Coyote: A Sophisticated Banking Trojan Targeting Financial Information
Summary: A new banking trojan called Coyote is currently targeting more than 60 banking institutions, primarily in Brazil. The malware distributes itself using the Squirrel installer and executes its infection process using Node.js and Nim, a relatively new multi-platform programming language. Threat Level – Amber …
Critical Vulnerability in FortiOS SSL VPN Exploited in the Wild
Summary: A critical Out-of-Bounds Write vulnerability (CVE-2024-21762) in Fortinet FortiOS SSL-VPN is actively exploited, enabling remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests. Threat Level – Red | Vulnerability Report For a detailed threat advisory, download the pdf file here …
Albabat Ransomware Infiltrates via Counter-Strike Cheat Utility
Summary: Albabat ransomware, made its debut in November 2023, emerging as a financially motivated threat crafted in Rust. This ransomware has targeted both corporate entities and individual consumers across diverse geographical regions. Threat Level – Red | Attack Report For a detailed threat advisory, download the pdf file …
Ivanti Addresses Yet Another VPN Flaw Within a Month
Summary: Ivanti has addressed a newly discovered vulnerability impacting ZTA, Policy, and Connect Secure gateways. Tracked as CVE-2024-22024, this vulnerability stems from a weakness in the SAML component of the gateways related to XXE (XML eXternal Entities), enabling remote attackers to access restricted resources. Threat …
Volt Typhoon: A Cyber Threat to U.S. Critical Infrastructure
Summary: State-sponsored cyber actors from the People’s Republic of China, known as Volt Typhoon, are actively targeting critical infrastructure in the United States, employing sophisticated tactics like pre-compromise reconnaissance and living off-the-land techniques. Threat Level – Red | Attack Report For a detailed threat advisory, download …
JetBrains TeamCity Authentication Bypass Flaw, Paving the Way for Server Takeover
Summary: JetBrains addressed a critical security flaw in its TeamCity On-Premises product. The vulnerability identified as CVE-2024-23917, could potentially allow an unauthorized attacker with HTTP(S) access to a TeamCity server to circumvent authentication mechanisms and acquire administrative privileges over the affected server. Threat Level – …
Deceptive Crypto Sites A Breeding Ground for XPhase Clipper
Summary: A global malware campaign is actively targeting cryptocurrency enthusiasts, employing deceptive websites that masquerade as authentic cryptocurrency applications and ultimately leading to the execution of the XPhase Clipper payload. Threat Level – Amber | Attack Report For a detailed threat advisory, download the pdf file …
Mispadu Leverages CVE-2023-36025 Vulnerability in Latest Attack
Summary: A new variant of the Mispadu infostealer, a malware known for targeting Spanish and Portuguese speakers, specifically targets Mexican regions and leverages the CVE-2023-36025 vulnerability to gain access. It extends its data theft reach beyond previous versions, capturing browser history, cookies, and even cryptocurrency …
FritzFrog Expanding Its Lethal Reach with Frog4Shell
Summary: The recent activities surrounding the FritzFrog Golang-based botnet reveal in its iterations, the employment of an exploit called ‘Frog4Shell,’ capitalizing on the Log4Shell vulnerability. Threat Level – Red | Attack Report For a detailed threat advisory, download the pdf file here To receive real-time threat …
Ukraine Hit by Cyber Attack 2,000+ Computers Infected by DIRTYMOE
Summary: The UAC-0027 group executed a sophisticated cyber attack against Ukrainian organizations. Their weapon of choice was the notorious DIRTYMOE (PURPLEFOX) malware. This modular malware has been active for over half a decade and poses a serious threat. Threat Level – Amber | Attack Report …