August 5, 2024 at 06:43PM This month’s Android security updates address 46 vulnerabilities, encompassing a high-severity remote code execution (RCE) flaw that has been exploited in targeted attacks. Based on the meeting notes, the key takeaway is that Android security updates for this month have patched 46 vulnerabilities, one of which is a high-severity remote … Read more
June 19, 2024 at 03:17AM The Void Arachne campaign targets Chinese-speaking users with malicious Windows Installer (MSI) files containing legitimate software bundled with malicious Winos payloads. The campaign also promotes compromised MSI files embedded with nudifiers and deepfake pornography-generating software, as well as AI voice and facial technologies. The threat actors use SEO poisoning tactics … Read more
June 11, 2024 at 12:37PM A new Windows backdoor named WarmCookie, distributed through phishing emails, has become the latest tool for cyber attackers. Despite lacking sophistication, this backdoor is actively impacting organizations globally. It targets individuals with job recruitment lures and can ultimately lead to ransomware deployment. Organizations are urged to watch out for it … Read more
April 19, 2024 at 06:36PM CrushFTP issued a private memo warning about an actively exploited zero-day vulnerability. It enables attackers to escape the user’s file system and download system files. While servers using a DMZ perimeter network are protected, customers are urged to patch immediately. The vulnerability, reported on April 19th, affects CrushFTP versions 9 … Read more
March 18, 2024 at 04:58AM APT & Targeted Attacks Summary An APT campaign named Earth Krahang targets government entities worldwide, with a focus in Southeast Asia, but also in Europe, America, and Africa. Using public-facing servers and spear phishing emails, the threat actor aims to conduct cyberespionage by abusing compromised government infrastructure. The campaign involves … Read more
February 26, 2024 at 01:39AM Earth Lusca, a China-linked threat actor, launched a campaign targeting Taiwan before the national elections, using geopolitical relations as a lure to infect selected targets. The attacks involved spear phishing and a multi-stage infection chain, ultimately deploying a stageless Cobalt Strike payload. There are significant overlaps between the tools used … Read more
February 20, 2024 at 04:37AM Summary: Earth Preta’s APT campaign, employing a customized PlugX malware named DOPLUGS, targeted Asian countries, including Taiwan and Vietnam. Phishing emails embedded with Google Drive links were used as initial access, executing DOPLUGS malware. The DOPLUGS variant was found to integrate the KillSomeOne module for malware distribution and USB infection. … Read more
November 9, 2023 at 06:16PM Malicious Python packages masquerading as code obfuscation tools are targeting developers through the PyPI code repository. Known as “BlazeStealer,” the malware can steal data, launch keyloggers, encrypt files, and execute commands. Hackers target developers engaged in code obfuscation due to the valuable and sensitive information they work with. BlazeStealer is … Read more