Today > | 7 High | 23 Medium | 2 Low vulnerabilities - You can now download lists of IOCs here!
Aqua Nautilus researchers uncovered a new attack vector where threat actors exploit misconfigured JupyterLab and Jupyter Notebook applications to hijack servers for streaming sports events. The attackers gain unauthenticated access, install ffmpeg, and use it to capture live streams, redirecting th…
FrostyGoop, an operational technology (OT) malware, disrupted critical infrastructure in Ukraine in early 2024, affecting heating systems for over 600 apartment buildings. It is the first OT-centric malware to use Modbus TCP communications for such an impact. The malware can operate both within com…
The ngioweb botnet serves as the foundation for the NSOCKS criminal proxy service, maintaining over 35,000 bots daily across 180 countries. The botnet primarily targets SOHO routers and IoT devices, with two-thirds of proxies based in the U.S. NSOCKS utilizes over 180 'backconnect' C2 nodes to obsc…
BabbleLoader is a highly evasive malware loader designed to bypass antivirus and sandbox environments to deliver stealers into memory. It employs sophisticated techniques such as junk code insertion, metamorphic transformations, dynamic API resolution, and anti-sandboxing measures. The loader's fea…
Earth Kasha, a threat group targeting Japan since 2019, has launched a new campaign with significant updates to their tactics and arsenals. The group has expanded its targets to include Taiwan and India, focusing on advanced technology organizations and government agencies. They now exploit public-…
Chinese threat actors, known as BrazenBamboo, are exploiting a zero-day vulnerability in Fortinet's FortiClient Windows VPN client to steal credentials. The hackers use a custom post-exploitation toolkit called DeepData, which includes a FortiClient plugin to extract usernames, passwords, and VPN s…
Two critical vulnerabilities in Palo Alto Networks PAN-OS, CVE-2024-0012 and CVE-2024-9474, have been disclosed. CVE-2024-0012 is an authentication bypass allowing unauthenticated remote attackers to gain admin privileges, while CVE-2024-9474 is an authenticated privilege escalation bug. These can …
A critical authentication bypass vulnerability (CVE-2024-0012) in Palo Alto Networks PAN-OS software allows unauthenticated attackers to gain administrator privileges on affected devices. The issue affects PAN-OS versions 10.2, 11.0, 11.1, and 11.2, but not Cloud NGFW or Prisma Access. Limited expl…
Water Barghest, a cybercriminal group, has developed a highly automated system for exploiting and monetizing IoT devices. Their botnet, comprising over 20,000 devices as of October 2024, uses automated scripts to identify and compromise vulnerable IoT devices from public internet scan databases. On…
Proofpoint researchers have identified a surge in the ClickFix social engineering technique across the threat landscape. This technique uses dialogue boxes with fake error messages to trick users into copying, pasting, and running malicious content on their computers. Multiple threat actors are emp…
ESET researchers have discovered that Telekopye, a Telegram-based toolkit used by cybercriminals to scam people on online marketplaces, has expanded its operations to target users of popular accommodation booking platforms like Booking.com and Airbnb. The scammers, referred to as Neanderthals, now …
ESET researchers uncovered two distinct toolsets used by the GoldenJackal APT group to breach air-gapped systems in government organizations. The first toolset, observed in 2019, included GoldenDealer for delivering executables via USB drives, GoldenHowl as a modular backdoor, and GoldenRobo for fi…