September 4, 2024 at 06:54AM D-Link warns of multiple critical and high-severity remote code execution (RCE) vulnerabilities affecting the discontinued DIR-846 router model. Four RCE flaws, including OS command injection issues, remain unpatched. The company advises retiring and replacing EOL/EOS devices, as it has ceased firmware development for discontinued products and is unable to resolve … Read more
September 2, 2024 at 10:18AM RansomHub, a Ransomware-as-a-service variant, has targeted at least 210 victims across various sectors, using the double extortion model to extort data and funds. Exploiting security vulnerabilities, affiliates conduct reconnaissance and network scanning before targeting victim environments. The surge in Ransomware-as-a-service variants has led to new variants and collaborations with nation-state … Read more
August 30, 2024 at 02:42AM Threat actors are exploiting a patched critical security flaw in Atlassian Confluence Data Center and Confluence Server to conduct illicit cryptocurrency mining. The flaw, CVE-2023-22527, allows unauthenticated attackers to achieve remote code execution. At least three different threat actors are exploiting this vulnerability using various methods. Users are advised to … Read more
August 29, 2024 at 01:53PM Summary: The FBI, CISA, MS-ISAC, and HHS have released a joint Cybersecurity Advisory to disseminate information about RansomHub ransomware, including its tactics, techniques, and procedures. The advisory includes details on the ransomware’s impact, mitigation recommendations for network defenders, technical details, and further resources to protect against ransomware threats. Based on … Read more
August 29, 2024 at 05:07AM Summary: Threat actors are targeting users in the Middle East with sophisticated malware, posing as the Palo Alto GlobalProtect Tool. The malware utilizes a two-stage infection process and advanced evasion techniques, including masquerading as a legitimate VPN portal. Its capabilities include remote PowerShell commands, file exfiltration, and sandbox evasion. Recommendations … Read more
August 28, 2024 at 01:04AM Malicious actors are exploiting the critical vulnerability CVE-2023-22527 to conduct cryptojacking attacks, leveraging methods such as shell scripts, XMRig miners, and targeting SSH endpoints. Atlassian has released a security advisory, recommending organizations to update their Confluence instances and implement security tools for defense. Regular patch management, network segmentation, security audits, … Read more
August 26, 2024 at 06:04PM An ongoing campaign in southeast Asia is using two innovative stealth techniques to infect high-level organizations. “GrimResource” executes arbitrary code in the Microsoft Management Console, while “AppDomainManager Injection” uses malicious DLLs to load a custom configuration file. These techniques were recently used to drop Cobalt Strike onto IT systems belonging … Read more
August 26, 2024 at 03:45PM Greasy Opal, a tool used for cyberattacks, facilitates volumetric bot attacks, particularly targeting CAPTCHA systems. A threat actor group orchestrated an attack resulting in 750 million fake Microsoft accounts. Microsoft seized control of the domains. Greasy Opal leverages advanced technology to bypass defenses, posing a challenge to traditional security measures. … Read more
August 23, 2024 at 10:05AM Greasy Opal, a long-time developer, supplies a tool for cybercrime-as-a-service, allowing bot-led CAPTCHA solving at scale. Tailoring its software to customers’ needs, it serves various threat actors including Storm-1152. The developer markets its CAPTCHA bypass tool, generating substantial revenue and paying taxes, despite its awareness of illegal use. Its tools … Read more
August 21, 2024 at 04:59PM Threat actors are utilizing progressive web applications to impersonate banking apps and steal credentials from Android and iOS users. This technique was observed in phishing campaigns in Poland and the Czech Republic. Two distinct campaigns targeted Hungarian financial institution OTP Bank and TBC Bank in Georgia. These apps bypass installation … Read more