Two ransomware groups abuse Microsoft’s Office 365 platform to gain access to target organizations
Two ransomware groups exploiting Microsoft 365 services and default settings to target internal enterprise users.
Flashpoint Weekly Vulnerability Insights and Prioritization Report
Using Flashpoint's vulnerability prioritization report, anticipate, contextualize, and manage vulnerabilities to effectively address threats.
Fileless Malware Nedir? S1Ep2 Cobalt Kitty Operasyonu
Fileless Malware ile ilgili ilk yazıyı bu konuda açıklamıştık. Bu seferki yazımızda başarılı ve organize bir şekilde gerçekleştirilen, Asya…
Dark Web Profile: OilRig (APT34) - SOCRadar® Cyber Intelligence Inc.
OilRig, also known as APT34, is a state-sponsored Advanced Persistent Threat (APT) group with strong ties to Iranian intelligence. Known for its sophisticated
Salt Typhoon: the Other Shoe Has Dropped, but Consternation Continues
On January 17, 2025, the United States government imposed sanctions on Sichuan Juxinhe Network Technology Co., LTD (Sichuan Juxinhe) (四川聚信和网络科技有限公司)., a Sichuan-based cybersecurity company, accusing it of “direct involvement in the Salt Typhoon cyber group,” a China-linked cyber threat group. Salt …
Malicious driver from Equation APT
This write up is about analyzing a malicious driver supposedly form the infamous APT Equation. You can download the sample from the…
绿盟威胁情报周报(2025.01.13-2025.01.19) – 绿盟科技技术博客
Cyber Briefing: 2025.01.222
👉 What’s trending in cybersecurity today?
Automating Threat Data Retrieval: How ThreatConnect, Polarity, and the TQL Generator are Changing the Game | ThreatConnect
You’re a CTI Analyst tasked with investigating a potential phishing campaign targeting your organization. An alert flags a suspicious email containing a URL that may be linked to a known threat actor. It would be best to determine the URL’s risk level, identify related indicators, and quickly distr…
ValleyRAT: A Rootkit Leveraging Stolen Certificates and Bypassing AVs
Malware details :
Targeted supply chain attack against Chrome browser extensions
In this blog post, learn about the supply chain attack targeting Chrome browser extensions and the associated targeted phishing campaign.
ランサムウェア集団、Microsoft Teamsのフィッシング攻撃でITサポートを装う - PRSOL:CC
ランサムウェア集団は、従業員を騙してリモートコントロールを許可させ、社内ネットワークへのアクセスを提供するマルウェアをインストールするために、Microsoft Teamsの通話で技術サポートを装った後に、電子メール爆撃を採用するケースが増えている。 脅威の主体は、短期間に何千ものスパムメッセージを送信し、その後、ITサポートを提供するふりをして、敵が管理するOffice 365インスタンスからターゲットに電話をかけます。 この手口は、昨年末からBlack Bastaランサムウェアに起因する攻撃で確認されているが、サイバーセキュリティ企業Sophosの研究者は、FIN7グループに関連している…
Oracle Critical Patch Update, January 2025 Security Update Review – Qualys ThreatPROTECT
Three New ICS Advisories Released by CISA Detailing Vulnerabilities & Mitigations
The Cybersecurity and Infrastructure Security Agency (CISA) announced three new Industrial Control Systems (ICS) advisories.
ประจำวันพุธที่ 22 มกราคม 2568
กลุ่ม APT “DoNot Team” ใช้มัลแวร์ Tanzeem โจมตีองค์กรในเอเชียใต้
Microsoft Monthly Security Update (October 2024) - RedPacket Security
Updated Description, Related Links.
Advanced Threat Detection: Exploiting Misconfigurations and System Tools
CIRT Scenarios Blog Series Part 2
Supercharge Your CTI: AI-Powered IOC Collection with ChatGPT, Inoreader and Google Drive
In today’s dynamic cybersecurity landscape, automating repetitive tasks is critical to improving operational efficiency. This tutorial…
Multiples vulnérabilités dans Node.js - CERT-FR
Multiples vulnérabilités dans Oracle Database Server - CERT-FR
Multiples vulnérabilités dans les produits Atlassian - CERT-FR
Oracle 2025年1月补丁日多产品高危漏洞安全风险通告
致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。
CVE-2025-21298 检测: Microsoft Outlook 中的严重零点击 OLE 漏洞会导致远程代码执行-安全KER - 安全资讯平台
安全KER - 安全资讯平台
Multiples vulnérabilités dans Oracle PeopleSoft - CERT-FR
Cisco warns of denial of service flaw with PoC exploit code
Cisco has released security updates to patch a ClamAV denial-of-service (DoS) vulnerability, which has proof-of-concept (PoC) exploit code.
JVN#15293958: Multiple vulnerabilities in I-O DATA router UD-LT2
Attacks on Maven proxy repositories
Learn how specially crafted artifacts can be used to attack Maven repository managers. This post describes PoC exploits that can lead to pre-auth remote code execution and poisoning of the local artifacts in Sonatype Nexus and JFrog Artifactory.
CVE-2025-23083:Node.js 漏洞暴露敏感数据和资源-安全KER - 安全资讯平台
安全KER - 安全资讯平台
Multiples vulnérabilités dans Oracle Weblogic - CERT-FR
Imperva Protects Against the Exploited CVEs in the Cleo Data Theft Attacks | Imperva
Imperva Protects Against the Exploited CVEs in the Cleo Data Theft Attacks
CVE-2025-21298 Detection: Critical Zero-Click OLE Vulnerability in Microsoft Outlook Results in Remote Code Execution - SOC Prime
Detect CVE-2025-21298 exploitation attempts, a critical RCE vulnerability in Windows OLE, with a free Sigma rule from SOC Prime.
New Mirai botnet variant Murdoc Botnet targets AVTECH IP cameras and Huawei HG532 routers
Researchers warn of a campaign exploiting AVTECH IP cameras and Huawei HG532 routers to create a Mirai botnet variant called Murdoc Botnet.
Imperva Protects Against the Exploited CVEs in the Cleo Data Theft Attacks
The Clop ransomware group has once again demonstrated its ability to exploit vulnerabilities to compromise sensitive systems. As Cleo—a managed file transfer provider for businesses—grapples with the aftermath of Clop’s targeted attack on their systems, the spotlight turns to CVE-2024-50623 and CVE…
Cyber Briefing: 2025.01.21
👉 What’s the latest in the cyber world today?
The New Face of Ransomware: Key Players and Emerging Tactics of 2024
As we step into 2025, the high-impact, financially motivated ransomware landscape continues to evolve.
Critical Mozilla Vulnerabilities Prompt Urgent Updates for Firefox and Thunderbird Users
Mozilla Firefox and Thunderbird users are facing a series of high-severity vulnerabilities that could leave systems open to exploitation. The
CERT-UA warned of scammers impersonating the agency using fake AnyDesk requests
CERT-UA warned of scammers impersonating the agency, using fake AnyDesk requests to conduct fraudulent security audits.
Sophos MDR tracks two ransomware campaigns using “email bombing,” Microsoft Teams “vishing”
Sophos MDR identifies a new threat cluster riffing on the playbook of Storm-1811, and amped-up activity from the original connected to Black Basta ransomware.
Russian Ransomware Groups Deploy Email Bombing and Teams Vishing
Sophos has warned of IT impersonation vishing attacks designed to remotely deploy ransomware
TA505 Threat Hunting: Advanced Queries for Detecting Malware and Cyber Attacks
TA505 is a financially motivated cybercriminal threat group that has been active since at least 2015, often referred to as GOLD TAHOE or…
InvisibleFerret Malware: Technical Analysis
Editor’s note: The current article is authored by Mauro Eldritch, offensive security expert and threat intelligence analyst. You can find Mauro on X. Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor. Enrol…
InvisibleFerret Malware: Technical Analysis - ANY.RUN's Cybersecurity Blog
Discover a detailed technical analysis of the InvisibleFerret malware that targets businesses across different industries.
Critical Mozilla Vulnerabilities Prompt Urgent Updates for Firefox and Thunderbird Users
Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor. Enroll Now and Save 10%: Coupon Code MWNEWS10 Note: Affiliate link – your enrollment helps support this platform at no extra cost to you. Overview …
Experts found multiple flaws in Mercedes-Benz infotainment system
Kaspersky researchers shared details about multiple vulnerabilities impacting the Mercedes-Benz MBUX infotainment system.
Mass Campaign of Murdoc Botnet Mirai: A New Variant of Corona Mirai | Qualys Security Blog
The Qualys Threat Research Unit has uncovered a large-scale, ongoing operation within the Mirai campaign, dubbed Murdoc Botnet. This variant exploits vulnerabilities targeting AVTECH Cameras and…
Unveiling Silent Lynx APT Targeting Entities Across Kyrgyzstan & Neighbouring Nations
Silent Lynx APT Targets Various Entities Across Kyrgyzstan & Neighbouring Nations Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor. Enroll Now and Save 10%: Coupon Code MWNEWS10 Note: Affiliate link – your…
ハッカーがソースコードを盗んだと主張し、HPEが侵害を調査 - PRSOL:CC
Hewlett Packard Enterprise (HPE)は、脅威行為者が同社の開発者環境からドキュメントを盗んだと述べた後、新たな侵害の主張を調査している。 同社は、セキュリティ侵害の証拠は見つかっていないが、脅威行為者の主張を調査中であると述べている。 「HPEは1月16日、IntelBrokerと呼ばれるグループがHPEの情報を所有していると主張していることに気づいた」と、広報担当のクレア・ロックスリー(Clare Loxley)氏は述べた。 「HPEは直ちにサイバー対応プロトコルを起動し、関連する認証情報を無効にし、申し立ての正当性を評価するための調査を開始しました。現時点では…
CVE Alert: CVE-2025-23221 - RedPacket Security
Fedify is a TypeScript library for building federated server apps powered by ActivityPub and other standards. This vulnerability allows a user to maneuver the
Kimsuky(김수키)에서 만든 공적조서(개인,양식)로 위장한 악성코드
오늘은 Kimsuky(김수키)에서 만든 공적조서(개인,양식)로 위장한 악성코드인 공적 조서(개인,양식).lnk 에 대해 글을 적어보겠습니다.일단 해당 악성코드는 lnk 파일 형식으로 돼 있으며 해당 악성코드를 열어 보면 PowerShell 로 동작을 합니다.StringData{ namestring: relativepath: not present workingdir: not present commandlinearguments: /k for /f "tok(e)ns=*" %a in ('dir C:\Wind…
工业交换机漏洞可被远程利用-安全KER - 安全资讯平台
安全KER - 安全资讯平台
Ransomware groups pose as fake tech support over Teams
A researcher at Sophos told CyberScoop that the company observed these tactics being used against multiple individuals and at least 15 organizations.
Multiples vulnérabilités dans les produits Elastic - CERT-FR
黑客声称窃取源代码,HPE 对漏洞进行调查-安全KER - 安全资讯平台
安全KER - 安全资讯平台
【奇安信情报沙箱】警惕伪装为文档的恶意快捷方式(LNK)文件
奇安信威胁情报中心近期发现一个恶意ZIP压缩包,其中包含一个LNK文件,会触发powershell执行,创建一个EXE文件,该EXE通过计划任务实现持久化,与C2通信并窃取多种数据。根据分析关联到名为ZIZI Stealer的恶意软件
Ransomware gangs pose as IT support in Microsoft Teams phishing attacks
Ransomware gangs are increasingly adopting email bombing followed by posing as tech support in Microsoft Teams calls to trick employees into allowing remote control and install malware that provides access to the company network.
7-Zip fixes bug that bypasses Windows MoTW security warnings, patch now
A high-severity vulnerability in the 7-Zip file archiver allows attackers to bypass the Mark of the Web (MotW) Windows security feature and execute code on users' computers when extracting malicious files from nested archives.
Cleo MFT Vulnerability CVE-2024-50623: Critical RCE Risk
Learn about CVE-2024-50623 affecting Cleo MFT products. Patch now to prevent RCE attacks and secure your systems.
JVN#83855727: FortiWeb vulnerable to SQL injection
Does Malware Detect Virtual Machines?
Virtual machines are a digital laboratory for malware analysis, an essential part of a malware analyst’s job, providing a safe haven where…
Esperts found new DoNot Team APT group's Android malware
Researchers linked the threat actor DoNot Team to a new Android malware that was employed in highly targeted cyber attacks.
Analyst’s Note — Kimsuky
The threat actor known as Kimsuky, also referred to as Emerald Sleet, has been observed targeting a United States-based think tank. The…
THREAT INTELLIGENCE: UNVEILING SUPPOSED APT38’S ATTACK INFRASTRUCTURE USING FAVICON HASH
APT38 — also known as NICKEL GLADSTONE, BeagleBoyz, Bluenoroff, Stardust Chollima, Sapphire Sleet, and COPERNICIUM — has been linked to…
Indian APT Group DONOT Misuses App for Intelligence Gathering
Android apps, linked to APT group DONOT, disguised as a chat platform for intelligence gathering
20th January– Threat Intelligence Report
For the latest discoveries in cyber research for the week of 20th January, please download our Threat Intelligence Bulletin. Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor. Enroll Now and Save 10%: Coupo…
20th January– Threat Intelligence Report - Check Point Research
For the latest discoveries in cyber research for the week of 20th January, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Hotel management platform Otelier has suffered a data breach that resulted in extraction of almost eight terabytes of data. The threat actors comprom…
How Star Blizzard Exploits WhatsApp in Spear Phishing Campaign - SOCRadar® Cyber Intelligence Inc.
Star Blizzard has shifted focus to exploiting WhatsApp accounts through malicious QR codes in their latest campaign...
Cyble Sensors Detect Attacks on Check Point, Ivanti and More
Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor. Enroll Now and Save 10%: Coupon Code MWNEWS10 Note: Affiliate link – your enrollment helps support this platform at no extra cost to you. Cyble honeypot…
Hackers Weaponize MSI Packages & PNG Files to Deliver Multi-stage Malware
Researchers have reported a series of sophisticated cyber attacks aimed at organizations in Chinese-speaking regions.
Qbot is Back.Connect
By: Joshua Platt, Jason Reaves and Jonathan McCay QBot is a modular information stealer also known as Qakbot or Pinkslipbot. It has been active since around 2007. It has historically been known as a banking Trojan, meaning that it steals financial data from infected systems, and a loader using C2 (…
Qbot is Back.Connect
By: Joshua Platt, Jason Reaves and Jonathan McCay
Developers, be careful when installing homebrew
January 18, 2025, Ryan Chenkie, web developer and multi-business owner, warned users on Twitter about a malware campaign using google’s…
The Feed 2025–01-
How A Large-Scale Russian Botnet Operation Stays Under the Radar : A large botnet that takes advantage of misconfigured DNS records is…
EFF Transition Memo to Trump Administration 2025
Contents 1. Introduction2. SurveillanceForeign Intelligence Surveillance Act Section 702Facial Recognition TechnologyBorder Search and Immigration SurveillanceSurveillance Tech at the Border and the Virtual WallReproductive Justice and Digital Surveillance2. Encryption and CybersecurityEnd-to-End...
Privacy Roundup: Week 3 of Year 2025
This is a news item roundup of privacy or privacy-related news items for 12 JAN 2025 - 18 JAN 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional "security" content mixed-in here due to the close relationship between online privacy and c…
Cyble Sensors Detect Attacks On Check Point, Ivanti And More
Cyble honeypots have detected vulnerability exploits on Check Point and Ivanti products, databases, CMS systems, and many other IT products.
Racing for everyone: descriptor describes TOCTOU in Apple's core
This blog post is about a new type of vulnerabilities in IOKit I discovered and submitted to Apple in 2016. I did a brief scan using a IDA script on MacOS and found at least four bugs with 3 CVEs assigned (CVE-2016-7620/4/5), see https://support.apple.com/kb/HT207423. I was told afterwards that the…
A bunch of Red Pills: VMware Escapes
BackgroundVMware is one of the leaders in virtualization nowadays. They offer VMware ESXi for cloud, and VMware Workstation and Fusion for Desktops (Windows, Linux, macOS). The technology is very well known to the public: it allows users to run unmodified guest “virtual machines”. Often those virtu…
Emerging Defense in Android Kernel
There was a time that every Linux kernel hacker loves Android. It comes with a kernel from stone-age with merely any exploit mitigation. Writing exploit with any N-day available was just a walk in the park. Now a days Google, ARM and many other SoC/device vendors have put many efforts hardening the…
Fortinet Products Multiple Vulnerabilities - RedPacket Security
Multiple vulnerabilities were identified in Fortinet Products. A remote attacker could exploit some of these vulnerabilities to trigger elevation of
RST TI Report Digest: 20 Jan 2025
We analysed 49 threat intelligence articles that we collected last week and are sharing a short summary of 10 of them.
Planet WGS-804HPT Industrial Switch flaws could be chained to achieve remote code execution
Critical flaws in WGS-804HPT switches could be chained to gain remote code execution on Planet Technology's industrial devices.
APT-C-26(Lazarus)组织持续升级攻击武器,利用Electron程序瞄准加密货币行业
360高级威胁研究院捕获到了Lazarus组织利用Electron打包的恶意程序,该程序伪装成货币平台的自动化交易工具安装包,被用来对加密货币行业相关人员进行攻击
Threat Intelligence Report January 14th – January 20th, 2025
Red Piranha detected 2 new threats: SocGholish and Lumma Stealer. This week’s ransomware in focus is Lynx Ransomware.
HPE investigates breach as hacker claims to steal source code
Hewlett Packard Enterprise (HPE) is investigating claims of a new breach after a threat actor said they stole documents from the company's developer environments.
2024 macOS Malware Review | Infostealers, Backdoors, and APT Campaigns Targeting the Enterprise
Learn about the key macOS malware families from 2024, including tactics, IoCs, opportunities for detection, and links to further reading.
Zyxel vulnerability exploited by "Helldown" ransomware group
Introduction As Yarix's Incident Response Team, our responsibilities are to manage critical issues related to cyber-attacks carried out by cybercriminals, intervening promptly in order to guarantee security to victim companies and to minimize latent risks, analyzing the systems within their infrast…
Unveiling Silent Lynx APT: Targeting Central Asian Entities with Malicious Campaigns
Seqrite Labs uncovers Silent Lynx, a new APT group targeting government entities in Kyrgyzstan and neighboring nations. This in-depth analysis explores their campaigns, including malicious ISO files, C++ loaders, PowerShell scripts, and Golang implants, leveraging Telegram for command and control.
Multiples vulnérabilités dans Microsoft Edge - CERT-FR
Bulletin d'actualité CERTFR-2025-ACT-003 - CERT-FR
Malware development trick 44: Stealing data via legit GitHub API. Simple C example
﷽ Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor. Enroll Now and Save 10%: Coupon Code MWNEWS10 Note: Affiliate link – your enrollment helps support this platform at no extra cost to you. Hello, cyber…
Security Affairs newsletter Round 507 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free.
Tracking Adversaries: Ghostwriter APT Infrastructure
Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor. Enroll Now and Save 10%: Coupon Code MWNEWS10 Note: Affiliate link – your enrollment helps support this platform at no extra cost to you. Introduction to …
Weekly Cybersecurity Roundup: Jan 13, 2025 — Jan 19, 2025
Critical Aviatrix Controller Vulnerability Exploited Against Cloud Environments
10 Serangan Cyber Paling Bersejarah yang Mengubah Dunia Internet
Keamanan siber kini menjadi bagian tak terpisahkan dari era digital. Dengan semakin banyak data yang disimpan secara online.
Tracking Adversaries: Ghostwriter APT Infrastructure
CTI, threat intelligence, OSINT, malware, APT, threat hunting, threat analysis, CTF, cybersecurity, security
Missing Link: Die Ära der Ransomware beginnt mit einer 5,25"-Diskette
Vor 35 Jahren markierte eine schlichte 5,25 Zoll-Diskette mit der Aufschrift "AIDS Information" den Beginn einer der größten Geißeln der vernetzten Menschheit.
ZDI-25-031
Ivanti Endpoint Manager MyResolveEventHandler Untrusted Search Path Remote Code Execution Vulnerability