Underground 勒索软件团伙声称对卡西欧发起网络攻击 - 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
卡西欧的攻击是否会成为威胁组织进入主流的突破口,进而带来更高的攻击量节奏,还有待观察。
Akira および Fog ランサムウェアが Veeam RCE の重大な欠陥を悪用 - PRSOL:CC
ランサムウェア集団は、攻撃者が脆弱なVeeam Backup & Replication (VBR)サーバー上でリモート・コード実行(RCE)を可能にする重大なセキュリティ脆弱性を悪用しています。 Code Whiteのセキュリティ研究者であるFlorian Hauserは、現在CVE-2024-40711として追跡されているこのセキュリティの欠陥が、認証されていない脅威者が複雑性の低い攻撃で悪用できる、信頼されていないデータのデシリアライズの弱点に起因することを発見しました。 Veeamは9月4日にこの脆弱性を公表し、セキュリティ・アップデートをリリースしましたが、watchTowr La…
My Week of Learning: Web Vulnerabilities and Security Concepts 🛡️💻
This week, I focused on enhancing my understanding of various web vulnerabilities through the PortSwigger Web Security Academy.Each day, I…
“Mastering the Human Mind: The Advanced Art of Social Engineering in Cybersecurity”
In the world of cybersecurity, while we often emphasize firewalls, encryption protocols, and intrusion detection systems, the most vulnerable element remains the human. This concept, called social…
Ransomware operators exploited Veeam Backup & Replication flaw CVE-2024-40711 in recent attacks | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
Ransomware operators exploited Veeam Backup & Replication flaw CVE-2024-40711 in recent attacks Pierluigi Paganini October 12, 2024 Sophos reports ransomware operators are exploiting a critical code execution flaw in Veeam Backup & Replication. Sophos researchers warn that ransomware operators are …
米英、ZimbraやTeamCityサーバを狙うロシアのAPT29ハッカーに警告 - PRSOL:CC
米国と英国のサイバー機関は本日、ロシアの対外情報庁(SVR)に関連する APT29 ハッカーが、脆弱性のある Zimbra と JetBrains TeamCity サーバを「大規模に」標的にしていると警告した。 NSA、FBI、米サイバー司令部のサイバー国家任務部隊(CNMF)、英国の NCSC による共同勧告は、ネットワーク防御者に対し、これらの進行中の攻撃をブロックするために、露出したサーバーにパッチを当てるよう警告している。 4つのサイバー機関によると、このハッキング・グループは、CVE-2022-27924およびCVE-2023-42793のエクスプロイトを使用して、オンラインで公…
Ransomware operators exploited Veeam Backup & Replication flaw CVE-2024-40711 in recent attacks
Sophos reports ransomware operators are exploiting a critical code execution flaw in Veeam Backup & Replication.
美国CISA将Windows和高通漏洞添加到其已知利用漏洞目录中-安全客 - 安全资讯平台
安全客 - 安全资讯平台
个人数据资产可以变现了?国家数据局已官方辟谣;Palo Alto紧急修复多个严重的防火墙劫持漏洞 | 牛览 - 安全牛
安全牛
权威力荐|360安全大模型获机构首推,树立网安行业新标杆!-安全客 - 安全资讯平台
安全客 - 安全资讯平台
Good Day Ransomware analysis — ShadowStackRE
Good Day ransomware technical malware analysis
북한 해킹 단체 Konni(코니) 만든것으로 추정이 되는 악성코드-국내코로나19재감염사례현황.pdf.lnk(2024.10.5)
오늘은 북한 해킹 단체 Konni(코니) 만든 것으로 추정되는 악성코드 국내코로나 19 재감염사례현황.pdf.lnk(2024.10.5)에 대해 글을 적어 보겠습니다. 여기서 어디까지는 Konni(코니) 인것 같다는 것이 공식이 아닙니다.코로나 19 는 2019년 11월 중국 후베이성 우한시에서 처음으로 발생하여 보고된 새로운 유형의 변종 코로나바이러스인 SARS-CoV-2에 의해 발병한 급성 호흡기 전염병입니다. 아무튼, 현재는 블루 단계 관심을 두세요. 단계입니다.일단 해당 악성코드 이름을 보면 국내코로나19재감염사례현황 인 것…
GitLab Patches 6 Critical Vulnerabilities, Including RCE –
GitLab released a fix for a pack of 6 vulnerabilities, with quite a few critical among them, and one being an RCE flaw.
Securing the Quantum Future: The Role of Confidential Computing in Blockchain Networks
Introduction
Cybersecurity News Review — Week 41
This week is packed with cybersecurity developments, but don’t worry — this newsletter is designed to help you efficiently digest all the key updates. Mozilla has released an urgent update for…
カシオへの攻撃を主張する地下ランサムウェア、盗まれたデータが流出 - PRSOL:CC
アンダーグラウンドのランサムウェア集団が、10月5日に日本の大手ハイテク企業カシオを攻撃した犯行声明を発表した。 今週初め、カシオはウェブサイト上でこの攻撃を公表したが、個人データやその他の機密情報がこの攻撃で盗まれたかどうかを調査するため、外部のIT専門家に依頼したとし、事件の詳細は伏せていた。 今日、アンダーグラウンドのランサムウェアグループは、ダークウェブの恐喝ポータルにカシオを追加し、日本企業から盗まれたとされる大量のデータを流出させた。 流出したデータには以下が含まれる: 機密文書(社外秘) 法的文書 従業員の個人データ 機密NDA 従業員の給与情報 特許情報 会社の財務書類 プロ…
Fog, Akira ransomware groups exploit critical Veeam backup flaw | #ransomware | #cybercrime | National Cyber Security Consulting
The Fog and Akira ransomware gangs have been observed exploiting a critical vulnerability that lets them run a remote code execution (RCE) on Veeam Backup and Replications servers. While Veeam disclosed this critical deserialization bug and released a patch for CVE-2024-40711 on Sept. 4, publicatio…
Fog, Akira ransomware groups exploit critical Veeam backup flaw | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
The Fog and Akira ransomware gangs have been observed exploiting a critical vulnerability that lets them run a remote code execution (RCE) on Veeam Backup and Replications servers. While Veeam disclosed this critical deserialization bug and released a patch for CVE-2024-40711 on Sept. 4, publicatio…
GitLab fixed a critical flaw that could allow arbitrary CI/CD pipeline execution
GitLab issued updates for CE and EE to address multiple flaws, including a critical bug allowing CI/CD pipeline runs on unauthorized branches.
Expanding the Investigation: Deep Dive into Latest TrickMo Samples
Executive Summary On September 10, Cleafy publicly disclosed a new variant of the Banking Trojan called TrickMo. This variant employed innovative techniques to evade detection and analysis, such as zip file manipulation and obfuscation. While Cleafy did not release any Indicators of Compromise (IO…
Expanding the Investigation: Deep Dive into Latest TrickMo Samples - Zimperium
Our analysis of TrickMo suggests that many of these samples remain undetected by the broader security community.
CVE-2024-8015 :: CVSS Score 9.1
Update also includes CVE-2024–7292, CVE-2024–7293 and CVE-2024–7294
Lynx Ransomware In Depth - Nextron Systems
NHS England Warns of Critical Veeam Vulnerability Under Active Exploit
NHS England has issued an alert regarding a critical Veeam Backup & Replication vulnerability that is being actively exploited, potentially leading to remote code execution
Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA | FortiGuard Labs
A case where an advanced adversary was observed exploiting three vulnerabilities affecting the Ivanti Cloud Services Appliance (CSA). This incident is a prime example of how threat actors chain zer…
CISA: Threat Actors Exploit F5 BIG-IP Cookies for Network Reconnaissance
In a new advisory, CISA warns about a new action of threat actors, who exploit F5 BIG-IP cookies to enter networks and gather information.
GitLab、任意のブランチパイプラインを実行する重大な欠陥を警告 - PRSOL:CC
GitLabは、Community Edition (CE)およびEnterprise Edition (EE)の複数の不具合に対応するセキュリティアップデートをリリースしました。 CVE-2024-9164として追跡されているこの脆弱性は、権限のないユーザーがリポジトリの任意のブランチ上で継続的インテグレーション/継続的デリバリー(CI/CD)パイプラインを起動できるようにするものです。 CI/CD パイプラインは、コードのビルド、テスト、デプロイなどのタスクを実行する自動化されたプロセスで、通常は適切な権限を持つユーザーのみが利用できます。 ブランチの保護をバイパスできる攻撃者は、コード…
CISA Warns of Threat Actors Exploiting F5 BIG-IP Cookies for Network Reconnaissance
CISA warns of unencrypted F5 BIG-IP cookies enabling network reconnaissance and highlights Russian APT29 cyber threats.
Cyber Briefing: 2024.10.11
👉 What are the latest cybersecurity alerts, incidents, and news?
HijackLoader evolution: abusing genuine signing certificates
Summary Since mid-September 2024, our telemetry has revealed a significant increase in “Lumma Stealer”1 malware deployments via the “HijackLoader”2 malicious loader. On October 2, 2024, HarfangLab EDR detected and blocked yet another HijackLoader deployment attempt – except this time, the malware s…
Patch now! Palo Alto Expedition vulnerabilities could leak firewall credentials - ThreatDown by Malwarebytes
A set of vulnerabilities in Palo Alto Networks Expedition could allow an attacker to read database contents and arbitrary files…
Critical Veeam RCE leveraged in Akira, Fog ransomware attacks | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
BleepingComputer reports that both Akira and Fog ransomware payloads were attempted to be launched in intrusions involving the exploitation of the critical remote code execution flaw in Veeam Backup & Replication servers, tracked as CVE-2024-40711, during the past month. All of the attacks also ent…
New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution
GitLab fixes eight security flaws, including a critical CI/CD pipeline vulnerability CVE-2024-9164. Update now!
New GitLab Flaw Could Let Attackers Run Arbitrary CI/CD Pipelines
Introduction
Russia's SVR Targets Zimbra, TeamCity Servers for Cyber Espionage
Russian-backed APT29 has been spying on US and European organizations since at least 2021, a US-UK joint advisory said
Hackers Exploiting Veeam RCE Vulnerability to Deploy Ransomware | #ransomware | #cybercrime | National Cyber Security Consulting
A critical vulnerability in Veeam Backup & Replication software, identified as CVE-2024-40711, is being exploited by hackers to deploy ransomware. The vulnerability, which allows for unauthenticated remote code execution (RCE), was reported by Florian Hauser with CODE WHITE Gmbh and has been tracke…
September 2024’s Most Wanted Malware: Notable AI-Driven Techniques and Persistent RansomHub Threats - Check Point Blog
Check Point’s latest threat index emphasizes the shift towards AI-driven malware tactics in the current cyber landscape Check Point’s Global Threat Index
Weekly Intelligence Report - 11 Oct 2024 | #ransomware | #cybercrime | National Cyber Security Consulting
Published On : 2024-10-11 Ransomware of the Week CYFIRMA Research and Advisory Team would like to highlight ransomware trends and insights gathered while monitoring various forums. This includes multiple – industries, geography, and technology – which could be relevant to your organization. Type: R…
Palo Alto Networks Expedition Multiple Vulnerabilities (CVE-2024-9463, CVE-2024-9464, CVE-2024-9465, CVE-2024-9466, & CVE-2024-9467) – Qualys ThreatPROTECT
The Sky is Falling! (Again)
We’ve been here before, haven’t we? Every other week, a new vulnerability with a sky-high CVSS score causes a frenzy. This time, it’s a 9.9 CVSS vulnerability that was billed as a gift to hackers – a remote exploit that would supposedly render all Linux systems defenseless. The announcement of the …
김수키(Kimsuky)에서 만든 연세대학교 웹메일 피싱 사이트-rfa(.)lol/yonsei(2024.10.8)
오늘은 김수키(Kimsuky)에서 만든 연세대학교 웹메일 피싱 사이트에 대해 알아보겠습니다. 일단 해당 피싱 사이트 주소만 보면 rfa(자유아시아방송, Radio Free Asia) 관련 되어져 있는 것을 확인할 수가 있습니다.자유아시아방송은 미국 국제방송청에서 운영하는 방송사 및 이 방송사에서 운영하는 단파방송입니다.피싱 사이트 주소hxxps://rfa(.)lol/yonsei101(.)36(.)114(.)91정상적인 자유아시아방송은 org 입니다.인증서 정보: Let's Encrypt뭐~저는 피싱 사이트 라고 하고 있습니다. 일…
Earth Simnavaz Levies Advanced Cyberattacks Against UAE and Gulf Regions
JVN#74538317: Multiple vulnerabilities in Exment
Progress 修补 Telerik 报告服务器中的重大安全漏洞 CVE-2024-8015 (CVSS 9.1)-安全客 - 安全资讯平台
安全客 - 安全资讯平台
パロアルトネットワークス、公開悪用によるファイアウォール乗っ取りバグを警告 - PRSOL:CC
パロアルトネットワークスは本日、攻撃者がPAN-OSファイアウォールを乗っ取るために連鎖させることができるセキュリティ脆弱性(公開エクスプロイトコード付き)にパッチを適用するよう顧客に警告した。 この欠陥はパロアルトネットワークスのExpeditionソリューションで発見されたもので、他のチェックポイント、シスコ、またはサポートされているベンダーからの設定の移行を支援します。 この脆弱性を悪用して、ユーザー認証情報などの機密データにアクセスし、ファイアウォールの管理者アカウントを乗っ取ることができます。 「パロアルトネットワークスのExpeditionには複数の脆弱性があり、攻撃者はExpe…
2024-10-03 Amnesia Stealer Samples
2024-10-03 Threatmon: Amnesia Stealer Amnesia Stealer, a customizable open-source malware, was identified by ThreatMon on September 17, 2024.Functions as Malware-as-a-Service (MaaS), making it easily accessible for cybercriminals.Uses Discord and Telegram for Command & Control (C2) operations.C…
PureLogs: The Low-Cost Infostealer with a High-Impact Threat
In this blog post we talk about PureLogs, what it is, and how organizations can protect themselves against this emerging threat.
Lynx Ransomware: A Rebranding of INC Ransomware
Discover recent attacks using Lynx ransomware, a rebrand of INC, targeting multiple crucial sectors in the U.S. and UK with prevalent double-extortion tactics. Discover recent attacks using Lynx ransomware, a rebrand of INC, targeting multiple crucial sectors in the U.S. and UK with prevalent doubl…
CVE-2024-9164: Critical Arbitrary Branch Pipeline Vulnerability in GitLab EE - Arctic Wolf
On 9 October 2024, GitLab released patches for a critical vulnerability affecting various versions of GitLab EE, identified as CVE-2024-9164.
What NIST’s latest password standards mean, and why the old ones weren’t working
Say goodbye to the days of using the “@” symbol to mean “a” in your password or replacing an “S” with a “$.” The U.S. National Institute of Standards and Technology (NIST) recently announced new guidelines for the ways website and organizations should handle password creation and management that w…
OpenAI Blocks 20 Global Malicious Campaigns Using AI for Cybercrime and Disinformation
OpenAI disrupts 20 malicious operations exploiting AI for cybercrime, including malware debugging, social media manipulation, and misinformation.
CVE-2024-9164 | Arctic Wolf
On October 9, 2024, GitLab released patches for a critical vulnerability affecting various versions of GitLab EE, identified as CVE-2024-9164. Find Arctic Wolf's recommendations.
CISA: CISA Releases Twenty-One Industrial Control Systems Advisories - RedPacket Security
CISA Releases Twenty-One Industrial Control Systems Advisories
Russian SVR Exploiting Unpatched Vulnerabilities in Global Cyber Campaign
Russian Foreign Intelligence Service (SVR) cyber actors are once again in the spotlight, exploiting widespread vulnerabilities in a global campaign
윈도우 10,윈도우 11 KB5044273 KB5044284 보안 업데이트
마이크로소프트에서 제공하는 운영체제인 윈도우 10,윈도우 11 에 대한 각각 기능 개선및 보안 업데이트가 진행이 되었습니다.윈도우 10 KB5044273의 새로운 기능KB5044273 업데이트에는 파일 탐색기 또는 작업 표시줄을 사용할 때 Windows Server가 응답을 중지하는 버그에 대한 수정 사항을 포함 업데이트해당 업데이트에는 총 9개의 수정 사항이 포함시작 메뉴 새로운 업데이트로 인해 프로필 사진이 다른 위치로 이동할 수 있음 메뉴의 왼쪽 창에 새로운 배경색도 있음이러한 색상 변경으로 말미암아 메뉴의 명령이 더욱 돋보…
모질라 파이어폭스 131.0.2 적극적으로 악용되는 취약점 수정
모질라 재단에서 제공을 하고 잇는 브라우저인 파이어폭스에 대해 use-after-free 취약점을 해결하기 위해 Firefox 브라우저에 대한 긴급 보안 업데이트를 발표CVE-2024-9680으로 추적되고 ESET 연구원 Damien Schaeffer가 발견한 이 취약점은 애니메이션 타임라인의 use-after-free 입니다해당 유형의 결함은 해제된 메모리가 프로그램에서 계속 사용될 때 발생하며, 이를 통해 악의적인 행위자가 자신의 악성 데이터를 메모리 영역에 추가하여 코드를 실행할 수 있음Firefox 웹 애니메이션 API의 …
모질라 파이어폭스 131.0.2 적극적으로 악용되는 취약점 수정
모질라 재단에서 제공을 하고 잇는 브라우저인 파이어폭스에 대해 use-after-free 취약점을 해결하기 위해 Firefox 브라우저에 대한 긴급 보안 업데이트를 발표CVE-2024-9680으로 추적되고 ESET 연구원 Damien Schaeffer가 발견한 이 취약점은 애니메이션 타임라인의 use-after-free 입니다해당 유형의 결함은 해제된 메모리가 프로그램에서 계속 사용될 때 발생하며, 이를 통해 악의적인 행위자가 자신의 악성 데이터를 메모리 영역에 추가하여 코드를 실행할 수 있음Firefox 웹 애니메이션 API의 …
Update now! Five zero-days fixed October Patch Tuesday - ThreatDown by Malwarebytes
Microsoft’s October Patch Tuesday covers five zero-days, two of which are being actively exploited.
Microsoft Patch Tuesday - October 2024: | Arctic Wolf
On October 7, 2024, Microsoft released its October security update, addressing 117 vulnerabilities. Arctic Wolf has highlighted four of these vulnerabilities, which were either classified by Microsoft as critical or reported to have been exploited in the wild.
Technical Analysis of a Novel IMEEX Framework
The IMEEX framework is a newly discovered, custom-built malware designed to target Windows systems. Delivered as a 64-bit DLL, it offers attackers extensive control over compromised machines. This framework is notable for its robust capabilities, featuring a wide array of functionalities, including…
GitLab Product Security Update Advisory - ASEC
Overview An update has been released to address vulnerabilities in GitLab Products. Users of the affected versions are advised to update to the latest version. Affected Products CVE-2024-9164 GitLab EE versions: 12.5 (inclusive) ~ 17.2.9 (excluded) GitLab EE versions: 17.3 (inclusive) ~ 17.3.5…
Cisco Family October 2024 Secondary Security Update Advisory - ASEC
Overview Cisco (https://www.cisco.com) has released a security update that fixes vulnerabilities in products it has been made. Users of affected systems are advised to update to the latest version. Affected Products Cisco Small Business RV Series Routers Cisco Nexus Dashboard Fabric Controller (N…
Cisco 제품군 2024년 10월 2차 보안 업데이트 권고 - ASEC
개요 Cisco (https://www.cisco.com) 에서는 공급한 제품의 취약점을 해결하는 보안 업데이트를 발표하였습니다. 해당하는 시스템 사용자는 최신 버전으로 업데이트하시기 바랍니다. 대상 제품 Cisco Small Business RV Series Routers Cisco Nexus Dashboard Fabric Controller(NDFC) Cisco Nexus Dashboard Orchestrator(NDO) Cisco Nexus Dashboard Insights Cisco Meraki MX Firmware …
주간 피싱 이메일 유포 사례 (2024/09/29~2024/10/05) - ASEC
본 포스팅에서는 2024년 09월 29일부터 10월 05일까지 한 주간 확인된 피싱 이메일 공격의 유포 사례 정보(이메일 제목, 첨부파일, URL)를 제공한다. 가짜 로그인 페이지 유형(FakePage)과 악성코드 유형(정보유출, 다운로더, 취약점, 백도어 등)을 구분하여 소개한다. 유포 사례에서 다루는 피싱 이메일은 첨부파일이 있는 이메일만을 대상으로 한다. 이메일 제목과 첨부파일 명에 등장하는 숫자는 일반적으로 고유 ID 값으로서, 이메일 수신자에 따라 […]
Technical Analysis of a Novel IMEEX Framework
The IMEEX framework is a newly discovered, custom-built malware designed to target Windows systems. Delivered as a 64-bit DLL, it offers attackers extensive control over compromised machines. This framework is notable for its robust capabilities, featuring a wide array of functionalities, including…
Technical Analysis of DarkVision RAT
IntroductionDarkVision RAT is a highly customizable remote access trojan (RAT) that first surfaced in 2020, offered on Hack Forums and their website for as little as $60. Written in C/C++, and assembly, DarkVision RAT has gained popularity due to its affordability and extensive feature set, making …
What NIST’s latest password standards mean, and why the old ones weren’t working
Rather than setting a regular cadence for changing passwords, users only need to change their passwords if there is evidence of a breach.
Critical Vulnerabilities in Palo Alto Networks Expedition Could Expose Firewall Credentials, Patch Available - SOCRadar® Cyber Intelligence Inc.
Palo Alto Networks has released patches addressing a set of critical vulnerabilities in its Expedition tool, which, if left unpatched, could lead to severe
3 Critical CVEs in Palo Alto Networks Expedition | Wiz Blog
Urgent: Multiple critical vulnerabilities in Palo Alto Expedition require immediate patching. Learn about CVE-2024-9463 to CVE-2024-9467 and mitigation steps.
OpenAI Blocks 20 Global Malicious Campaigns Using AI for Cybercrime and Disinformation | #cybercrime | #infosec | National Cyber Security Consulting
Oct 10, 2024Ravie LakshmananCybercrime / Disinformation OpenAI on Wednesday said it has disrupted more than 20 operations and deceptive networks across the world that attempted to use its platform for malicious purposes since the start of the year. This activity encompassed debugging malware, wri…
Juniper Networks Under Fire: Critical Security Flaws Threaten Enterprise Networks
In a recent wave of updates, Juniper Networks has released security patches to address multiple critical vulnerabilities across several of…
Cyber Signals Issue 8 | Education under siege: How cybercriminals target our schools
Introduction | Security snapshot | Threat briefing Defending against attacks | Expert profile Education is essentially an “industry of industries,” with K-12 and higher education enterprises handling data that could include health records, financial data, and other regulated information. At the s…
CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches
CISA flags a critical Fortinet flaw under active exploitation. Palo Alto Networks and Cisco also release urgent security patches.
U.S. CISA adds Ivanti CSA and Fortinet bugs to its Known Exploited Vulnerabilities catalog
U.S. CISA adds Ivanti CSA and Fortinet vulnerabilities to its Known Exploited Vulnerabilities catalog (KEV).
Critical Vulnerabilities in Palo Alto Networks Expedition Could Expose Firewall Credentials, Patch Available
Critical Vulnerabilities in Palo Alto Networks Expedition Could Expose Firewall Credentials, Patch Available Palo Alto Networks has released patches addressing a set of critical vulnerabilities in its Expedition tool, which, if left unpatched, could lead to severe security risks. These flaws allow …
Technical Analysis of DarkVision RAT
IntroductionDarkVision RAT is a highly customizable remote access trojan (RAT) that first surfaced in 2020, offered on Hack Forums and their website for as little as $60. Written in C/C++, and assembly, DarkVision RAT has gained popularity due to its affordability and extensive feature set, making …
The Global State of Internet of Healthcare Things (IoHT) Exposures on Public-Facing Networks
Malware by the (Bit)Bucket: Uncovering AsyncRAT
Recently, we uncovered a sophisticated attack campaign employing a multi-stage approach to deliver AsyncRAT via a legitimate platform called Bitbucket.
US Faces Surge in Cyberattacks: CloudSEK Reports 800+ Ransomware Incidents in Five Months - CloudSEK News
CloudSEK reports over 800 ransomware attacks targeting U.S. sectors from June to October 2024, highlighting growing cyber threats and critical data breaches.
AhnLab EDR을 활용한 BPFDoor 리눅스 악성코드 탐지 - ASEC
BPFDoor는 Berkeley Packet Filter (BPF)를 활용한 백도어 악성코드로서 2021년 PWC 사의 위협 보고서를 통해 최초로 공개되었다. [1] 보고서에 따르면 중국 기반의 공격자인 Red Menshen이 중동 및 아시아를 대상으로 한 공격에 수년간 BPFDoor를 사용해 왔으며 최근에는 소스 코드가 공개되기도 하였다. BPFDoor는 BPF를 악용하여 웹 서버나 SSH 서비스같이 이미 동작 중인 서비스가 사용하는 포트에 공격자가 매직 […]
Cyble Urges ICS Vulnerability Fixes For TEM, Mitsubishi, And Delta Electronics - Cyble
Two of the vulnerable ICS/OT products identified by Cyble this week have no known fixes and require mitigation steps.
Mozilla issued an urgent Firefox update to fix actively exploited flaw
Mozilla released an urgent Firefox update to fix a critical use-after-free vulnerability actively exploited in ongoing attacks.
Core Werewolf hones its arsenal against Russia’s government organizations
Adversaries experiment with new tools and malware delivery methods.
Monthly Threat Actor Group Intelligence Report, August 2024 (KOR)
Monthly Threat Actor Group Intelligence Report, August 2024 (KOR) 2024년 7월 21일에서 2024년 8월 20일까지 NSHC 위협분석 연구소(Threat Research Lab)에서 수집한 데이터와 정보를 바탕으로 분석한 해킹 그룹(Threat Actor Group)들의 활동을 요약 정리한 내용이다. 이번 8월에는 총 29개의 해킹 그룹들의 활동이 확인되었으며, SectorJ 그룹이 41%로 가장 많았으며, SectorA, SectorE 그룹의 활동이 그 뒤를 이었다. …
Building a Automated Linux Sandbox for Malware Analysis
An automated Linux sandbox is vital today, enabling safe analysis of rising threats and helping us stay ahead of emerging vulnerabilities.
CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
Oct 10, 2024Ravie LakshmananVulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Fortinet products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The v…
Palo Alto fixed critical flaws in PAN-OS firewalls that allow for full compromise of the devices
Palo Alto fixed critical flaws in PAN-OS firewalls, warning that attackers could chain these vulnerabilities to hijack the devices.
CVE-2024-9463 : CVSS v4 Score 9.9
Includes: CVE-2024–9464,CVE-2024–9465, CVE-2024–9466,CVE-2024–9467
Ivanti Releases Fixes for Multiple Vulnerabilities Impacting Cloud Services Appliance (CVE-2024-9379, CVE-2024-9380, & CVE-2024-9381) – Qualys ThreatPROTECT
CISA Issues Urgent Advisory On Critical Vulnerabilities In Ivanti Products - Cyble
CISA has issued a critical advisory on vulnerabilities in multiple Ivanti products, including EPMM, CSA, and more, highlighting urgent security concerns.
Cyber Signals: Cyberthreats in K-12 and higher education | Microsoft Security Blog
Learn more about the cybersecurity challenges facing classrooms and campuses, and the critical need for robust defenses and proactive measures.
Adobe Family October 2024 Routine Security Update Advisory - ASEC
Overview Adobe(https://adobe.com) has released a security update that addresses a vulnerability in its supplied products. Users of affected systems are advised to update to the latest version. Affected Products Adobe Substance 3D Painter 10.0.1 or below versions Adobe Commerce 2.4.7-p2, 2.4.6…
Adobe 제품군 2024년 10월 정기 보안 업데이트 권고 - ASEC
개요 Adobe (https://adobe.com) 에서는 공급한 제품의 취약점을 해결하는 보안 업데이트를 발표하였습니다. 해당하는 시스템 사용자는 최신 버전으로 업데이트하시기 바랍니다. 대상 제품 Adobe Substance 3D Painter 10.0.1 및 이전 버전 Adobe Commerce 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 및 이전 버전 Adobe Commerce B2B 1.4.2-p2, 1.3.5-p7, 1.3.4-p9, 1.3.3-p10 및 이전 버전 Magento Op…
MS 제품군 2024년 10월 정기 보안 업데이트 권고 - ASEC
개요 Microsoft (https://www.microsoft.com) 에서는 공급한 제품의 취약점을 해결하는 보안 업데이트를 발표하였습니다. 해당하는 제품 사용자는 최신 버전으로 업데이트하시기 바랍니다. 대상 제품 Apps 제품군 Microsoft Outlook for Android Azure 제품군 Azure CLI Azure Monitor Agent Azure Service Connector Azure Service Fabric 10.0 for Linux Azure Service Fabric 10.1 fo…
MS Family October 2024 Routine Security Update Advisory - ASEC
Overview Microsoft(https://www.microsoft.com) has released a security update that fixes vulnerabilities in products it has supplied. Users of affected products are advised to update to the latest version. Affected Products Apps Suite Microsoft Outlook for Android Azure Suite Azure CLI Azu…
Google Android Family October 2024 Routine Security Update Advisory - ASEC
Overview Google(https://www.google.com) has released a security update that fixes vulnerabilities in the Android family of products. Users of affected products are advised to update to the latest version. Affected Products Android Framework Android System Android MediaTek Components Android Q…
Google Android 제품군 2024년 10월 정기 보안 업데이트 권고 - ASEC
개요 Google (https://www.google.com)에서는 Android 제품군의 취약점을 해결하는 보안 업데이트를 발표하였습니다. 해당하는 제품 사용자는 최신 버전으로 업데이트 하시기 바랍니다. 대상 제품 Android 프레임워크 Android 시스템 Android MediaTek 컴포넌트 Android Qualcomm 컴포넌트 해결된 취약점 Android 프레임워크에서 발생하는 높은 등급의 서비스 거부 취약점 (CVE-2024-40675) [2] Android 프레임워크에서 발생하는 높은 등급의 로컬…
마이크로소프트 워드 에서는 일부 문서를 저장하는 대신 삭제
Microsoft는 Windows용 Word에서 일부 문서를 저장하는 대신 삭제할 수 있는 새로운 알려진 문제에 대해 사용자에게 경고버그는 Microsoft 365용 Word 버전 2409, 빌드 18025.20104 사용자에게만 영향을 주며 문제는 사용자가 편집 후 Word를 닫고 저장하라는 메시지가 나타날 때만 발생을 하게 됩니다.영향을 받은 시스템에서 알려진 문제로 인해 파일 이름에 # 기호가 포함되어 있거나. DOCX 또는 .RTF와 같이 대문자로 표시된 파일 확장자가 있는 경우 저장 후 로컬에 저장된 파일이 삭제합니다.M…
Understanding Cyber Threats in the Health Care and Social Assistance Landscape - ReliaQuest
Nearly 30% of incidents across all sectors began with spearphishing, with the HSA sector disproportionately accounting for 13% of these attacks.
Telekopye transitions to targeting tourists via hotel booking scam
ESET Research shares new findings about Telekopye, a scam toolkit used to defraud people on online marketplaces, and newly on accommodation booking platforms.