Today > 1 Critical | 3 High | 6 Medium vulnerabilities - You can now download lists of IOCs here!
This report details the analysis of a skimming campaign, dubbed the 'Mongolian Skimmer,' which utilizes an obfuscation technique involving unusual Unicode characters for variable and function names. While initially appearing as a novel obfuscation approach, it ultimately employs well-known JavaScri…
This report details the tactics and techniques employed by the LemonDuck cryptomining malware, which exploits the SMB service by leveraging the EternalBlue vulnerability (CVE-2017-0144). After gaining initial access through brute-force attacks, the malware creates malicious files, disables security…
OpenAI has disrupted over 20 malicious cyber operations abusing ChatGPT for various purposes, including malware development and spear-phishing attacks. The company confirmed cases involving Chinese and Iranian threat actors. SweetSpecter, a Chinese group, targeted OpenAI employees with phishing ema…
Earth Simnavaz, also known as APT34 and OilRig, has been actively targeting governmental entities in the UAE and Gulf region. The group employs sophisticated tactics, including a backdoor that exploits Microsoft Exchange servers for credential theft and the use of CVE-2024-30088 for privilege escal…
Lynx ransomware, discovered in July 2024, is a successor to INC ransomware targeting organizations in retail, real estate, architecture, and financial services in the U.S. and UK. It shares significant source code with INC and operates as a ransomware-as-a-service model. Lynx employs double extorti…
A new threat actor, designated as IMP-1G, has been discovered engaging in SMS phishing activities targeting US and Canadian public services. The campaign focuses on toll roads, mass transit systems, postal services, court payments, municipal payments, and state-owned utility companies across multip…
Core Werewolf, a threat actor targeting Russia's defense industry and critical infrastructure since 2021, has evolved its tactics. The group now employs a new loader written in AutoIt and has expanded its delivery methods to include Telegram alongside email. Their campaign involves RAR archives con…
A sophisticated attack campaign using Bitbucket as a legitimate platform to deliver AsyncRAT has been uncovered. The multi-stage approach involves a VBScript obfuscation layer, followed by a PowerShell payload delivery mechanism, and culminates in the execution of AsyncRAT. The attackers exploit Bi…
DarkVision RAT is a customizable remote access trojan that first appeared in 2020, offered on Hack Forums for $60. Written in C/C++ and assembly, it offers features like keylogging, screenshots, file manipulation, process injection, remote code execution, and password theft. The analysis reveals a …
The United States has experienced a significant increase in cyber attacks from June to October 2024, with over 800 organizations affected by ransomware across various sectors. Play, RansomHub, Lockbit, Qilin, and Meow have emerged as the most active ransomware groups. Notable incidents include the …
A cyber-enabled disinformation campaign called Operation MiddleFloor is targeting Moldova's government and education sectors ahead of crucial elections and an EU membership referendum. The campaign, attributed to a Russian-speaking group named Lying Pigeon, uses spoofed emails and documents to spre…
Insikt Group unveiled Rhysida's complex infrastructure, comprising typo-squatted domains for SEO poisoning, payload servers, CleanUpLoader C2 infrastructure, and higher-tier components including an admin panel and Zabbix monitoring server. This multi-tiered setup enables early victim identification…