August 1, 2024 at 03:47PM Malicious Python packages were added to the PyPI repository and promoted via the StackExchange platform. The code was harmful and posed a threat to users’ systems. Based on the meeting notes, it appears that threat actors have uploaded malicious Python packages to the PyPI repository and promoted them through the … Read more
August 1, 2024 at 02:34PM Researchers are warning of increased abuse of Cloudflare Tunnel service by threat actors in malware campaigns, often delivering remote access trojans (RATs). Based on the meeting notes, the key takeaway is that researchers are concerned about threat actors using the Cloudflare Tunnel service to deliver remote access trojans (RATs) in … Read more
August 1, 2024 at 01:14PM Threat actors have hijacked over 35,000 registered domains in Sitting Ducks attacks, enabling them to claim a domain without accessing the owner’s account at the DNS provider or registrar. Based on the meeting notes, it seems that threat actors have carried out attacks, known as Sitting Ducks attacks, by hijacking … Read more
July 31, 2024 at 01:48PM Google’s ad platform has been manipulated by threat actors to display fake Google Authenticator ads, distributing the DeerStealer malware. Malicious ads impersonate trusted sites, presenting a challenge for detection. Despite efforts to block malicious advertisers, threat actors continue to evade detection through URL cloaking. Clicking on the ads leads to … Read more
July 29, 2024 at 01:25PM Cybersecurity company Acronis warns of a critical security flaw, CVE-2023-45249, in its Cyber Infrastructure product, allowing remote code execution due to default passwords. Versions 5.0.1-61 to 5.4.4-132 are affected, with updates released in late October 2023. The exploit has been observed in the wild, urging affected users to update for … Read more
July 29, 2024 at 02:09AM Threat actors exploit a misconfiguration in Selenium Grid to deploy XMRig for mining Monero. With over 100 million pulls on Docker Hub, the open-source framework allows testing across various environments. Wiz researchers discovered a year-long “SeleniumGreed” attack due to Selenium Grid’s lack of default authentication. Attackers gain remote access via … Read more
July 25, 2024 at 04:05PM Check Point discovered CVE-2024-38112, a remote code execution vulnerability affecting Microsoft Windows and Windows Server. Threat actors exploit this via Internet Shortcut files and by disguising .hta applications as PDFs. CISA has categorized it as a high-severity risk and mandated updates for federal Windows systems by July 30. Organizations with … Read more
July 24, 2024 at 06:01PM Stargazer Goblin operates a malware Distribution-as-a-Service on GitHub through a network named Stargazers Ghost Network. The group utilizes fake accounts and compromised sites to distribute password-protected archives containing malware, leading to successful phishing attacks. The operation has generated over $100,000 and continues despite the takedown of some repositories. Users visiting … Read more
July 24, 2024 at 07:09AM CrowdStrike faced a global fallout following a flawed update. The cybersecurity company detailed two types of updates it delivers to clients and explained that a faulty rapid response update led to widespread Windows crashes. CrowdStrike intends to bolster its testing procedures and implement a phased deployment strategy for future updates … Read more
July 23, 2024 at 03:27PM The private member information of the BreachForums v1 hacking forum from 2022 has been leaked online, providing insight into its users. The original RaidForums was seized by the FBI in 2022, leading to the creation of BreachForums. The data includes 212,414 members’ personal information, which was later attempted to be … Read more