Tag : 2024-05-10

18 reports 0 vulnerabilities 0 articles

Attack Reports

Title Published Tags Description Number of indicators
macOS Cuckoo Stealer | Ensuring Detection and Defense as New Samples Rapidly Emerge May 10, 2024, 8:31 a.m. This analysis discusses the emergence of a new macOS malware family called 'Cuckoo Stealer', which acts as an infostealer and spyware. It describes Cuckoo Stealer's main features,… 4
New Campaigns from Scattered Spider May 10, 2024, 8:33 a.m. Scattered Spider, a financially motivated threat actor group, has been conducting aggressive phishing campaigns targeting various industries, particularly the finance and insuranc… 118
Profiling Trafficers: Cerberus May 10, 2024, 9:02 a.m. This analysis delves into the activities of a group of malware operators known as Cerberus (formerly Amnesia) Team, who specialize in spreading infostealers, particularly in the C… 24
Protecting Networks from Opportunistic Ivanti Pulse Secure Vulnerability Exploitation May 10, 2024, 9:06 a.m. Juniper Threat Labs has observed attempts to exploit Ivanti Pulse Secure authentication bypass and remote code execution vulnerabilities (CVE-2023-46805 and CVE-2024-21887), leadi… 23
Malware (XMRig, OrcusRAT, etc.) disguised as MS Office crack May 10, 2024, 1:45 p.m. The report details an ongoing malware campaign targeting South Korean users, which disguises malicious payloads as cracked versions of Microsoft Office and other popular software.… 12
Threat Actors Hack YouTube Channels to Distribute Infostealers May 10, 2024, 1:47 p.m. This analysis reveals that malicious groups have been exploiting popular YouTube channels, including some with over 800,000 subscribers, to distribute various infostealer malware … 13
StopRansomware: Black Basta May 13, 2024, 9:31 a.m. This advisory details tactics, techniques, procedures and indicators of compromise related to Black Basta ransomware, a variant first identified in April 2022. Its affiliates have… 174
Romance Scams Urging Investment May 13, 2024, 9:38 a.m. The report details an investigation into romance scams that exploit emotional connections to solicit money under the guise of cryptocurrency investments. Perpetrators pose as pote… 3
GoTo Meeting loads RAT via Shellcode Loader May 13, 2024, 9:47 a.m. A malicious campaign has been discovered that exploits the legitimate GoTo Meeting online conferencing software to deploy the Remcos remote access trojan (RAT). The attack chain i… 17
Security Brief: Millions of Messages Distribute LockBit Black Ransomware May 13, 2024, 6:27 p.m. In late April 2024, Proofpoint observed high-volume email campaigns facilitated by the Phorpiex botnet, distributing millions of messages with attachments leading to LockBit Black… 16
Leveraging DNS Tunneling for Tracking and Scanning May 13, 2024, 7:12 p.m. This article presents a case study on new applications of domain name system (DNS) tunneling PaloAlto Unit42 have found in the wild. These techniques expand beyond DNS tunneling o… 63
Distribution of DanaBot Malware via Word Files Detected May 14, 2024, 8:16 a.m. This analysis examines the infection process of the DanaBot malware, distributed through sophisticated spam emails containing malicious Word documents. The documents leverage exte… 0
Exploring the Depths of Multi-tiered Infrastructure May 14, 2024, 1:06 p.m. This report provides an in-depth analysis of SolarMarker, a highly persistent and evolving malware family. It delves into the malware's evolution since 2020, detailing its functio… 45
PDF “Flawed Design” Exploitation May 14, 2024, 3:30 p.m. Check Point Research identified an unusual pattern involving PDF exploitation, mainly targeting users of Foxit Reader. This exploit triggers security warnings that could deceive u… 40
Mallox ranomware affiliate leverages PureCrypter in MS-SQL exploitation campaigns May 14, 2024, 6:03 p.m. A team from security firm Sekoia has observed a series of attacks targeting vulnerable assets, including MS-SQL, and Mallox ransomware, using techniques similar to that of the Pur… 10
Ongoing Malvertising Campaign leads to Ransomware May 15, 2024, 3:14 p.m. Rapid7 detected an ongoing malware distribution campaign involving trojanized installers of WinSCP and PuTTY, delivered via malicious search engine ads. The infection chain employ… 78
The Overlapping Cyber Strategies Of Transparent Tribe And SideCopy Against India May 15, 2024, 3:16 p.m. CRIL's analysis revealed SideCopy APT group's sophisticated malware campaign, employing malicious LNK files and a complex infection chain involving HTAs and loader DLLs to deploy … 21
Ebury is alive but unseen: 400k Linux servers compromised for cryptotheft and financial gain May 15, 2024, 4 p.m. The Ebury malware gang is continuing to expand, with hundreds of thousands of servers compromised and used to steal cryptocurrency and credit card data, according to a paper publi… 141