NKAbuse: A New Multiplatform Threat Exploiting the Blockchain Protocol
Summary: A novel malware called ‘NKAbuse’ stands out as a new, Go-based, multi-platform threat. What makes this malware distinctive is its pioneering use of the peer-to-peer network connectivity protocol NKN (New Kind of Network) technology for data exchange. This utilization of NKN technology makes NKAbuse …
Rhadamanthys Stealer Version 0.5.0 Upgrade Overview
Summary: Rhadamanthys, the information-stealing malware, has taken a significant leap with its v0.5.0 upgrade, introducing expanded stealing features, raw syscalls, and an enhanced loader design, showcasing advanced evasion techniques. Its modular architecture allows for continuous updates, showcasing improved loader design and enhanced spying functionalities. Threat …
Unveiling GambleForce: A SQL Injection Gang
Summary: A recently identified threat actor, GambleForce, has been linked to a series of SQL injection attacks targeting companies primarily in the Asia-Pacific region. GambleForce employs a combination of basic yet highly effective techniques, including SQL injections and exploiting vulnerabilities within website content management systems …
Russian SVR Exploits Critical TeamCity Vulnerability Globally
Summary: A critical vulnerability (CVE-2023-45247) in JetBrains TeamCity is actively exploited by Russia’s SVR cyber actors (APT 29), allowing full server compromise. The targeted software widely used by developers poses a significant threat, enabling access to sensitive information and potential manipulation of software development processes …
TA4557 Targets Recruiters by Delivering Malware Disguised as Job Applicant
Summary: Threat actor TA4557 has been focusing on recruiters by posing as job applicants to distribute malware. While this approach is not unprecedented, there have been notable shifts in both technique and attack vectors compared to their previous methods. The attackers have demonstrated an enhanced …
Critical Remote Code Execution Flaw Uncovered in Apache Struts 2
Summary: A significant vulnerability has been identified in the Apache Struts 2 open-source web application framework, labeled CVE-2023-50164. This flaw poses a severe risk of remote code execution and unauthorized path traversal. Threat Level – Red | Vulnerability Report For a detailed threat advisory, download the …
Microsoft’s December 2023 Patch Tuesday Addresses One Zero-day Vulnerability
Summary: In the December Patch Tuesday release, Microsoft addressed a total of 42 CVEs, including one zero-day vulnerability. Within this range of vulnerabilities, the security update covered the typical spectrum of issues, including RCE flaws, concerns related to privilege escalation, spoofing, and instances that facilitate …
Apple’s Timely Response to Actively Exploited Zero-Days
Summary: Apple has released crucial software updates to address two actively exploited security vulnerabilities identified as CVE-2023-42916 and CVE-2023-42917. These vulnerabilities affect the WebKit browser engine on Apple devices such as iPhone, iPad, and Mac, potentially exposing sensitive information. Threat Level – Red | Vulnerability …
Adversaries Leverage Social Media to Disseminate New Python-Based Stealer
Summary: A recently identified malicious campaign involves the use of WinRAR archive files with minimal detection to execute a multi-stage attack. The payload, known as Editbot, is a newly discovered Python-based stealer. Editbot is specifically designed to extract process information and data stored in web …
The Unseen Thread Linking Sandman APT and KEYPLUG Backdoor
Summary: The Sandman Advanced Persistent Threat (APT) is closely linked to suspected threat clusters originating from China, specifically identified as Storm-0866, also known as Red Dev 40. Within the same victim environments, the Sandman’s Lua-based malware, LuaDream, and the KEYPLUG backdoor have been observed coexisting. …