Unveiling AcidPour Evolution of Destructive Malware Targeting Ukraine
Summary: AcidPour, a variant of the destructive AcidRain wiper malware previously used during the Russia-Ukraine conflict, signals a heightened threat to Ukraine’s critical infrastructure. By targeting Linux UBI and DM logic, AcidPour poses a significant risk to large storage devices and RAID arrays, potentially causing …
TeamCity Vulnerabilities Unleash Jasmin Ransomware and More
Summary: Recently patched vulnerabilities in JetBrains TeamCity (CVE-2024-27198, CVE-2024-27199) have emerged as a breeding ground for cyber threats, as attackers leverage them to disseminate various dangers such as Jasmin ransomware, XMRig cryptominers, SparkRAT backdoor, and remote access trojans (RATs). Since the release of proof-of-concept (PoC) …
Critical Flaw In Ivanti Standalone Sentry Leads To Remote Code Execution
Summary: Ivanti Standalone Sentry has been identified as vulnerable to a critical remote code execution flaw, tracked as CVE-2023-41724. Exploiting this vulnerability, a remote attacker could gain unauthorized access to the target system and execute arbitrary commands. Threat Level – Red | Vulnerability Report For …
From Observer to Asuka – The Reinvention of Stealer
Summary: A malware-as-a-service (MaaS) called ‘AsukaStealer,’ advertised on a Russian-language cybercrime forum by the alias ‘breakcore,’ has surfaced. Priced at $80 per month, AsukaStealer is written in C++ and features customizable configurations and a user-friendly interface designed for harvesting data. Threat Level – Amber | …
Unveiling BunnyLoader 3.0 Enhanced Malware Capabilities
Summary: BunnyLoader 3.0, which has been active since September 2023, is a malicious malware variant known for its enhanced data theft and advanced keylogging capabilities. This modular malware provides attackers with flexibility and presents challenges in terms of detection. Despite its global targeting, it refrains …
Operation PhantomBlu Deploys NetSupport RAT via OLE Template
Summary: Under the guise of Operation PhantomBlu, a new phishing campaign is aimed at American companies with the goal of deploying the remote access trojan NetSupport RAT. By utilising OLE template manipulation, the PhantomBlu operation presents a sophisticated exploitation technique. This technique uses Microsoft Office …
The Evolution of DEEP#GOSU Attack Campaign by Kimsuky Group
Summary: A sophisticated multi-stage attack campaign linked to the North Korean Kimsuky group, dubbed DEEP#GOSU. Using PowerShell and VBScript, the attackers leverage remote access trojan (RAT) software for full control over infected hosts, while employing legitimate services like Dropbox for command and control communication to …
Aiohttp Vulnerability Leveraged by ShadowSyndicate
Summary: The cybercriminal group ‘ShadowSyndicate’ has been detected scanning for vulnerable servers, aiming to exploit a recently addressed vulnerability in the widely-used Aiohttp library. This exploit, if successful, could lead to unauthorized access to sensitive data on servers globally, posing a significant threat to organizations relying on …
Earth Krahang APT Campaign Targeting Global Governments
Summary: Earth Krahang, an APT campaign since 2022, targets global government entities, employing spear phishing and server exploitation tactics. Operating independently but with potential links to Chinese threat actors, it utilizes malware like Cobalt Strike and XDealer for espionage, urging organizations to bolster security measures and patch …
Critical Flaw In WordPress Plugins Poses Risk Of Site Takeover
Summary: A critical security vulnerability, identified as CVE-2024-2172 in WordPress, urges users utilizing miniOrange’s Malware Scanner and Web Application Firewall plugins to uninstall these plugins from their websites. This vulnerability enables unauthorized attackers to gain administrative privileges by altering the user password. Threat Level – …