July 16, 2024 at 09:41AM A Trend Micro blog post reveals new details about the exploit of a Microsoft zero-day flaw by an APT group known as Void Banshee, spreading the Atlantida Stealer in a spear-phishing campaign targeting victims in North America, Europe, and Southeast Asia. The attackers use unpatched vulnerabilities in the now-retired Internet … Read more
July 15, 2024 at 10:55AM CVE-2024-38112, exploited by APT group Void Banshee, allowed them to use a zero-day to access and execute files via the disabled Internet Explorer using MSHTML. The vulnerability was promptly reported to Microsoft and patched. Void Banshee lured victims using zip archives with malicious files disguised as PDFs, targeting North America, … Read more
March 31, 2024 at 10:42AM Security researchers have observed the Linux version of DinodasRAT, also known as XDealer, targeting Red Hat and Ubuntu systems since at least 2022. The malware, previously detected on Windows, is part of espionage campaigns targeting government entities globally. The Linux variant creates persistence and communicates with a command and control … Read more
February 13, 2024 at 03:16PM Water Hydra exploited the zero-day Microsoft Defender SmartScreen vulnerability (CVE-2024-21412) targeting financial market traders. The Trend Micro Zero Day Initiative discovered and disclosed this, cooperating with Microsoft to ensure a rapid patch. Water Hydra also used similar tactics in a campaign targeting traders. The group’s attack patterns reflect high levels … Read more
November 28, 2023 at 04:36AM Amid the ongoing conflict between Israel and Hamas, attackers associated with Hamas are using an updated version of the SysJoker backdoor to target Israeli entities. This new variant, written in the Rust programming language, retains similar functionalities but has undergone significant evolution. The attackers are also utilizing OneDrive instead of … Read more