December 19, 2023 at 01:22PM The FBI and CISA released a joint Cybersecurity Advisory (CSA) to share known IOCs and TTPs linked to the ALPHV Blackcat ransomware. The advisory warns organizations of evolving tactics used by the threat actors, including advanced social engineering and remote access software deployment. It also provides mitigations and incident response … Read more
December 18, 2023 at 09:39AM Developers continue to enhance Rhadamanthys malware, broadening its capabilities and incorporating a plugin system for customization. Deployed through malicious sites, the malware harvests sensitive information from compromised hosts. Check Point’s analysis reveals its evolution into a potent threat, with a new plugin system allowing customized deployment. Similar to Rhadamanthys, AsyncRAT … Read more
December 15, 2023 at 02:37AM The blog discusses CVE-2023-50164, a critical vulnerability in Apache Struts 2 that enables unauthorized path traversal and remote code execution. It advises users to upgrade to Struts 2.5.33, 6.3.0.2, or higher to mitigate the risk. The vulnerability is exploited by various threat actors and can be mitigated using security solutions … Read more
December 14, 2023 at 05:20PM Group-IB has detected a new threat group, “GambleForce,” engaged in SQL injection attacks on organizations in the Asia-Pacific region. This group has targeted various sectors, including gambling, government, retail, travel, and job websites, using publicly available penetration-testing tools. The threat actor’s activities have led to data breaches in multiple organizations, … Read more
December 14, 2023 at 11:18AM Group-IB reports a new hacking group, GambleForce, targeting 24 organizations in Asia-Pacific using SQL injections and CMS vulnerabilities to steal sensitive information. The group relies on open source tools and has successfully exfiltrated data from organizations in Australia, Indonesia, the Philippines, and South Korea. GambleForce’s C&C has been taken down … Read more
December 14, 2023 at 08:00AM OilRig, an Iranian cyber espionage group, has deployed three new downloader malware named ODAgent, OilCheck, and OilBooster to maintain access to victim organizations in Israel. These lightweight downloaders use legitimate cloud service APIs for command-and-control communication, aiming to blend with authentic network traffic. The targets include healthcare, manufacturing, and governmental … Read more
December 13, 2023 at 02:01PM Threat actors are exploiting weak authentication to abuse OAuth applications for cryptomining, phishing, and password spraying attacks, compromising user accounts for Microsoft services and exploiting OAuth applications with high privilege permissions. Mitigation includes implementing multifactor authentication and auditing apps and consented permissions. OAuth presents various risks and security researchers have … Read more
December 5, 2023 at 09:24AM A new hacker group, AeroBlade, is responsible for a cyberespionage attack on a US aerospace company, according to BlackBerry. Key Takeaways from the Meeting: 1. A cyberattack has been carried out against a U.S.-based aerospace organization. 2. The cyberattack is attributed to a newly identified threat actor named AeroBlade. 3. … Read more
November 23, 2023 at 10:06AM A new phishing attack carried out by a cyber espionage group called Konni has been observed. The attackers are using a Russian-language Microsoft Word document to deliver malware that can collect sensitive information from compromised Windows hosts. The group is known for targeting Russia and uses spear-phishing emails and malicious … Read more
November 23, 2023 at 01:06AM North Korean threat actor Diamond Sleet is using a trojanized version of a legitimate app developed by CyberLink in a supply chain attack. The poisoned file, hosted on CyberLink’s infrastructure, downloads a second-stage payload. The campaign has affected over 100 devices in Japan, Taiwan, Canada, and the U.S. Microsoft has … Read more