February 1, 2024 at 05:30PM Cado researchers discovered “Commando Cat,” a malware campaign targeting exposed Docker API endpoints. This cryptojacking campaign, the second to target Docker, uses the service to mount the host’s filesystem and run various payloads. There are indications of an overlap with other threat groups, suggesting a potential connection. The campaign is … Read more
January 31, 2024 at 02:30PM Europcar denies data breach, stating shared customer data is fake after a threat actor claimed to have info for 50M customers. The alleged data, including personal info, was offered on a hacking forum. Europcar confirms the data is fabricated and not from their database. Experts suggest the data was likely … Read more
January 31, 2024 at 12:38PM Ivanti has flagged high-severity vulnerabilities in its Connect Secure and Policy Secure products. CVE-2024-21888 allows privilege escalation, while CVE-2024-21893 allows server-side request forgery. Although there’s no evidence of customers being impacted by CVE-2024-21888, CVE-2024-21893’s exploitation is targeted. Ivanti has released fixes and recommends a factory reset before patching. Temporary workarounds … Read more
January 31, 2024 at 06:22AM UNC4990, a financially motivated threat actor, is using weaponized USB devices to infect organizations in Italy. The attacks target various industries and involve utilizing third-party websites to host and download additional stages of the attack. UNC4990 operates out of Italy and has been active since late 2020. The end goal … Read more
January 30, 2024 at 03:59AM Juniper Networks released out-of-band updates for high-severity flaws in SRX and EX Series, addressing missing authentication and cross-site scripting vulnerabilities. watchTowr Labs discovered and reported the issues. Temporary mitigations include disabling J-Web or restricting access. Earlier critical vulnerability fixes were also shipped. U.S. CISA added previously disclosed vulnerabilities to the … Read more
January 29, 2024 at 01:03AM Cybersecurity researchers have detected malicious packages on the PyPI repository containing a data-stealing malware, WhiteSnake Stealer, targeting Windows and Linux systems. The packages, uploaded by a threat actor named “WS,” incorporate encoded source code and aim to exfiltrate sensitive data and crypto wallet information. This discovery highlights the threat of … Read more
January 27, 2024 at 02:48AM A spear-phishing campaign targeting Mexican financial institutions has been attributed to an unknown Latin American-based threat actor. The campaign, active since 2021, uses AllaKore RAT to steal banking credentials and authentication information for financial fraud. Large companies with revenues over $100 million are particularly targeted. Additional details include modifications to … Read more
January 26, 2024 at 04:04PM The threat actor remained undetected for over five years due to a sophisticated backdoor delivered through invisible adversary-in-the-middle attacks. It sounds like the meeting covered the discovery of a threat actor who went undetected for more than five years due to a sophisticated backdoor delivered through invisible adversary-in-the-middle attacks. This … Read more
January 26, 2024 at 03:43PM Microsoft has released new guidance to protect against nation-state attacks like the recent intrusion into its corporate email system by threat group Midnight Blizzard. The attack resulted in compromised accounts and exfiltration of emails and documents. Microsoft advises on protecting against malicious OAuth apps and detecting and mitigating the threat … Read more
January 25, 2024 at 05:22AM A new China-aligned threat actor, tracked by ESET under the name Blackwood, has been linked to AitM attacks deploying the sophisticated NSPX30 implant via software update mechanisms. This multistage implant allows for packet interception, network information harvesting, and bypassing of anti-malware solutions. Information suggests a network implant is being deployed … Read more