September 5, 2024 at 11:28AM Hackers are using a fake OnlyFans tool to target other hackers, claiming to help steal accounts but actually infecting them with the Lumma stealer malware, which steals information. It seems like the meeting notes are discussing how hackers are targeting other hackers with a fake OnlyFans tool that claims to … Read more
September 5, 2024 at 06:24AM Hackers deceive other hackers by distributing a fake tool for OnlyFans, infecting them with Lumma stealer malware. This exemplifies the blurred lines in cybercrime. Lumma is an info-stealing malware, with the capability to spread additional payloads and regain expired Google tokens. Veriti’s findings also uncover a broader operation targeting Disney+ … Read more
September 4, 2024 at 06:06PM The MacroPack framework, originally for Red Team exercises, is exploited by threat actors to distribute malicious payloads such as Havoc, Brute Ratel, and PhantomCore. Security researchers at Cisco Talos found various documents in different countries, indicating widespread abuse. These attacks use advanced evasion techniques and represent a concerning trend. Ransomware … Read more
September 4, 2024 at 06:54AM D-Link warns of multiple critical and high-severity remote code execution (RCE) vulnerabilities affecting the discontinued DIR-846 router model. Four RCE flaws, including OS command injection issues, remain unpatched. The company advises retiring and replacing EOL/EOS devices, as it has ceased firmware development for discontinued products and is unable to resolve … Read more
September 2, 2024 at 10:18AM RansomHub, a Ransomware-as-a-service variant, has targeted at least 210 victims across various sectors, using the double extortion model to extort data and funds. Exploiting security vulnerabilities, affiliates conduct reconnaissance and network scanning before targeting victim environments. The surge in Ransomware-as-a-service variants has led to new variants and collaborations with nation-state … Read more
August 30, 2024 at 02:42AM Threat actors are exploiting a patched critical security flaw in Atlassian Confluence Data Center and Confluence Server to conduct illicit cryptocurrency mining. The flaw, CVE-2023-22527, allows unauthenticated attackers to achieve remote code execution. At least three different threat actors are exploiting this vulnerability using various methods. Users are advised to … Read more
August 29, 2024 at 01:53PM Summary: The FBI, CISA, MS-ISAC, and HHS have released a joint Cybersecurity Advisory to disseminate information about RansomHub ransomware, including its tactics, techniques, and procedures. The advisory includes details on the ransomware’s impact, mitigation recommendations for network defenders, technical details, and further resources to protect against ransomware threats. Based on … Read more
August 29, 2024 at 05:07AM Summary: Threat actors are targeting users in the Middle East with sophisticated malware, posing as the Palo Alto GlobalProtect Tool. The malware utilizes a two-stage infection process and advanced evasion techniques, including masquerading as a legitimate VPN portal. Its capabilities include remote PowerShell commands, file exfiltration, and sandbox evasion. Recommendations … Read more
August 28, 2024 at 01:04AM Malicious actors are exploiting the critical vulnerability CVE-2023-22527 to conduct cryptojacking attacks, leveraging methods such as shell scripts, XMRig miners, and targeting SSH endpoints. Atlassian has released a security advisory, recommending organizations to update their Confluence instances and implement security tools for defense. Regular patch management, network segmentation, security audits, … Read more
August 26, 2024 at 06:04PM An ongoing campaign in southeast Asia is using two innovative stealth techniques to infect high-level organizations. “GrimResource” executes arbitrary code in the Microsoft Management Console, while “AppDomainManager Injection” uses malicious DLLs to load a custom configuration file. These techniques were recently used to drop Cobalt Strike onto IT systems belonging … Read more