Today > | 1 Medium vulnerabilities - You can now download lists of IOCs here!
8 attack reports | 0 vulnerabilities
A sophisticated phishing operation targeting European automotive, chemical, and industrial manufacturing companies has been uncovered. The campaign, which peaked in June 2024, used HubSpot Free Form Builder and Docusign-enabled PDFs to harvest account credentials and infiltrate Microsoft Azure clou…
A phishing campaign disguised as an end-of-year leave approval notice has been intercepted by the Cofense Phishing Defense Center. The malicious email, masquerading as HR communication, tricks recipients into clicking a link that leads to the deployment of FormBook malware. The email contains red f…
An incident response investigation uncovered an attacker who exploited a SharePoint vulnerability (CVE-2024-38094) to gain initial access. The attacker remained undetected for two weeks, moving laterally across the network and compromising the entire domain. Key tactics included installing Horoung …
The Crypt Ghouls group is targeting Russian businesses and government agencies with ransomware attacks. They utilize a toolkit including utilities like Mimikatz, XenAllPasswordPro, PingCastle, and others. The group employs LockBit 3.0 and Babuk ransomware as final payloads. Initial access is often …
A BlackCat ransomware intrusion began with a Nitrogen malware campaign impersonating Advanced IP Scanner. The attackers used Sliver and Cobalt Strike beacons for post-exploitation, leveraging Python scripts for memory loading. They performed network enumeration using various tools and moved lateral…
A recent analysis by the ThreatDown MDR team has uncovered a novel attack method employed by the RansomHub ransomware gang. The attackers are utilizing two tools: TDSSKiller, a legitimate Kaspersky rootkit removal utility, to disable endpoint detection and response (EDR) systems, and LaZagne, a cre…
The Government Emergency Response Team of Ukraine CERT-UA informs about the increase in the number of cyberattacks aimed at gaining access to the accounts of popular messengers, including, using the techniques of bypassing two-factor authentication
Rapid7 discovered that version 8.3.7 of the JAVS Viewer software from Justice AV Solutions contained a backdoor installer allowing attackers to gain remote control over affected systems. The malicious installer included a binary named fffmpeg.exe which executed obfuscated PowerShell scripts and fac…