November 27, 2024 at 04:22AM A Russia-linked hacking group, RomCom, has exploited two recent Firefox and Windows zero-day vulnerabilities to install a backdoor on victims’ machines. Mostly targeting entities in North America and Europe, the group employs sophisticated methods requiring no user interaction, highlighting their capacity for stealthy cyber operations. ### Meeting Takeaways: 1. **APT … Read more
August 22, 2024 at 11:51AM Log4j zero-day exploits continue to be a threat despite being discovered two years ago. Cybercriminals are still targeting unpatched corporate systems, deploying malware scripts and crypto-currency miners. Nation-state actors have incorporated Log4j exploits into their toolkits, and eradicating the issue is challenging due to software dependencies. Datadog Security Labs recently … Read more
August 9, 2024 at 01:02PM AMD has issued a warning about a high-severity CPU vulnerability, SinkClose, affecting multiple generations of EPYC, Ryzen, and Threadripper processors. This flaw allows attackers to gain Ring -2 privileges, enabling malware installation undetectable by typical security tools. The attack has gone undetected for almost 20 years and poses significant threats, … Read more
June 24, 2024 at 09:08PM Multiple cyber-espionage groups compromised telecommunications operators in Asia-Pacific, using custom malware and backdoors. China-linked groups including Fireant, Neeedleminer, and Firefly were involved, targeting at least two countries. The attacks pose risks of eavesdropping, surveillance, and potential disruption to target countries’ critical infrastructure. Nations in the region continue to face escalating … Read more
May 1, 2024 at 05:09AM APT & Targeted Attacks Summary Cybercriminals and nation state actors both exploit compromised routers for anonymization. FBI disrupted Pawn Storm’s botnet of Ubiquiti EdgeRouters, which was used for various malicious activities. Despite the disruption, the botnet operator continued to control some bots. Multiple threat actors used backdoored SSH servers on … Read more
March 11, 2024 at 06:51AM Permiso Security has released CloudGrappler, an open source tool to detect cloud environment intrusions by advanced persistent threat (APT) actors. CloudGrappler specializes in querying for activity by known threat actors and provides detailed reports in JSON format. The tool is available on GitHub for users to access and utilize. The … Read more
January 30, 2024 at 06:27PM Attacks are exploiting zero-day vulnerabilities in Ivanti VPNs allowing remote code execution and authentication bypass. Rust-based backdoors are being deployed, downloading a backdoor malware, “KrustyLoader.” Chinese state-sponsored APT actors are exploiting these bugs worldwide. Patches for the vulnerabilities (CVE-2024-21887 and CVE-2023-46805) have been delayed, with Ivanti targeting a release this … Read more