Tag: 2024-06-12
4 attack reports | 120 vulnerabilities
Attack reports
Ransomware Attackers May Have Used Privilege Escalation Vulnerability as Zero-day
Recent analysis by a cybersecurity firm suggests that a ransomware group might have exploited a Windows privilege escalation vulnerability, CVE-2024-26169, before it was patched. The vulnerability, which was addressed in March 2024, could allow attackers to elevate their privileges. Evidence from a…
Downloadable IOCs 5
Dipping into Danger: The WARMCOOKIE backdoor
Elastic Security Labs identified a new wave of email campaigns targeting environments by deploying a novel backdoor dubbed WARMCOOKIE, which communicates via HTTP cookie parameters. The malware is an initial tool used to scout victim networks and deploy additional payloads, with hard-coded command …
Downloadable IOCs 6
Smishing Triad Is Targeting Pakistan To Defraud Banking Customers At Scale
Resecurity has identified a new activity of a cybercrime group known as Smishing Triad, which has expanded its operations to Pakistan. The group is employing tactics involving sending malicious messages impersonating Pakistan Post to customers of mobile carriers via iMessage and SMS, with the goal …
Downloadable IOCs 14
UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion
An extensive cybercriminal campaign led by a threat actor codenamed UNC5537 has compromised numerous Snowflake customer database instances with the intent of data theft and extortion. The threat actor exploited stolen customer credentials, predominantly obtained through infostealer malware infectio…
Downloadable IOCs 48
Ransomware Attackers May Have Used Privilege Escalation Vulnerability as Zero-day
Recent analysis by a cybersecurity firm suggests that a ransomware group might have exploited a Windows privilege escalation vulnerability, CVE-2024-26169, before it was patched. The vulnerability, which was addressed in March 2024, could allow attackers to elevate their privileges. Evidence from a…
Downloadable IOCs 5
Dipping into Danger: The WARMCOOKIE backdoor
Elastic Security Labs identified a new wave of email campaigns targeting environments by deploying a novel backdoor dubbed WARMCOOKIE, which communicates via HTTP cookie parameters. The malware is an initial tool used to scout victim networks and deploy additional payloads, with hard-coded command …
Downloadable IOCs 6
Smishing Triad Is Targeting Pakistan To Defraud Banking Customers At Scale
Resecurity has identified a new activity of a cybercrime group known as Smishing Triad, which has expanded its operations to Pakistan. The group is employing tactics involving sending malicious messages impersonating Pakistan Post to customers of mobile carriers via iMessage and SMS, with the goal …
Downloadable IOCs 14
UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion
An extensive cybercriminal campaign led by a threat actor codenamed UNC5537 has compromised numerous Snowflake customer database instances with the intent of data theft and extortion. The threat actor exploited stolen customer credentials, predominantly obtained through infostealer malware infectio…
Downloadable IOCs 48
Ransomware Attackers May Have Used Privilege Escalation Vulnerability as Zero-day
Recent analysis by a cybersecurity firm suggests that a ransomware group might have exploited a Windows privilege escalation vulnerability, CVE-2024-26169, before it was patched. The vulnerability, which was addressed in March 2024, could allow attackers to elevate their privileges. Evidence from a…
Downloadable IOCs 5
Dipping into Danger: The WARMCOOKIE backdoor
Elastic Security Labs identified a new wave of email campaigns targeting environments by deploying a novel backdoor dubbed WARMCOOKIE, which communicates via HTTP cookie parameters. The malware is an initial tool used to scout victim networks and deploy additional payloads, with hard-coded command …
Downloadable IOCs 6
Smishing Triad Is Targeting Pakistan To Defraud Banking Customers At Scale
Resecurity has identified a new activity of a cybercrime group known as Smishing Triad, which has expanded its operations to Pakistan. The group is employing tactics involving sending malicious messages impersonating Pakistan Post to customers of mobile carriers via iMessage and SMS, with the goal …
Downloadable IOCs 14
UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion
An extensive cybercriminal campaign led by a threat actor codenamed UNC5537 has compromised numerous Snowflake customer database instances with the intent of data theft and extortion. The threat actor exploited stolen customer credentials, predominantly obtained through infostealer malware infectio…
Downloadable IOCs 48
Ransomware Attackers May Have Used Privilege Escalation Vulnerability as Zero-day
Recent analysis by a cybersecurity firm suggests that a ransomware group might have exploited a Windows privilege escalation vulnerability, CVE-2024-26169, before it was patched. The vulnerability, which was addressed in March 2024, could allow attackers to elevate their privileges. Evidence from a…
Downloadable IOCs 5
Dipping into Danger: The WARMCOOKIE backdoor
Elastic Security Labs identified a new wave of email campaigns targeting environments by deploying a novel backdoor dubbed WARMCOOKIE, which communicates via HTTP cookie parameters. The malware is an initial tool used to scout victim networks and deploy additional payloads, with hard-coded command …
Downloadable IOCs 6
Smishing Triad Is Targeting Pakistan To Defraud Banking Customers At Scale
Resecurity has identified a new activity of a cybercrime group known as Smishing Triad, which has expanded its operations to Pakistan. The group is employing tactics involving sending malicious messages impersonating Pakistan Post to customers of mobile carriers via iMessage and SMS, with the goal …
Downloadable IOCs 14
UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion
An extensive cybercriminal campaign led by a threat actor codenamed UNC5537 has compromised numerous Snowflake customer database instances with the intent of data theft and extortion. The threat actor exploited stolen customer credentials, predominantly obtained through infostealer malware infectio…
Downloadable IOCs 48