Tag: 2024-05-31
8 attack reports | 81 vulnerabilities
Attack reports
New banking trojan “CarnavalHeist” targets Brazil with overlay attacks
Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan dubbed 'CarnavalHeist'. The malware employs common tactics like financial-themed spam emails, Delphi-based DLLs, overlay attacks, and input capture techniques like keylogging and screen capture. Ho…
Downloadable IOCs 61
GRU’s BlueDelta Targets Key Networks in Europe with Multi-Phase Espionage Campaigns
Throughout the three phases, BlueDelta used phishing emails, legitimate internet services LIS, and living off-the-land binaries LOLBins) to extract intelligence from key networks across Europe. They have engaged in credential harvesting campaigns aimed at Yahoo and UKR.]net users, as well as dedica…
Downloadable IOCs 30
Threat Intelligence Alert: Merry-Go-Round Conceals Ads from Users and Brands
HUMAN's Satori Threat Intelligence and Research Team uncovered an ad cloaking operation, dubbed 'Merry-Go-Round', which involves two independent rings of websites that redirect traffic among each other in pop-under tabs, racking up digital ad impressions concealed from users. This sophisticated ope…
Downloadable IOCs 13
RedTail Cryptominer Threat Actors Adopt PAN-OS CVE-2024-3400 Exploit
Threat actors behind the RedTail cryptomining malware, initially reported in early 2024, have incorporated the recent Palo Alto PAN-OS CVE-2024-3400 vulnerability into their toolkit. The malware spreads by using at least six different web exploits, targeting Internet of Things (IoT) devices (such a…
Downloadable IOCs 10
Chat Messenger voting topics - a new way to steal accounts is gaining momentum
The Government Emergency Response Team of Ukraine CERT-UA informs about the increase in the number of cyberattacks aimed at gaining access to the accounts of popular messengers, including, using the techniques of bypassing two-factor authentication
Downloadable IOCs 230
Active exploitation of stored XSS vulnerabilities in WordPress Plugins
Recent months have witnessed active exploitation attempts targeting multiple cross-site scripting (XSS) vulnerabilities in popular WordPress plugins. The attacks involve injecting malicious scripts that create new admin accounts, install backdoors, and implement tracking mechanisms. The affected pl…
Downloadable IOCs 28
AllaSenha: AllaKore variant leverages Azure cloud C2 to steal banking details in Latin America
Earlier in May, a security product detected a malicious payload aimed at stealing credentials required to access Brazilian bank accounts. The payload, named AllaSenha, is a variant of the infamous AllaKore RAT, leveraging Azure cloud infrastructure for command and control. It is specifically design…
Downloadable IOCs 61
Disrupting FlyingYeti's campaign targeting Ukraine
This report details Cloudforce One's real-time effort to detect, deny, degrade, disrupt, and delay a phishing campaign by the Russia-aligned threat actor FlyingYeti targeting Ukraine. The campaign aimed to capitalize on anxiety over potential loss of housing and utilities by enticing targets to ope…
Downloadable IOCs 8
New banking trojan “CarnavalHeist” targets Brazil with overlay attacks
Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan dubbed 'CarnavalHeist'. The malware employs common tactics like financial-themed spam emails, Delphi-based DLLs, overlay attacks, and input capture techniques like keylogging and screen capture. Ho…
Downloadable IOCs 61
GRU’s BlueDelta Targets Key Networks in Europe with Multi-Phase Espionage Campaigns
Throughout the three phases, BlueDelta used phishing emails, legitimate internet services LIS, and living off-the-land binaries LOLBins) to extract intelligence from key networks across Europe. They have engaged in credential harvesting campaigns aimed at Yahoo and UKR.]net users, as well as dedica…
Downloadable IOCs 30
Threat Intelligence Alert: Merry-Go-Round Conceals Ads from Users and Brands
HUMAN's Satori Threat Intelligence and Research Team uncovered an ad cloaking operation, dubbed 'Merry-Go-Round', which involves two independent rings of websites that redirect traffic among each other in pop-under tabs, racking up digital ad impressions concealed from users. This sophisticated ope…
Downloadable IOCs 13
RedTail Cryptominer Threat Actors Adopt PAN-OS CVE-2024-3400 Exploit
Threat actors behind the RedTail cryptomining malware, initially reported in early 2024, have incorporated the recent Palo Alto PAN-OS CVE-2024-3400 vulnerability into their toolkit. The malware spreads by using at least six different web exploits, targeting Internet of Things (IoT) devices (such a…
Downloadable IOCs 10
Chat Messenger voting topics - a new way to steal accounts is gaining momentum
The Government Emergency Response Team of Ukraine CERT-UA informs about the increase in the number of cyberattacks aimed at gaining access to the accounts of popular messengers, including, using the techniques of bypassing two-factor authentication
Downloadable IOCs 230
Active exploitation of stored XSS vulnerabilities in WordPress Plugins
Recent months have witnessed active exploitation attempts targeting multiple cross-site scripting (XSS) vulnerabilities in popular WordPress plugins. The attacks involve injecting malicious scripts that create new admin accounts, install backdoors, and implement tracking mechanisms. The affected pl…
Downloadable IOCs 28
AllaSenha: AllaKore variant leverages Azure cloud C2 to steal banking details in Latin America
Earlier in May, a security product detected a malicious payload aimed at stealing credentials required to access Brazilian bank accounts. The payload, named AllaSenha, is a variant of the infamous AllaKore RAT, leveraging Azure cloud infrastructure for command and control. It is specifically design…
Downloadable IOCs 61
Disrupting FlyingYeti's campaign targeting Ukraine
This report details Cloudforce One's real-time effort to detect, deny, degrade, disrupt, and delay a phishing campaign by the Russia-aligned threat actor FlyingYeti targeting Ukraine. The campaign aimed to capitalize on anxiety over potential loss of housing and utilities by enticing targets to ope…
Downloadable IOCs 8
New banking trojan “CarnavalHeist” targets Brazil with overlay attacks
Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan dubbed 'CarnavalHeist'. The malware employs common tactics like financial-themed spam emails, Delphi-based DLLs, overlay attacks, and input capture techniques like keylogging and screen capture. Ho…
Downloadable IOCs 61
GRU’s BlueDelta Targets Key Networks in Europe with Multi-Phase Espionage Campaigns
Throughout the three phases, BlueDelta used phishing emails, legitimate internet services LIS, and living off-the-land binaries LOLBins) to extract intelligence from key networks across Europe. They have engaged in credential harvesting campaigns aimed at Yahoo and UKR.]net users, as well as dedica…
Downloadable IOCs 30
Threat Intelligence Alert: Merry-Go-Round Conceals Ads from Users and Brands
HUMAN's Satori Threat Intelligence and Research Team uncovered an ad cloaking operation, dubbed 'Merry-Go-Round', which involves two independent rings of websites that redirect traffic among each other in pop-under tabs, racking up digital ad impressions concealed from users. This sophisticated ope…
Downloadable IOCs 13
RedTail Cryptominer Threat Actors Adopt PAN-OS CVE-2024-3400 Exploit
Threat actors behind the RedTail cryptomining malware, initially reported in early 2024, have incorporated the recent Palo Alto PAN-OS CVE-2024-3400 vulnerability into their toolkit. The malware spreads by using at least six different web exploits, targeting Internet of Things (IoT) devices (such a…
Downloadable IOCs 10
Chat Messenger voting topics - a new way to steal accounts is gaining momentum
The Government Emergency Response Team of Ukraine CERT-UA informs about the increase in the number of cyberattacks aimed at gaining access to the accounts of popular messengers, including, using the techniques of bypassing two-factor authentication
Downloadable IOCs 230
Active exploitation of stored XSS vulnerabilities in WordPress Plugins
Recent months have witnessed active exploitation attempts targeting multiple cross-site scripting (XSS) vulnerabilities in popular WordPress plugins. The attacks involve injecting malicious scripts that create new admin accounts, install backdoors, and implement tracking mechanisms. The affected pl…
Downloadable IOCs 28
AllaSenha: AllaKore variant leverages Azure cloud C2 to steal banking details in Latin America
Earlier in May, a security product detected a malicious payload aimed at stealing credentials required to access Brazilian bank accounts. The payload, named AllaSenha, is a variant of the infamous AllaKore RAT, leveraging Azure cloud infrastructure for command and control. It is specifically design…
Downloadable IOCs 61
Disrupting FlyingYeti's campaign targeting Ukraine
This report details Cloudforce One's real-time effort to detect, deny, degrade, disrupt, and delay a phishing campaign by the Russia-aligned threat actor FlyingYeti targeting Ukraine. The campaign aimed to capitalize on anxiety over potential loss of housing and utilities by enticing targets to ope…
Downloadable IOCs 8
New banking trojan “CarnavalHeist” targets Brazil with overlay attacks
Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan dubbed 'CarnavalHeist'. The malware employs common tactics like financial-themed spam emails, Delphi-based DLLs, overlay attacks, and input capture techniques like keylogging and screen capture. Ho…
Downloadable IOCs 61
GRU’s BlueDelta Targets Key Networks in Europe with Multi-Phase Espionage Campaigns
Throughout the three phases, BlueDelta used phishing emails, legitimate internet services LIS, and living off-the-land binaries LOLBins) to extract intelligence from key networks across Europe. They have engaged in credential harvesting campaigns aimed at Yahoo and UKR.]net users, as well as dedica…
Downloadable IOCs 30
Threat Intelligence Alert: Merry-Go-Round Conceals Ads from Users and Brands
HUMAN's Satori Threat Intelligence and Research Team uncovered an ad cloaking operation, dubbed 'Merry-Go-Round', which involves two independent rings of websites that redirect traffic among each other in pop-under tabs, racking up digital ad impressions concealed from users. This sophisticated ope…
Downloadable IOCs 13
RedTail Cryptominer Threat Actors Adopt PAN-OS CVE-2024-3400 Exploit
Threat actors behind the RedTail cryptomining malware, initially reported in early 2024, have incorporated the recent Palo Alto PAN-OS CVE-2024-3400 vulnerability into their toolkit. The malware spreads by using at least six different web exploits, targeting Internet of Things (IoT) devices (such a…
Downloadable IOCs 10
Chat Messenger voting topics - a new way to steal accounts is gaining momentum
The Government Emergency Response Team of Ukraine CERT-UA informs about the increase in the number of cyberattacks aimed at gaining access to the accounts of popular messengers, including, using the techniques of bypassing two-factor authentication
Downloadable IOCs 230
Active exploitation of stored XSS vulnerabilities in WordPress Plugins
Recent months have witnessed active exploitation attempts targeting multiple cross-site scripting (XSS) vulnerabilities in popular WordPress plugins. The attacks involve injecting malicious scripts that create new admin accounts, install backdoors, and implement tracking mechanisms. The affected pl…
Downloadable IOCs 28
AllaSenha: AllaKore variant leverages Azure cloud C2 to steal banking details in Latin America
Earlier in May, a security product detected a malicious payload aimed at stealing credentials required to access Brazilian bank accounts. The payload, named AllaSenha, is a variant of the infamous AllaKore RAT, leveraging Azure cloud infrastructure for command and control. It is specifically design…
Downloadable IOCs 61
Disrupting FlyingYeti's campaign targeting Ukraine
This report details Cloudforce One's real-time effort to detect, deny, degrade, disrupt, and delay a phishing campaign by the Russia-aligned threat actor FlyingYeti targeting Ukraine. The campaign aimed to capitalize on anxiety over potential loss of housing and utilities by enticing targets to ope…
Downloadable IOCs 8
New banking trojan “CarnavalHeist” targets Brazil with overlay attacks
Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan dubbed 'CarnavalHeist'. The malware employs common tactics like financial-themed spam emails, Delphi-based DLLs, overlay attacks, and input capture techniques like keylogging and screen capture. Ho…
Downloadable IOCs 61
GRU’s BlueDelta Targets Key Networks in Europe with Multi-Phase Espionage Campaigns
Throughout the three phases, BlueDelta used phishing emails, legitimate internet services LIS, and living off-the-land binaries LOLBins) to extract intelligence from key networks across Europe. They have engaged in credential harvesting campaigns aimed at Yahoo and UKR.]net users, as well as dedica…
Downloadable IOCs 30
Threat Intelligence Alert: Merry-Go-Round Conceals Ads from Users and Brands
HUMAN's Satori Threat Intelligence and Research Team uncovered an ad cloaking operation, dubbed 'Merry-Go-Round', which involves two independent rings of websites that redirect traffic among each other in pop-under tabs, racking up digital ad impressions concealed from users. This sophisticated ope…
Downloadable IOCs 13
RedTail Cryptominer Threat Actors Adopt PAN-OS CVE-2024-3400 Exploit
Threat actors behind the RedTail cryptomining malware, initially reported in early 2024, have incorporated the recent Palo Alto PAN-OS CVE-2024-3400 vulnerability into their toolkit. The malware spreads by using at least six different web exploits, targeting Internet of Things (IoT) devices (such a…
Downloadable IOCs 10
Chat Messenger voting topics - a new way to steal accounts is gaining momentum
The Government Emergency Response Team of Ukraine CERT-UA informs about the increase in the number of cyberattacks aimed at gaining access to the accounts of popular messengers, including, using the techniques of bypassing two-factor authentication
Downloadable IOCs 230
Active exploitation of stored XSS vulnerabilities in WordPress Plugins
Recent months have witnessed active exploitation attempts targeting multiple cross-site scripting (XSS) vulnerabilities in popular WordPress plugins. The attacks involve injecting malicious scripts that create new admin accounts, install backdoors, and implement tracking mechanisms. The affected pl…
Downloadable IOCs 28
AllaSenha: AllaKore variant leverages Azure cloud C2 to steal banking details in Latin America
Earlier in May, a security product detected a malicious payload aimed at stealing credentials required to access Brazilian bank accounts. The payload, named AllaSenha, is a variant of the infamous AllaKore RAT, leveraging Azure cloud infrastructure for command and control. It is specifically design…
Downloadable IOCs 61
Disrupting FlyingYeti's campaign targeting Ukraine
This report details Cloudforce One's real-time effort to detect, deny, degrade, disrupt, and delay a phishing campaign by the Russia-aligned threat actor FlyingYeti targeting Ukraine. The campaign aimed to capitalize on anxiety over potential loss of housing and utilities by enticing targets to ope…
Downloadable IOCs 8
New banking trojan “CarnavalHeist” targets Brazil with overlay attacks
Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan dubbed 'CarnavalHeist'. The malware employs common tactics like financial-themed spam emails, Delphi-based DLLs, overlay attacks, and input capture techniques like keylogging and screen capture. Ho…
Downloadable IOCs 61
GRU’s BlueDelta Targets Key Networks in Europe with Multi-Phase Espionage Campaigns
Throughout the three phases, BlueDelta used phishing emails, legitimate internet services LIS, and living off-the-land binaries LOLBins) to extract intelligence from key networks across Europe. They have engaged in credential harvesting campaigns aimed at Yahoo and UKR.]net users, as well as dedica…
Downloadable IOCs 30
Threat Intelligence Alert: Merry-Go-Round Conceals Ads from Users and Brands
HUMAN's Satori Threat Intelligence and Research Team uncovered an ad cloaking operation, dubbed 'Merry-Go-Round', which involves two independent rings of websites that redirect traffic among each other in pop-under tabs, racking up digital ad impressions concealed from users. This sophisticated ope…
Downloadable IOCs 13
RedTail Cryptominer Threat Actors Adopt PAN-OS CVE-2024-3400 Exploit
Threat actors behind the RedTail cryptomining malware, initially reported in early 2024, have incorporated the recent Palo Alto PAN-OS CVE-2024-3400 vulnerability into their toolkit. The malware spreads by using at least six different web exploits, targeting Internet of Things (IoT) devices (such a…
Downloadable IOCs 10
Chat Messenger voting topics - a new way to steal accounts is gaining momentum
The Government Emergency Response Team of Ukraine CERT-UA informs about the increase in the number of cyberattacks aimed at gaining access to the accounts of popular messengers, including, using the techniques of bypassing two-factor authentication
Downloadable IOCs 230
Active exploitation of stored XSS vulnerabilities in WordPress Plugins
Recent months have witnessed active exploitation attempts targeting multiple cross-site scripting (XSS) vulnerabilities in popular WordPress plugins. The attacks involve injecting malicious scripts that create new admin accounts, install backdoors, and implement tracking mechanisms. The affected pl…
Downloadable IOCs 28
AllaSenha: AllaKore variant leverages Azure cloud C2 to steal banking details in Latin America
Earlier in May, a security product detected a malicious payload aimed at stealing credentials required to access Brazilian bank accounts. The payload, named AllaSenha, is a variant of the infamous AllaKore RAT, leveraging Azure cloud infrastructure for command and control. It is specifically design…
Downloadable IOCs 61
Disrupting FlyingYeti's campaign targeting Ukraine
This report details Cloudforce One's real-time effort to detect, deny, degrade, disrupt, and delay a phishing campaign by the Russia-aligned threat actor FlyingYeti targeting Ukraine. The campaign aimed to capitalize on anxiety over potential loss of housing and utilities by enticing targets to ope…
Downloadable IOCs 8
New banking trojan “CarnavalHeist” targets Brazil with overlay attacks
Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan dubbed 'CarnavalHeist'. The malware employs common tactics like financial-themed spam emails, Delphi-based DLLs, overlay attacks, and input capture techniques like keylogging and screen capture. Ho…
Downloadable IOCs 61
GRU’s BlueDelta Targets Key Networks in Europe with Multi-Phase Espionage Campaigns
Throughout the three phases, BlueDelta used phishing emails, legitimate internet services LIS, and living off-the-land binaries LOLBins) to extract intelligence from key networks across Europe. They have engaged in credential harvesting campaigns aimed at Yahoo and UKR.]net users, as well as dedica…
Downloadable IOCs 30
Threat Intelligence Alert: Merry-Go-Round Conceals Ads from Users and Brands
HUMAN's Satori Threat Intelligence and Research Team uncovered an ad cloaking operation, dubbed 'Merry-Go-Round', which involves two independent rings of websites that redirect traffic among each other in pop-under tabs, racking up digital ad impressions concealed from users. This sophisticated ope…
Downloadable IOCs 13
RedTail Cryptominer Threat Actors Adopt PAN-OS CVE-2024-3400 Exploit
Threat actors behind the RedTail cryptomining malware, initially reported in early 2024, have incorporated the recent Palo Alto PAN-OS CVE-2024-3400 vulnerability into their toolkit. The malware spreads by using at least six different web exploits, targeting Internet of Things (IoT) devices (such a…
Downloadable IOCs 10
Chat Messenger voting topics - a new way to steal accounts is gaining momentum
The Government Emergency Response Team of Ukraine CERT-UA informs about the increase in the number of cyberattacks aimed at gaining access to the accounts of popular messengers, including, using the techniques of bypassing two-factor authentication
Downloadable IOCs 230
Active exploitation of stored XSS vulnerabilities in WordPress Plugins
Recent months have witnessed active exploitation attempts targeting multiple cross-site scripting (XSS) vulnerabilities in popular WordPress plugins. The attacks involve injecting malicious scripts that create new admin accounts, install backdoors, and implement tracking mechanisms. The affected pl…
Downloadable IOCs 28
AllaSenha: AllaKore variant leverages Azure cloud C2 to steal banking details in Latin America
Earlier in May, a security product detected a malicious payload aimed at stealing credentials required to access Brazilian bank accounts. The payload, named AllaSenha, is a variant of the infamous AllaKore RAT, leveraging Azure cloud infrastructure for command and control. It is specifically design…
Downloadable IOCs 61
Disrupting FlyingYeti's campaign targeting Ukraine
This report details Cloudforce One's real-time effort to detect, deny, degrade, disrupt, and delay a phishing campaign by the Russia-aligned threat actor FlyingYeti targeting Ukraine. The campaign aimed to capitalize on anxiety over potential loss of housing and utilities by enticing targets to ope…
Downloadable IOCs 8
New banking trojan “CarnavalHeist” targets Brazil with overlay attacks
Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan dubbed 'CarnavalHeist'. The malware employs common tactics like financial-themed spam emails, Delphi-based DLLs, overlay attacks, and input capture techniques like keylogging and screen capture. Ho…
Downloadable IOCs 61
GRU’s BlueDelta Targets Key Networks in Europe with Multi-Phase Espionage Campaigns
Throughout the three phases, BlueDelta used phishing emails, legitimate internet services LIS, and living off-the-land binaries LOLBins) to extract intelligence from key networks across Europe. They have engaged in credential harvesting campaigns aimed at Yahoo and UKR.]net users, as well as dedica…
Downloadable IOCs 30
Threat Intelligence Alert: Merry-Go-Round Conceals Ads from Users and Brands
HUMAN's Satori Threat Intelligence and Research Team uncovered an ad cloaking operation, dubbed 'Merry-Go-Round', which involves two independent rings of websites that redirect traffic among each other in pop-under tabs, racking up digital ad impressions concealed from users. This sophisticated ope…
Downloadable IOCs 13
RedTail Cryptominer Threat Actors Adopt PAN-OS CVE-2024-3400 Exploit
Threat actors behind the RedTail cryptomining malware, initially reported in early 2024, have incorporated the recent Palo Alto PAN-OS CVE-2024-3400 vulnerability into their toolkit. The malware spreads by using at least six different web exploits, targeting Internet of Things (IoT) devices (such a…
Downloadable IOCs 10
Chat Messenger voting topics - a new way to steal accounts is gaining momentum
The Government Emergency Response Team of Ukraine CERT-UA informs about the increase in the number of cyberattacks aimed at gaining access to the accounts of popular messengers, including, using the techniques of bypassing two-factor authentication
Downloadable IOCs 230
Active exploitation of stored XSS vulnerabilities in WordPress Plugins
Recent months have witnessed active exploitation attempts targeting multiple cross-site scripting (XSS) vulnerabilities in popular WordPress plugins. The attacks involve injecting malicious scripts that create new admin accounts, install backdoors, and implement tracking mechanisms. The affected pl…
Downloadable IOCs 28
AllaSenha: AllaKore variant leverages Azure cloud C2 to steal banking details in Latin America
Earlier in May, a security product detected a malicious payload aimed at stealing credentials required to access Brazilian bank accounts. The payload, named AllaSenha, is a variant of the infamous AllaKore RAT, leveraging Azure cloud infrastructure for command and control. It is specifically design…
Downloadable IOCs 61
Disrupting FlyingYeti's campaign targeting Ukraine
This report details Cloudforce One's real-time effort to detect, deny, degrade, disrupt, and delay a phishing campaign by the Russia-aligned threat actor FlyingYeti targeting Ukraine. The campaign aimed to capitalize on anxiety over potential loss of housing and utilities by enticing targets to ope…
Downloadable IOCs 8