Apple Shortcuts’ Secret Threat to Your Data
Summary: A security vulnerability, identified as CVE-2024-23204, has been found in Apple’s Shortcuts application, allowing unauthorized access to sensitive information on devices bypassing TCC. The capability for users to export and share these shortcuts heightens the susceptibility to potential exploitation, as unsuspecting users may unwittingly …
Migo Targets Redis Servers for Cryptojacking Attacks
Summary: A new campaign has been uncovered that mines cryptocurrencies on Redis servers running Linux hosts by means of a malicious programme known as “Migo.” Migo is distributed as a Golang ELF binary that can persist on Linux hosts and is obfuscated at compile time. …
Roundcube Webmail Faces Unrelenting Exploitation
Summary: The Roundcube email server vulnerability, identified as CVE-2023-43770 and previously mitigated in September 2023, is currently being actively exploited. This flaw enables attackers to gain access to restricted information, with potential repercussions including sensitive data theft, user redirection, and unauthorized account access. Threat Level …
Critical Vulnerabilities in ScreenConnect Under Active Exploitation
Summary: Critical vulnerabilities in ScreenConnect CVE-2024-1709 allow attackers unauthorized access without credentials, while CVE-2024-1708 enables remote code execution. Hackers can gain direct access to confidential information or critical systems. Immediate patching is essential to mitigate these threats and safeguard sensitive information. Threat Level – Red | Vulnerability …
Earth Preta’s DOPLUGS Leaves its Mark in Asia
Summary: The Chinese threat actor, Earth Preta, strategically targeted numerous Asian countries by employing a customized version of the PlugX backdoor known as DOPLUGS. This sophisticated threat was allegedly revealed during the SMUGX campaign in July 2023. Threat Level – Red | Attack Report For a detailed threat advisory, download …
VietCredCare Operates As Stealer-as-a-Service, Targeting Meta Sessions
Summary: Since August 2022, a previously unidentified information stealer known as VietCredCare has emerged. This stealer is notable for its capability to automatically sort through credentials specifically for the service it targets. The primary objective of threat actors employing VietCredCare is to compromise and completely takeover Facebook …
RansomHouse’s MrAgent Reshaping Automation in Cyber Attacks
Summary: The RansomHouse group, operating as a Ransomware-as-a-Service (RaaS) entity, has recently introduced a sophisticated tool named ‘MrAgent’ aimed at automating the deployment of its data encrypter across multiple hypervisors. Threat Level – Amber | Attack Report For a detailed threat advisory, download the pdf file …
Kimsuky Exploits Legitimate Certificate to Disseminate TrollAgent
Summary: The Kimsuky group, backed by North Korea, used TrollAgent malware via a fake security program to target a Korean construction association’s website, stealing data and enabling remote control between December 2023 and January 2024. Threat Level – Amber | Attack Report For a detailed …
Admins Urged to Uninstall VMware EAP Amid Critical Flaws
Summary: VMware has issued a warning to administrators regarding two unaddressed security vulnerabilities necessitating the removal of an outdated authentication plugin. Identified as CVE-2024-22245 and CVE-2024-22250, these vulnerabilities enable session hijacking and authentication relay attacks targeting the VMware Enhanced Authentication Plug-in (EAP) within Windows domain …
North-Korean Cyber-Espionage Operations Grapples Defense Sector
Summary: There is an ongoing cyber-espionage campaign purportedly led by the North Korean threat actors, specifically targeting the global defense industry. The primary objective of these attacks is to acquire data pertaining to advanced military technology, with the intention of assisting North Korea in modernizing its conventional …