Today > | 3 Medium | 2 Low vulnerabilities - You can now download lists of IOCs here!
5 attack reports | 0 vulnerabilities
A malicious file named "christmas_slab.pdf.lnk" was discovered, utilizing Windows' built-in SSH support to deliver malware. The LNK file executes ssh.exe to transfer and run a PE file from a remote server. The attack leverages the SSH/SCP protocol, taking advantage of its widespread availability on…
A new DDoS malware strain named cShell is targeting poorly managed Linux servers through SSH services. The threat actor uses brute force attacks to gain initial access, then installs the cShell bot developed in Go language. cShell exploits Linux tools 'screen' and 'hping3' to perform various DDoS a…
An attacker exploited the Atlassian Confluence vulnerability CVE-2023-22527 to achieve remote code execution for cryptomining via the Titan Network. The malicious actor gathered system details using public IP lookup services and various commands. Multiple shell scripts were downloaded and executed …
A Chinese-developed Go-based backdoor called Supershell is targeting poorly managed Linux SSH servers. The malware, which supports multiple platforms, primarily functions as a reverse shell for remote system control. Attackers use dictionary attacks from various IP addresses to gain access, then in…
An in-depth analysis examined a threat actor utilizing Akira ransomware to compromise a Latin American airline. The attacker gained initial network access via SSH, exploiting a vulnerability in Veeam backup software, and subsequently exfiltrated critical data before deploying the ransomware payload…