Critical VMware Vulnerabilities Leading To Sandbox Escape
Summary: Critical vulnerabilities tracked as CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, and CVE-2024-22255 have been addressed by Vmware. These vulnerabilities allow attackers to bypass virtual machines and execute commands on the host machine. Workstation, Fusion, Cloud Foundation, and VMware ESXi are all impacted by these vulnerabilities. Threat Level …
TA4903 Spoofing Government Entities and SMBs for Financial Gain
Summary: TA4903, a financially motivated threat actor, conducts high-volume email campaigns targeting U.S. organizations for credential phishing and business email compromise (BEC). They spoof various U.S. government agencies and private businesses, employing tools like EvilProxy and incorporating QR codes into phishing campaigns. TA4903’s evolving tactics include expanding …
SapphireStealer’s Stealthy Invasion via Deceptive Legal Documents
Summary: An intricate campaign aimed at Russian individuals has emerged, showcasing the SapphireStealer malware, a publicly available information-stealing tool introduced in December 2022. The incorporation of social engineering techniques significantly enhances the efficacy of these campaigns, allowing attackers to evade detection by assuming the guise …
Misconfigured Servers Targeted with New Golang Malwares
Summary: In a newly observed malware campaign, threat actors are targeting misconfigured and vulnerable servers running Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis services. The campaign aims to deliver a cryptocurrency miner and establish a reverse shell for persistent remote access. The attackers utilize new Golang-based …
GhostSec and Stormous Join Forces for a Ransomware Blitz
Summary: The GhostSec and Stormous ransomware factions have launched a sophisticated campaign. Introducing the GhostLocker 2.0 ransomware and the STMX_GhostLocker ransomware-as-a-service (RaaS) initiative, these groups employ double extortion tactics, posing a significant threat to businesses primarily in the Middle East. Threat Level – Red | Attack Report …
WogRAT Backdoor Poses Risk to Windows and Linux Users
Summary: WogRAT, a backdoor malware targeting both Windows and Linux, spreads through aNotepad, an online notepad service. It disguises itself as system tools to trick users into downloading it, mainly targeting users in Asia. Users are cautioned to download software from official sources and update …
Apple Rolls Out Critical Updates to Address Zero-Day Flaws
Summary: Apple has addressed two zero-day vulnerabilities in iOS, namely CVE-2024-23225 and CVE-2024-23296. These vulnerabilities were exploited in attacks targeting Mobile devices, providing attackers with arbitrary kernel read and write privileges, enabling them to bypass kernel memory protections. Threat Level – Red | Vulnerability Report …
CHAVECLOAK Banking Trojan Sneaks into Brazil’s Financial Hub
Summary: The CHAVECLOAK banking trojan is purposefully crafted to target the banking credentials of individuals in Brazil, highlighting the ongoing focus of cyber criminals on the nation’s financial sector. Threat Level – Amber | Attack Report For a detailed threat advisory, download the pdf file here …
TA577 Targeting Windows NTLM Hashes in Global Campaigns
Summary: TA577, a significant cyber threat group, has shifted tactics to steal NTLM authentication data, utilizing thread hijacking and customized HTML attachments. Organizations should block outbound SMB to thwart exploitation and remain vigilant against evolving attack methods. Threat Level – Red | Attack Report For a detailed …
Critical Vulnerabilities Discovered in TeamCity, Enable Server Takeover
Summary: Two vulnerabilities in the JetBrains TeamCity On-Premises software have been discovered (CVE-2024-27198 and CVE-2024-27199). Threat actors may attempt to take advantage of these vulnerabilities in order to breach and gain control of the impacted systems leading to system compromise. Threat Level – Red | Vulnerability Report …