Chinese hackers exploit Fortinet VPN zero-day to steal credentials

November 18, 2024 at 05:48PM Chinese hackers “BrazenBamboo” exploit a zero-day vulnerability in Fortinet’s FortiClient VPN using a tool called ‘DeepData’ to extract user credentials. Discovered by Volexity in July 2024, the flaw has not been patched, risking corporate networks. VPN access should be restricted until Fortinet releases a fix. ### Meeting Takeaways 1. **Zero-Day … Read more

Iranian Hackers Target Aerospace Industry in ‘Dream Job’ Campaign

November 14, 2024 at 12:53PM Iran-linked Charming Kitten hackers are targeting the aerospace sector through a ‘dream job’ campaign using SnailResin malware, as reported by SecurityWeek. **Meeting Takeaways:** 1. **Threat Actor:** Iranian-linked hackers known as Charming Kitten. 2. **Campaign Details:** The hackers have launched a ‘dream job’ campaign. 3. **Targeted Industry:** The aerospace sector is … Read more

Citrix ‘Recording Manager’ Zero-Day Bug Allows Unauthenticated RCE

November 12, 2024 at 10:25AM A zero-day vulnerability in Citrix’s Session Recording Manager permits unauthenticated remote code execution, enabling potential data theft and desktop takeover. It stems from insecure BinaryFormatter use and an exposed MSMQ service. As of now, there’s no known exploitation, but Citrix remains a prime target for cybercriminals. **Meeting Takeaways: Citrix Session … Read more

New Ymir ransomware partners with RustyStealer in attacks

November 11, 2024 at 05:50PM A new ransomware strain, ‘Ymir’, has emerged, targeting systems previously infected by RustyStealer malware. Notable for its in-memory execution and use of the ChaCha20 cipher, Ymir performs reconnaissance and avoids detection. It appends random extensions to encrypted files and displays ransom notes, signaling a rising threat in cybercrime collaboration. ### … Read more

AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services

November 8, 2024 at 09:58AM The AndroxGh0st malware is now exploiting various security vulnerabilities in internet-facing applications while incorporating the Mozi botnet for persistent access and credential theft. This integration enhances its targeting capabilities, allowing it to infect more IoT devices and streamline operations within a shared command infrastructure. ### Meeting Takeaways – November 8, … Read more

Android Botnet ‘ToxicPanda’ Bashes Banks Across Europe, Latin America

November 5, 2024 at 04:20PM Researchers have identified a new banking botnet named ToxicPanda, linked to Chinese-speaking threat actors, which targets over 1,500 devices across various countries. This malware exploits Android vulnerabilities for money transfers, undermining multifactor authentication. Cleafy emphasizes the necessity for improved security measures and real-time detection to counter such threats. ### Meeting … Read more

China’s ‘Evasive Panda’ APT Debuts High-End Cloud Hijacking

October 29, 2024 at 05:11PM The China-sponsored hacking group Evasive Panda has launched CloudScout, a sophisticated toolset to exploit stolen Web session cookies and access data from cloud services like Google Drive and Gmail. This post-compromise tool evades authentication checks and illustrates the group’s advanced cyberespionage skills targeting civil society and political entities. ### Meeting … Read more

BeaverTail Malware Resurfaces in Malicious npm Packages Targeting Developers

October 28, 2024 at 11:36AM In September 2024, three malicious npm packages were discovered containing BeaverTail malware, linked to North Korean campaigns targeting developers. The packages, now removed, included backdoored versions of popular libraries. Ongoing threats exploit the open-source ecosystem, highlighting developers as valuable targets in cyberattacks. ### Meeting Takeaways: Malware / Threat Intelligence – … Read more

Cybercriminals Use Webflow to Deceive Users into Sharing Sensitive Login Credentials

October 28, 2024 at 07:26AM Cybersecurity researchers warn of a rise in phishing attacks utilizing Webflow, targeting sensitive crypto wallet information and webmail credentials. Over 120 organizations, primarily in North America and Asia, are affected. Attackers exploit legitimate services to create deceptive phishing pages, increasing their success in stealing user credentials. ### Meeting Takeaways 1. … Read more

Black Basta ransomware poses as IT support on Microsoft Teams to breach networks

October 25, 2024 at 05:12PM Black Basta ransomware has shifted its social engineering tactics to Microsoft Teams, impersonating IT help desks to exploit employees. After inundating inboxes with emails, attackers contact users directly via Teams. Their goal is to trick employees into installing remote access tools, risking corporate networks. Organizations are advised to restrict external … Read more