Exposures on Public-Facing Networks
Details & Relations Graph Source
10.10.2024 | feedblitz.com
Malware by the (Bit)Bucket: Uncovering AsyncRAT

Recently, we uncovered a sophisticated attack campaign employing a multi-stage approach to deliver AsyncRAT via a legitimate platform called Bitbucket.

Details & Relations Graph Source
10.10.2024 | cloudsek.com
US Faces Surge in Cyberattacks: CloudSEK Reports 800+ Ransomware Incidents in Five Months - CloudSEK News

CloudSEK reports over 800 ransomware attacks targeting U.S. sectors from June to October 2024, highlighting growing cyber threats and critical data breaches.

Details & Relations Graph Source
10.10.2024 | ahnlab.com
AhnLab EDR을 활용한 BPFDoor 리눅스 악성코드 탐지 - ASEC

BPFDoor는 Berkeley Packet Filter (BPF)를 활용한 백도어 악성코드로서 2021년 PWC 사의 위협 보고서를 통해 최초로 공개되었다. [1] 보고서에 따르면 중국 기반의 공격자인 Red Menshen이 중동 및 아시아를 대상으로 한 공격에 수년간 BPFDoor를 사용해 왔으며 최근에는 소스 코드가 공개되기도 하였다.   BPFDoor는 BPF를 악용하여 웹 서버나 SSH 서비스같이 이미 동작 중인 서비스가 사용하는 포트에 공격자가 매직 […]

Details & Relations Graph Source
10.10.2024 | cyble.com
Cyble Urges ICS Vulnerability Fixes For TEM, Mitsubishi, And Delta Electronics - Cyble

Two of the vulnerable ICS/OT products identified by Cyble this week have no known fixes and require mitigation steps.

Details & Relations Graph Source
10.10.2024 | securityaffairs.com
Mozilla issued an urgent Firefox update to fix actively exploited flaw

Mozilla released an urgent Firefox update to fix a critical use-after-free vulnerability actively exploited in ongoing attacks.

Details & Relations Graph Source
10.10.2024 | medium.com
Core Werewolf hones its arsenal against Russia’s government organizations

Adversaries experiment with new tools and malware delivery methods.

Details & Relations Graph Source
10.10.2024 | malware.news
Monthly Threat Actor Group Intelligence Report, August 2024 (KOR)

Monthly Threat Actor Group Intelligence Report, August 2024 (KOR) 2024년 7월 21일에서 2024년 8월 20일까지 NSHC 위협분석 연구소(Threat Research Lab)에서 수집한 데이터와 정보를 바탕으로 분석한 해킹 그룹(Threat Actor Group)들의 활동을 요약 정리한 내용이다. 이번 8월에는 총 29개의 해킹 그룹들의 활동이 확인되었으며, SectorJ 그룹이 41%로 가장 많았으며, SectorA, SectorE 그룹의 활동이 그 뒤를 이었다. …

Details & Relations Graph Source
10.10.2024 | medium.com
Building a Automated Linux Sandbox for Malware Analysis

An automated Linux sandbox is vital today, enabling safe analysis of rising threats and helping us stay ahead of emerging vulnerabilities.

Details & Relations Graph Source
10.10.2024 | nationalcybersecurity.com
CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting

Oct 10, 2024Ravie LakshmananVulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Fortinet products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The v…

Details & Relations Graph Source
10.10.2024 | securityaffairs.com
Palo Alto fixed critical flaws in PAN-OS firewalls that allow for full compromise of the devices

Palo Alto fixed critical flaws in PAN-OS firewalls, warning that attackers could chain these vulnerabilities to hijack the devices.

Details & Relations Graph Source
10.10.2024 | medium.com
CVE-2024-9463 : CVSS v4 Score 9.9

Includes: CVE-2024–9464,CVE-2024–9465, CVE-2024–9466,CVE-2024–9467

Details & Relations Graph Source
10.10.2024 | qualys.com
Ivanti Releases Fixes for Multiple Vulnerabilities Impacting Cloud Services Appliance (CVE-2024-9379, CVE-2024-9380, & CVE-2024-9381) – Qualys ThreatPROTECT
Details & Relations Graph Source
10.10.2024 | cyble.com
CISA Issues Urgent Advisory On Critical Vulnerabilities In Ivanti Products - Cyble

CISA has issued a critical advisory on vulnerabilities in multiple Ivanti products, including EPMM, CSA, and more, highlighting urgent security concerns.

Details & Relations Graph Source
10.10.2024 | microsoft.com
Cyber Signals: Cyberthreats in K-12 and higher education | Microsoft Security Blog

Learn more about the cybersecurity challenges facing classrooms and campuses, and the critical need for robust defenses and proactive measures.

Details & Relations Graph Source
10.10.2024 | ahnlab.com
Adobe Family October 2024 Routine Security Update Advisory - ASEC

Overview   Adobe(https://adobe.com) has released a security update that addresses a vulnerability in its supplied products. Users of affected systems are advised to update to the latest version.   Affected Products   Adobe Substance 3D Painter 10.0.1 or below versions Adobe Commerce 2.4.7-p2, 2.4.6…

Details & Relations Graph Source
10.10.2024 | ahnlab.com
Adobe 제품군 2024년 10월 정기 보안 업데이트 권고 - ASEC

개요   Adobe (https://adobe.com) 에서는 공급한 제품의 취약점을 해결하는 보안 업데이트를 발표하였습니다. 해당하는 시스템 사용자는 최신 버전으로 업데이트하시기 바랍니다.   대상 제품   Adobe Substance 3D Painter 10.0.1 및 이전 버전 Adobe Commerce 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 및 이전 버전 Adobe Commerce B2B 1.4.2-p2, 1.3.5-p7, 1.3.4-p9, 1.3.3-p10 및 이전 버전 Magento Op…

Details & Relations Graph Source
10.10.2024 | ahnlab.com
MS 제품군 2024년 10월 정기 보안 업데이트 권고 - ASEC

개요   Microsoft (https://www.microsoft.com) 에서는 공급한 제품의 취약점을 해결하는 보안 업데이트를 발표하였습니다. 해당하는 제품 사용자는 최신 버전으로 업데이트하시기 바랍니다.   대상 제품     Apps 제품군 Microsoft Outlook for Android   Azure 제품군 Azure CLI Azure Monitor Agent Azure Service Connector Azure Service Fabric 10.0 for Linux Azure Service Fabric 10.1 fo…

Details & Relations Graph Source
10.10.2024 | ahnlab.com
MS Family October 2024 Routine Security Update Advisory - ASEC

Overview   Microsoft(https://www.microsoft.com) has released a security update that fixes vulnerabilities in products it has supplied. Users of affected products are advised to update to the latest version.   Affected Products     Apps Suite Microsoft Outlook for Android   Azure Suite Azure CLI Azu…

Details & Relations Graph Source
10.10.2024 | ahnlab.com
Google Android Family October 2024 Routine Security Update Advisory - ASEC

Overview   Google(https://www.google.com) has released a security update that fixes vulnerabilities in the Android family of products. Users of affected products are advised to update to the latest version.   Affected Products   Android Framework Android System Android MediaTek Components Android Q…

Details & Relations Graph Source
10.10.2024 | ahnlab.com
Google Android 제품군 2024년 10월 정기 보안 업데이트 권고 - ASEC

개요   Google (https://www.google.com)에서는 Android 제품군의 취약점을 해결하는 보안 업데이트를 발표하였습니다. 해당하는 제품 사용자는 최신 버전으로 업데이트 하시기 바랍니다.   대상 제품   Android 프레임워크 Android 시스템 Android MediaTek 컴포넌트 Android Qualcomm 컴포넌트   해결된 취약점   Android 프레임워크에서 발생하는 높은 등급의 서비스 거부 취약점 (CVE-2024-40675) [2] Android 프레임워크에서 발생하는 높은 등급의 로컬…

Details & Relations Graph Source
10.10.2024 | tistory.com
마이크로소프트 워드 에서는 일부 문서를 저장하는 대신 삭제

Microsoft는 Windows용 Word에서 일부 문서를 저장하는 대신 삭제할 수 있는 새로운 알려진 문제에 대해 사용자에게 경고버그는 Microsoft 365용 Word 버전 2409, 빌드 18025.20104 사용자에게만 영향을 주며 문제는 사용자가 편집 후 Word를 닫고 저장하라는 메시지가 나타날 때만 발생을 하게 됩니다.영향을 받은 시스템에서 알려진 문제로 인해 파일 이름에 # 기호가 포함되어 있거나. DOCX 또는 .RTF와 같이 대문자로 표시된 파일 확장자가 있는 경우 저장 후 로컬에 저장된 파일이 삭제합니다.M…

Details & Relations Graph Source
10.10.2024 | reliaquest.com
Understanding Cyber Threats in the Health Care and Social Assistance Landscape - ReliaQuest

Nearly 30% of incidents across all sectors began with spearphishing, with the HSA sector disproportionately accounting for 13% of these attacks.

Details & Relations Graph Source
10.10.2024 | welivesecurity.com
Telekopye transitions to targeting tourists via hotel booking scam

ESET Research shares new findings about Telekopye, a scam toolkit used to defraud people on online marketplaces, and newly on accommodation booking platforms.

Details & Relations Graph Source