APT 김수키(Kimsuky)에서 만든 악성코드-pay.bat(2024.11,27)
오늘은 APT 김수키(Kimsuky)에서 만든 악성코드-pay.bat(2024.11,27)에 대해 글을 적어 보겠습니다.해당 악성코드는 배치 파일을 악용하는 것이 특징이면 일단 실행이 되면 현재 폭파된 드롭박스에서 무엇가 다운로드 하는 것 같습니다.해시파일명: pay.bat사이즈:1,687 BytesMD5:b262ac518c0114f414aaedbb4ef7c728SHA-1:fd02470c6cc4ceb5fad3589d02e5148a8c738b83SHA-256:8e0eb0d36bfd4e28ec6a10acccf899740df704845…
Veeam Service Provider Console (VSPC) Users Urged to Patch CVE-2024-42448 and CVE-2024-42449 - SOCRadar® Cyber Intelligence Inc.
Veeam has recently released patches addressing two serious security vulnerabilities in its Service Provider Console (VSPC), a critical tool for monitoring and
Sichuan Silence Information Technology: Great Sounds are Often Inaudible
For five long years, Sophos, a United Kingdom (UK)-based information security company, battled Chinese nation-state threat actors who lobbed “botnets, novel exploits, and bespoke malware” against the company’s firewalls and other perimeter devices. Sophos described this battle in its October 2024 “…
Snowblind: The Invisible Hand of Secret Blizzard
Executive Summary Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor of the Malware Binary Triage (IMBT) course starting this Black Friday and Cyber Monday! Enroll Now and Save 10%: Coupon Code MWNEWS10 Note…
Snowblind: The Invisible Hand of Secret Blizzard - Lumen Blog
A prolinged espionage campaign by Russian threat group Turla to penetrate Pakistani targets and the Pakistanis themselves
🚨 Critical RCE Vulnerability in Veeam Service Provider Console — Update Now! 🛡️ 🚨
WIRE TOR — The Ethical Hacking Services
The Rise of Holiday Scams and State-Sponsored Cyber Threats
Cyber threats never take a holiday, and in this week’s episode, the Breaking Badness team explores how the festive season becomes a playground for cybercriminals.
Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware | Rapid7 Blog
Beginning in early October, Rapid7 has observed a resurgence of activity related to the ongoing social engineering campaign being conducted by Black Basta ransomware operators.
Veeam addressed critical Service Provider Console (VSPC) bug
Veeam addressed a critical vulnerability in Service Provider Console (VSPC) that could allow remote attackers to execute arbitrary code.
Cyber Briefing: 2024.12.04
👉 What’s trending in cybersecurity today?
Old Cisco ASA Vulnerability (CVE-2014-2120) Fuels Androxgh0st Botnet Activity - SOCRadar® Cyber Intelligence Inc.
Androxgh0st botnet has been observed exploiting the flaw in Cisco ASA, alongside others, to enable unauthorized access and malware...
Vulnerabilities in ICS: A Detailed Analysis of Recent Security Advisories and Threats
Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor of the Malware Binary Triage (IMBT) course starting this Black Friday and Cyber Monday! Enroll Now and Save 10%: Coupon Code MWNEWS10 Note: This is an affili…
Veeam Service Provider Console (VSPC) Users Urged to Patch CVE-2024-42448 and CVE-2024-42449
Veeam Service Provider Console (VSPC) Users Urged to Patch CVE-2024-42448 and CVE-2024-42449 Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor of the Malware Binary Triage (IMBT) course starting this Black Fr…
Machine Learning Bug Bonanza - Exploiting ML Clients and “Safe” Model Formats
Protect your AI/ML development environment with JFrog Security Research's recent discovery of vulnerabilities in ML clients and "safe" model formats.
Old Cisco ASA Vulnerability (CVE-2014-2120) Fuels Androxgh0st Botnet Activity
Old Cisco ASA Vulnerability (CVE-2014-2120) Fuels Androxgh0st Botnet Activity Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor of the Malware Binary Triage (IMBT) course starting this Black Friday and Cyber …
Unmasking APT1: The World’s Most Prolific Advanced Persistent Threat
Cyber Threat Intelligence Report on Advanced Persistent Threats: (APT1)
U.S. CISA adds ProjectSend, North Grid Proself, and Zyxel firewalls bugs to its Known Exploited Vulnerabilities catalog
U.S.CISA adds ProjectSend, North Grid Proself, and Zyxel firewalls bugs to its Known Exploited Vulnerabilities catalog.
Progress WhatsUp Gold Remote Code Execution Vulnerability (CVE-2024-8785) – Qualys ThreatPROTECT
AI-Powered Fake News Campaign Targets Western Support for Ukraine and U.S. Elections - CyberSRC
The Social Design Agency (SDA), a Moscow-based company, has been identified as conducting Operation Undercut, a sophisticated disinformation campaign aimed […]
SMB Relay to Reverse Shells: Initial Attack Vector Evading AV
Setup & Summary
CISA Alerts New ICS Vulnerabilities Across Products
CISA alerts users about the latest ICS vulnerabilities in Schneider Electric & Hitachi Energy systems.
XWorm Malware Analysis: New Tricks for an Old Payload
Delve into the technical details of the XWorm malware, exploring its multi-stage infection chain, payload delivery, and evasion techniques. Learn how to protect your systems against this persistent threat.
保护您的网络: Zyxel 发布固件更新-安全客 - 安全资讯平台
安全客 - 安全资讯平台
Japan warns of IO-Data zero-day router flaws exploited in attacks
Japan's CERT is warning that hackers are exploiting zero-day vulnerabilities in I-O Data router devices to modify device settings, execute commands, or even turn off the firewall.
The Rise of Cross-Domain Attacks Demands a Unified Defense | CrowdStrike
Cross-domain threats exploit gaps across endpoint, identity, and cloud systems. Learn how to detect, analyze, and respond to these stealthy attacks with speed and precision.
The Road to Agentic AI: Exposed Foundations
Our research into Retrieval Augmented Generation (RAG) systems uncovered at least 80 unprotected servers. We highlight this problem, which can lead to potential data loss and unauthorized access.
JVN#46615026: Multiple vulnerabilities in I-O DATA routers UD-LT1 and UD-LT1/EX
Fog Ransomware
Intel 471 empowers cybersecurity teams worldwide to be proactive with its TITAN platform and comprehensive coverage into the criminal underground.
Salt Typhoon Threat Group
Intel 471 empowers cybersecurity teams worldwide to be proactive with its TITAN platform and comprehensive coverage into the criminal underground.
Russian hackers hijack Pakistani hackers' servers for their own attacks
The notorious Russian cyber-espionage group Turla is hacking other hackers, hijacking the Pakistani threat actor Storm-0156's infrastructure to launch their own covert attacks on already compromised networks.
Multiples vulnérabilités dans les produits Veeam - CERT-FR
Russian-linked Turla caught using Pakistani APT infrastructure for espionage
A Russian cyber-espionage group has been caught using networks associated with a Pakistani-based APT group.
Multiples vulnérabilités dans HPE Aruba Networking ClearPass Policy Manager - CERT-FR
Extending Falco for Salesforce
As many in the CNCF community know, Falco’s flexibility can be extended through Plugins, allowing users to build custom integrations to meet their unique security needs. Plugins extend the core functionalities of Falco, enabling new event sources and detection capabilities. This flexibility is espe…
Lorex 2K Indoor Wi-Fi Security Camera: Multiple Vulnerabilities (FIXED) | Rapid7 Blog
The Lorex 2K Indoor Wi-Fi Security Camera is a consumer security device that provides cloud-based video camera surveillance capabilities. This device was a target at the 2024 Pwn2Own IoT competition. As of December 3, 2024, we are disclosing these issues publicly in coordination with the vendor.
NSI Experts in the News — All Things National Security
In a world that is always changing, NSI experts offer insight on critical stories in the news. Please continue reading for their take on…
Building a Natural Language Interface for Shodan’s InternetDB API
Building a natural language interface for Shodan’s InternetDB API revealed how crucial prompt engineering is for getting useful security…
CISA: CISA Releases Eight Industrial Control Systems Advisories - RedPacket Security
CISA Releases Eight Industrial Control Systems Advisories
Most Exploited Vulnerabilities of 2023 (Insights to Define Cybersecurity in 2025) - SOCRadar® Cyber Intelligence Inc.
The majority of the most frequently exploited vulnerabilities in 2023 were initially exploited as zero-days—an alarming shift from the previous year...
Extracting Account Connectivity Credentials (ACCs) from Symantec Management Agent (aka Altiris) - MDSec
Introduction On a recent Red Team for a particularly hardened client, we were looking to escalate our privileges in order to move off the endpoint and pivot into the server...
SmokeLoader Malware Detection: Notorious Loader Reemerges to Target Companies in Taiwan - SOC Prime
Detect SmokeLoader malware targeting organizations in Taiwan with a set of curated Sigma rules from SOC Prime Platform.
Inside Akira Ransomware’s Rust Experiment
Executive Summary Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor of the Malware Binary Triage (IMBT) course starting this Black Friday and Cyber Monday! Enroll Now and Save 10%: Coupon Code MWNEWS10 Note…
Inside Akira Ransomware's Rust Experiment - Check Point Research
Executive Summary Introduction Earlier this year, Talos published an update on the ongoing evolution of Akira ransomware-as-a-service (RaaS) that has become one of the more prominent players in the current ransomware landscape. According to this update, for a while in early 2024, Akira affiliates e…
Most Exploited Vulnerabilities of 2023 (Insights to Define Cybersecurity in 2025)
Most Exploited Vulnerabilities of 2023 (Insights to Define Cybersecurity in 2025) Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor of the Malware Binary Triage (IMBT) course starting this Black Friday and Cy…
Phishing Threat Investigation with TI Lookup: Expert Use Cases
TI Lookup from ANY.RUN is a versatile tool for gathering up-to-date intelligence on the latest cyber threats. The best way to demonstrate…
Stealth, Scale, and Strategy: Exploring China’s Covert Network Tactics
Hello to all our Cyber Frogs! Join host Selena Larson and guest host, Sarah Sabotka, explore the evolving tactics of China-based nation-state threat actors with guest Mark Kelly, Staff Threat Researcher at Proofpoint. They focus on TA415 (APT41 or Brass Typhoon), examining its combination of cyberc…
Tuesday Morning Threat Report: Dec 3, 2024
INTERPOL operation nabs 1,000 suspects, hacking kits bypass MFA protections, and a cyberattack sends U.K. hospitals back to pen and paper
텔레그램을 사칭을 하는 정체 모를 APT-Telegram.txt.lnk(2024.11.27)
오늘은 텔레그램으로 속이는 정체 모를 APT-Telegram(.)txt(.)lnk(2024.11.27)에 대해 알아보겠습니다.텔레그램은 2013년 8월 14일에 출시하고 개발 및 운영 중인 오픈 소스 모바일 메신저이며 러시아 태생의 니콜라이 두로프(Николай Дуров, Nikolai Durov),파벨 두로프 형제가 개발하여 2013년 8월에 iOS용으로 처음 출시 현재는 안드로이드·Windows, Windows Phone,리눅스,macOS,브라우저까지 지원하는 메신저이며 한때에는 카카오 톡 사찰 논란이 터지자 많은 사람이 사…
新型 Ymir 勒索软件利用内存进行隐蔽攻击;目标是企业网络-安全客 - 安全资讯平台
安全客 - 安全资讯平台
从美国到阿联酋: APT35 扩大网络间谍活动范围-安全客 - 安全资讯平台
安全客 - 安全资讯平台
Gafgyt Malware Targeting Docker Remote API Servers
Our researchers identified threat actors exploiting misconfigured Docker servers to spread the Gafgyt malware. This threat traditionally targets IoT devices; this new tactic signals a change in its behavior.
Multiples vulnérabilités dans les produits Axis - CERT-FR
Extending Falco for Salesforce
As many in the CNCF community know, Falco’s flexibility can be extended through Plugins, allowing users to build custom integrations...
PROXY.AM Powered by Socks5Systemz Botnet | Bitsight
After a year long investigation, Bitsight TRACE follows up on Socks5Systemz research.
Multiples vulnérabilités dans Ruby on Rails - CERT-FR
Multiples vulnérabilités dans Google Android - CERT-FR
Veeam warns of critical RCE bug in Service Provider Console
Veeam released security updates today to address two Service Provider Console (VSPC) vulnerabilities, including a critical remote code execution (RCE) discovered during internal testing.
Unveiling RevC2 and Venom Loader
IntroductionVenom Spider, also known as GOLDEN CHICKENS, is a threat actor known for offering Malware-as-a-Service (MaaS) tools like VenomLNK, TerraLoader, TerraStealer, and TerraCryptor. These tools have been utilized by other threat groups such as FIN6 and Cobalt in the past. Recently, Zscaler Th…
Ransomware December 2024 Threat Intel
Sources
Cyber Briefing: 2024.12.02
👉 What’s happening in cybersecurity today?
🚨 Critical Vulnerability Discovered in Zabbix Network Monitoring Tool 🚨
WIRE TOR — The Ethical Hacking Services
SmokeLoader Attack Targets Companies in Taiwan | FortiGuard Labs
FortiGuard Labs has uncovered an attack targeting companies in Taiwan with SmokeLoader, which performs its attack with plugins this time. Learn more.…
BianLian's Shape-Shifting Tactics: From Encryption to Pure Extortion
Explore BianLian's shift to data extortion, advanced TTPs like LSASS dumping & RDP exploits, and major incidents like BCHP breach. Mitigation insights included.
2nd December – Threat Intelligence Report | #ransomware | #cybercrime | National Cyber Security Consulting
For the latest discoveries in cyber research for the week of 2nd December, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Supply chain software provider Blue Yonder was hit by a ransomware attack, disrupting services for clients like Starbucks and UK grocery chains Morri…
CISA Releases New List of Known Exploited Vulnerabilities, Urges Immediate Actions
Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor of the Malware Binary Triage (IMBT) course starting this Black Friday and Cyber Monday! Enroll Now and Save 10%: Coupon Code MWNEWS10 Note: This is an affili…
2nd December – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 2nd December, please download our Threat Intelligence Bulletin. Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor of the Malware Binary Triage (IM…
2nd December – Threat Intelligence Report - Check Point Research
For the latest discoveries in cyber research for the week of 2nd December, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Supply chain software provider Blue Yonder was hit by a ransomware attack, disrupting services for clients like Starbucks and UK grocery chains Morri…
CISA Reveals the Top 15 Most Exploited Vulnerabilities of 2023
Discover the top 15 most exploited vulnerabilities of 2023, as revealed by CISA, with insights into critical risks and the importance of timely patching.
Целевая вредоносная кампания доставляет Remcos, DarkGate и BrockenDoor
Вредоносная кампания, нацеленная на организации, специализирующиеся на внедрении ПО для автоматизации бизнеса, использует RLO, доставляет Remcos, DarkGate и новый бэкдор BrockenDoor.
Threat Intelligence RoundUp: November
This blog series highlights the top threat intelligence articles that our readers found the most interesting this month.
NetSupport RAT and RMS in malicious emails
Attackers are sending malicious scripts that download the Remote Manipulator System (RMS) build, known as BurnsRAT, and NetSupport RAT
Apache ActiveMQ 취약점(CVE-2023-46604) 취약점을 공격하는 Mauri 랜섬웨어 공격자 - ASEC
AhnLab Security Emergency response Center(ASEC)은 과거 수 차례의 블로그 포스팅들을 통해 CVE-2023-46604 취약점 대상 공격 사례들을 다루었다. 취약점 패치가 이루어지지 않은 시스템들은 아직까지도 지속적인 공격 대상이 되고 있으며 주로 코인 마이너 설치 사례들이 확인된다. 하지만 최근 Mauri 랜섬웨어를 사용하는 공격자가 Apache ActiveMQ 취약점을 악용해 국내 시스템을 공격 중인 정황을 확인하였다. 1. Apache ActiveMQ 취약점 […]
CISA Update The Known Exploited Vulnerabilities Catalog
CISA's updated list of Known Exploited Vulnerabilities highlights critical flaws like CVE-2024-11680, urging immediate action to prevent cyberattacks.
MediaTek Processor Vulnerabilities Let Attackers escalate privileges
Several vulnerabilities affecting MediaTek processors have been identified, potentially allowing attackers to escalate privileges on affected devices.
Poison Ivy APT Launches Continuous Cyber Attack on Defense, Gov, Tech & Edu Sectors
Researchers uncovered the resurgence of APT-C-01, also known as the Poison Ivy group, an advanced persistent threat organization notorious for its sustained cyber attacks.
Over Two Dozen Flaws Identified in Advantech Industrial Wi-Fi Access Points – Patch ASAP - CyberSRC
The security vulnerabilities recently disclosed in Advantech EKI industrial-grade wireless access point devices present a serious threat to industrial networks. […]
RST TI Report Digest: 02 Dec 2024
This is a weekly threat intelligence report review from RST Cloud. This week, we analyzed 35 threat intelligence reports.
The Curious Case of an Egg-Cellent Resume
Key Takeaways Initial access was via a resume lure as part of a TA4557/FIN6 campaign. The threat actor abused LOLbins like ie4uinit.exe and msxsl.exe to run the more_eggs malware. Cobalt Strike and…
Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution
<p>Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for <span style="color: black;">remote </span>code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and w…
JVN#53958863: Multiple vulnerabilities in UNIVERGE IX/IX-R/IX-V series routers
Bulletin d'actualité CERTFR-2024-ACT-052 - CERT-FR
위협 행위자 김수키의 이메일 피싱 캠페인 분석
김수키(Kimsuky) 그룹은 대북 연구원과 기관을 타깃으로 이메일을 활용한 피싱 공격을 지속하고 있습니다. 이들은 주로 금융기관과 공공기관의 전자문서를 사칭하며, 발신지와 도메인을 계속 변경하며 탐지를 회피하고, 피해자의 계정을 탈취해 추가 공격을 시도합니다.
Linux安全警报:首个UEFI bootkit恶意软件现身;ThinkPad笔记本曝硬件级漏洞,黑客可偷偷控制摄像头 | 牛览 - 安全牛
安全牛
CVE-2024-11980 (CVSS 10):十亿电动路由器中的严重缺陷-安全客 - 安全资讯平台
安全客 - 安全资讯平台
Unveiling RevC2 and Venom Loader
Zscaler ThreatLabz discovered two new malware families, RevC2 & Venom Loader, deployed using Venom Spider MaaS Tools.
Thousands more cyber scammers nabbed by Interpol operation • The Register | #cybercrime | #infosec | National Cyber Security Consulting
Infosec in brief Interpol and its financial supporters in the South Korean government are back with another round of anti-cybercrime arrests via the fifth iteration of Operation HAECHI, this time nabbing more than 5,500 people suspected of scamming and seizing hundreds of millions in digital and fi…
Geopolitical strife drives increased ransomware activity | #ransomware | #cybercrime | National Cyber Security Consulting
Recorded ransomware attack volumes rose by 19% during October 2024 to a total of 468 incidents worldwide, a significant number of them in the US, where the controversial presidential election likely emboldened Russian-speaking threat actors to strike, according to NCC Group’s latest monthly Threa…
Cooctus Stories
This room is about the Cooctus Clan
Security Affairs newsletter Round 500 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free.
CVE Alert: CVE-2024-36619 - RedPacket Security
FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of the libavcodec library which allows for an integer overflow when handling certain block types,
CVE Alert: CVE-2024-35369 - RedPacket Security
In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vulnerability exists due to insufficient validation of
⚠️ Microsoft Hacking Warning 450 Million Windows Users Must Now Act! 🖥️🔒
WIRE TOR — The Ethical Hacking Services
🚨 Russian Script Kiddie Builds Massive DDoS Botnet 😱🌐
WIRE TOR — The Ethical Hacking Services
Understanding Kernel Exploitation: How Cybercriminals Target OS Kernels to Control Systems
Kernel exploitation is one of the most sophisticated and dangerous forms of hacking. By targeting the core of an operating system…
APT 10 (MenuPass Group) - Threat Actor
State-sponsored Chinese hacking group
[CyberSec] Creating Detection Rules Based on MITRE ATT&CK in Splunk SIEM
Leveraging External Resources for Enhanced Threat Detection
AI-Powered Fake News Campaign Targets Western Support for Ukraine and U.S. Elections
A Moscow-based company sanctioned by the U.S. earlier this year has been linked to yet another influence operation designed to turn public…
Cyber Threat Intelligence Report | RomCom (UAT-5647)
RomCom, known as UAT-5647, is a threat actor group known for using multiple zero-day exploits in the wild and conducting cyber espionage.
Cybersecurity News Review — Week 48
I had to cut a lot from this week’s packed list of cybersecurity developments, but this newsletter will hopefully help you efficiently digest all the key updates. Russian APT group Fancy Bear…