Tag : 2024-05-09

18 reports 0 vulnerabilities 0 articles

Attack Reports

Title Published Tags Description Number of indicators
Tracking the Surge in Non-PE Cyber Threats May 9, 2024, 3:04 p.m. This intelligence report details a sophisticated infection chain that culminates in the deployment of AsyncRAT, a potent malware designed to breach computer systems and steal conf… 13
Surge of JavaScript Malware in sites with vulnerable versions of LiteSpeed Cache Plugin May 9, 2024, 3:08 p.m. A recent surge of malicious JavaScript code has been observed targeting websites using vulnerable versions of the LiteSpeed Cache plugin for WordPress. The malware injects code in… 6
Dissecting REMCOS RAT: An in-depth analysis of a widespread 2024 malware, Part Four May 9, 2024, 3:14 p.m. This comprehensive analysis provides a thorough examination of the REMCOS Remote Access Trojan (RAT), a prominent malware threat that gained significant prevalence in 2024. The an… 34
macOS Cuckoo Stealer | Ensuring Detection and Defense as New Samples Rapidly Emerge May 10, 2024, 8:31 a.m. This analysis discusses the emergence of a new macOS malware family called 'Cuckoo Stealer', which acts as an infostealer and spyware. It describes Cuckoo Stealer's main features,… 4
New Campaigns from Scattered Spider May 10, 2024, 8:33 a.m. Scattered Spider, a financially motivated threat actor group, has been conducting aggressive phishing campaigns targeting various industries, particularly the finance and insuranc… 118
Profiling Trafficers: Cerberus May 10, 2024, 9:02 a.m. This analysis delves into the activities of a group of malware operators known as Cerberus (formerly Amnesia) Team, who specialize in spreading infostealers, particularly in the C… 24
Protecting Networks from Opportunistic Ivanti Pulse Secure Vulnerability Exploitation May 10, 2024, 9:06 a.m. Juniper Threat Labs has observed attempts to exploit Ivanti Pulse Secure authentication bypass and remote code execution vulnerabilities (CVE-2023-46805 and CVE-2024-21887), leadi… 23
Malware (XMRig, OrcusRAT, etc.) disguised as MS Office crack May 10, 2024, 1:45 p.m. The report details an ongoing malware campaign targeting South Korean users, which disguises malicious payloads as cracked versions of Microsoft Office and other popular software.… 12
Threat Actors Hack YouTube Channels to Distribute Infostealers May 10, 2024, 1:47 p.m. This analysis reveals that malicious groups have been exploiting popular YouTube channels, including some with over 800,000 subscribers, to distribute various infostealer malware … 13
StopRansomware: Black Basta May 13, 2024, 9:31 a.m. This advisory details tactics, techniques, procedures and indicators of compromise related to Black Basta ransomware, a variant first identified in April 2022. Its affiliates have… 174
Romance Scams Urging Investment May 13, 2024, 9:38 a.m. The report details an investigation into romance scams that exploit emotional connections to solicit money under the guise of cryptocurrency investments. Perpetrators pose as pote… 3
GoTo Meeting loads RAT via Shellcode Loader May 13, 2024, 9:47 a.m. A malicious campaign has been discovered that exploits the legitimate GoTo Meeting online conferencing software to deploy the Remcos remote access trojan (RAT). The attack chain i… 17
Security Brief: Millions of Messages Distribute LockBit Black Ransomware May 13, 2024, 6:27 p.m. In late April 2024, Proofpoint observed high-volume email campaigns facilitated by the Phorpiex botnet, distributing millions of messages with attachments leading to LockBit Black… 16
Leveraging DNS Tunneling for Tracking and Scanning May 13, 2024, 7:12 p.m. This article presents a case study on new applications of domain name system (DNS) tunneling PaloAlto Unit42 have found in the wild. These techniques expand beyond DNS tunneling o… 63
Distribution of DanaBot Malware via Word Files Detected May 14, 2024, 8:16 a.m. This analysis examines the infection process of the DanaBot malware, distributed through sophisticated spam emails containing malicious Word documents. The documents leverage exte… 0
Exploring the Depths of Multi-tiered Infrastructure May 14, 2024, 1:06 p.m. This report provides an in-depth analysis of SolarMarker, a highly persistent and evolving malware family. It delves into the malware's evolution since 2020, detailing its functio… 45
PDF “Flawed Design” Exploitation May 14, 2024, 3:30 p.m. Check Point Research identified an unusual pattern involving PDF exploitation, mainly targeting users of Foxit Reader. This exploit triggers security warnings that could deceive u… 40
Mallox ranomware affiliate leverages PureCrypter in MS-SQL exploitation campaigns May 14, 2024, 6:03 p.m. A team from security firm Sekoia has observed a series of attacks targeting vulnerable assets, including MS-SQL, and Mallox ransomware, using techniques similar to that of the Pur… 10