TA866 Makes a Comeback with Extensive Email Campaign
Summary: The threat actor identified as TA866 has returned after a hiatus of nine months, launching a new extensive phishing campaign aimed at distributing well-known malware families like WasabiSeed and Screenshotter. Threat Level – Red | Attack Report For a detailed threat advisory, download the pdf …
COLDRIVER Expands Beyond Phishing, Incorporating Custom SPICA Backdoor
Summary: The threat actor associated with Russia, known as COLDRIVER or Star Blizard, has expanded its tactics from mere credential harvesting. The group has initiated campaigns where PDFs are employed as lure documents to distribute malware. Notably, COLDRIVER has introduced its first custom malware, the …
Mint Sandstorm’s Campaign Targets Researchers with Novel Backdoor
Summary: Mint Sandstorm, a threat actor, focuses on high-profile individuals involved in Middle Eastern affairs at universities and research organizations. The group utilizes phishing lures in a campaign to socially engineer targets, enticing them to download malicious files that deploy new backdoor malware. Threat Level …
Androxgh0st Malware Uses Stealthy Tactics in Pilfering Credentials
Summary: The Androxgh0st malware is building a botnet, specifically aimed at illicitly obtaining cloud credentials from popular applications such as Amazon Web Services (AWS), Microsoft Office 365, SendGrid, and Twilio. This stolen data is then utilized to disseminate additional harmful payloads. Threat Level – Red …
GitLab Fixes Critical Account Takeover Vulnerability
Summary: Critical GitLab vulnerability (CVE-2023-7028) enables unauthorized users to take over the administrator account without user interaction. Exploiting password reset flaws, attackers can submit two emails, both target as well as attacker account leading to complete account takeover. Users with two-factor authentication are safe, and …
Citrix Warns of Critical Netscaler Flaws Actively Exploited in Attacks – Urges Immediate Patching
Summary: Two zero-day security vulnerabilities, identified as CVE-2023-6548 and CVE-2023-6549, have been discovered in NetScaler ADC and NetScaler Gateway. These vulnerabilities are actively exploited in the wild. CVE-2023-6548 affects the NetScaler management interface, potentially leading to remote code execution, while CVE-2023-6549 exposes unpatched NetScaler instances …
Google Fixes First Actively Exploited Chrome Zero-day of 2024
Summary: Google has addressed the first actively exploited Chrome zero-day vulnerability of 2024, identified as CVE-2024-0519. It’s a high-severity ‘out-of-bounds memory access’ weakness in Chrome’s V8. Attackers could exploit it to access data beyond the intended memory buffer, potentially leaking sensitive information or causing the …
Juniper’s Critical RCE Vulnerability Shakes Network Security
Summary: Juniper Networks has a critical remote code execution (RCE) vulnerability, CVE-2024-21591, which affects SRX Series firewalls and EX Series switches. This flaw enables attackers to trigger a Denial-of-Service condition and potentially execute remote code with root privileges. Threat Level – Red | Vulnerability Report …
Windows SmartScreen Exploit Paves the Way for Phemedrone Stealer
Summary: The Phemedrone stealer malware campaign exploits a vulnerability in Microsoft Defender SmartScreen. Phemedrone, an open-source information-stealing malware written in C#, is designed to extract data from web browsers, and cryptocurrency wallets. Threat Level – Red | Attack Report For a detailed threat advisory, download the …
New Attacks Target Misconfigured Apache Applications with Monero Miner
Summary: A recently identified attack exploits misconfigurations in Apache Hadoop and Flink to deploy cryptocurrency miners within targeted environments. This attack stands out due to the attacker’s utilization of packers and rootkits to conceal the malware, adding an extra layer of complexity and stealth to …