Found 133 bookmarks
Newest
Cache Me If You Can: Local Privilege Escalation in Zscaler Client Connector (CVE-2023-41973)
Cache Me If You Can: Local Privilege Escalation in Zscaler Client Connector (CVE-2023-41973)
A couple months ago, my colleague Winston Ho and I chained a series of unfortunate bugs into a zero-interaction local privilege escalation in Zscaler Client Connector. This was an interesting journey into Windows RPC caller validation and bypassing several checks, including Authenticode verification. Check out the original Medium blogpost for Winston’s own ZSATrayManager Arbitrary File Deletion (CVE-2023-41969)!
#spaceraccoon#EN#204#report#vulnerability#Zscaler#Client#Connector#CVE-2023-41973
·spaceraccoon.dev·
Cache Me If You Can: Local Privilege Escalation in Zscaler Client Connector (CVE-2023-41973)
APT trends report Q1 2024
APT trends report Q1 2024
For more than six years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research. They provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They are designed to highlight the significant events and findings that we feel people should be aware of.
#securelist#Kaspersky#EN#2024#report#APT#Gelsemium#Careto
·securelist.com·
APT trends report Q1 2024
From IcedID to Dagon Locker Ransomware in 29 Days
From IcedID to Dagon Locker Ransomware in 29 Days
  • In late August 2023, we observed an intrusion that started with a phishing campaign using PrometheusTDS to distribute IcedID. IcedID dropped and executed a Cobalt Strike beacon, which was then used through-out the intrusion. The threat actor leveraged a bespoke PowerShell tool known as AWScollector to facilitate a range of malicious activities including discovery, lateral movement, data exfiltration, and ransomware deployment. Group Policy was used to distribute Cobalt Strike beacons at login to a specific privileged user group. The threat actor utilized a suite of tools to support their activities, deploying Rclone, Netscan, Nbtscan, AnyDesk, Seatbelt, Sharefinder, and AdFind. * This case had a TTR (time to ransomware) of 29 days.
#thedfirreport#EN#2024#PrometheusTDS#TTR#IcedID#report
·thedfirreport.com·
From IcedID to Dagon Locker Ransomware in 29 Days
The Fall of LabHost: Law Enforcement Shuts Down Phishing Service Provider | Trend Micro (US)
The Fall of LabHost: Law Enforcement Shuts Down Phishing Service Provider | Trend Micro (US)
On Thursday, April 18, 2024, the UK’s Metropolitan Police Service, along with fellow UK and international law enforcement, as well as several trusted private industry partners, conducted an operation that succeeded in taking down the Phishing-as-a-Service (PhaaS) provider LabHost. This move was also timed to coincide with a number of key arrests related to this operation. In this entry, we will briefly explain what LabHost was, how it affected its victims, and the impact of this law enforcement operation — including the assistance provided by Trend Micro.
#trendmicro#EN#2024#cybercrime#report#LabHost#takedown#PhaaS#Phishing-as-a-Service
·trendmicro.com·
The Fall of LabHost: Law Enforcement Shuts Down Phishing Service Provider | Trend Micro (US)
State of WordPress Security In 2024
State of WordPress Security In 2024
This year, we’ve partnered with Sucuri. With both of our data combined, we can cover the entire timeline of security incidents from the vulnerability being found to the point where malware infection gets detected on a vulnerable website. 2023 was another record year of new vulnerabilities being discovered and fixed in the WordPress ecosystem. In 2023, we added 5,948 new vulnerabilities to the Patchstack vulnerability database. That’s 24% more than in 2022.
#patchstack#EN#WordPress#report
·patchstack.com·
State of WordPress Security In 2024
Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks | Trend Micro (US)
Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks | Trend Micro (US)
Since early 2022, we have been monitoring an APT campaign that targets several government entities worldwide, with a strong focus in Southeast Asia, but also seen targeting Europe, America, and Africa.
#trendmicro#EN#2024#targeted-attacks#research#report#Earth-Krahang#i-soon
·trendmicro.com·
Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks | Trend Micro (US)
CVE-2024-21412: Water Hydra Targets Traders with Microsoft Defender SmartScreen Zero-Day
CVE-2024-21412: Water Hydra Targets Traders with Microsoft Defender SmartScreen Zero-Day
The APT group Water Hydra has been exploiting the Microsoft Defender SmartScreen vulnerability CVE-2024-21412 in its campaigns targeting financial market traders. This vulnerability, which has now been patched by Microsoft, was discovered and disclosed by the Trend Micro Zero Day Initiative.
#trendmicro#EN#2024#CVE-2024-21412#Water-Hydra#exploits-&-vulnerabilities#research#report#apt-&-targeted-attacks
·trendmicro.com·
CVE-2024-21412: Water Hydra Targets Traders with Microsoft Defender SmartScreen Zero-Day
KV-Botnet: Don’t call it a Comeback - Lumen
KV-Botnet: Don’t call it a Comeback - Lumen
Executive Summary On December 13, 2023, Lumen’s Black Lotus Labs reported our findings on the KV-botnet, a covert data transfer network used by state-sponsored actors based in China to conduct espionage and intelligence activities targeting U.S. critical infrastructure. Around the time of the first publication, we identified a spike in activity that we assess aligns
#lumen#EN#2024#KV-Botnet#China#espionnage#report
·blog.lumen.com·
KV-Botnet: Don’t call it a Comeback - Lumen
Ransomware Hit $1 Billion in 2023
Ransomware Hit $1 Billion in 2023
In 2023, ransomware actors intensified their operations, targeting high-profile institutions and critical infrastructure, including hospitals, schools, and government agencies. Major ransomware supply chain attacks were carried out exploiting the ubiquitous file transfer software MOVEit, impacting companies ranging from the BBC to British Airways. As a result of these attacks and others, ransomware gangs reached an unprecedented milestone, surpassing $1 billion in extorted cryptocurrency payments from victims. Last year’s developments highlight the evolving nature of this cyber threat and its increasing impact on global institutions and security at large.
#chainalysis#En#2024#Ransomware#Statistics#2023#report
·chainalysis.com·
Ransomware Hit $1 Billion in 2023
Qualys TRU Discovers Important Vulnerabilities in GNU C Library’s syslog()
Qualys TRU Discovers Important Vulnerabilities in GNU C Library’s syslog()
The Qualys Threat Research Unit (TRU) has recently unearthed four significant vulnerabilities in the GNU C Library, a cornerstone for countless applications in the Linux environment. Before diving into the specific details of the vulnerabilities discovered by the Qualys Threat Research Unit in the GNU C Library, it’s crucial to understand these findings’ broader impact and importance. The GNU C Library, or glibc, is an essential component of virtually every Linux-based system, serving as the core interface between applications and the Linux kernel. The recent discovery of these vulnerabilities is not just a technical concern but a matter of widespread security implications.
#qualys#EN#2024#report#research#GNU#C#Library#syslog#CVE-2023-6246#CVE-2023-6779#CVE-2023-6780
·blog.qualys.com·
Qualys TRU Discovers Important Vulnerabilities in GNU C Library’s syslog()
Time keeps on slippin’ slippin’ slippin’: The 2023 Active Adversary Report for Tech Leaders – Sophos News
Time keeps on slippin’ slippin’ slippin’: The 2023 Active Adversary Report for Tech Leaders – Sophos News
  • Compromised credentials are a gift that keeps on giving (your stuff away) MFA is your mature, sensible friend Dwell time is sinking faster than RMS Titanic Criminals don’t take time off; neither can you
    • Active Directory servers: The ultimate attacker tool RDP: High time to decline the risk Missing telemetry just makes things harder
#sophos#EN#2023#report#adversary
·news.sophos.com·
Time keeps on slippin’ slippin’ slippin’: The 2023 Active Adversary Report for Tech Leaders – Sophos News
DDoS threat report for 2023 Q2
DDoS threat report for 2023 Q2
Q2 2023 saw an unprecedented escalation in DDoS attack sophistication. Pro-Russian hacktivists REvil, Killnet and Anonymous Sudan joined forces to attack Western sites. Mitel vulnerability exploits surged by a whopping 532%, and attacks on crypto rocketed up by 600%. Read the full story...
#Cloudflare#EN#2023#DDoS#threat#report#Q2#REvil#Killnet
·blog.cloudflare.com·
DDoS threat report for 2023 Q2
Malvertising Used as Entry Vector for BlackCat Actors Also Leverage SpyBoy Terminator
Malvertising Used as Entry Vector for BlackCat Actors Also Leverage SpyBoy Terminator
We found that malicious actors used malvertising to distribute malware via cloned webpages of legitimate organizations. The distribution involved a webpage of the well-known application WinSCP, an open-source Windows application for file transfer. We were able to identify that this activity led to a BlackCat (aka ALPHV) infection, and actors also used SpyBoy, a terminator that tampers with protection provided by agents.
#trendmicro#EN#2023#malware#endpoints#BlackCat#WinSCP#report#SpyBoy#GoogleAds
·trendmicro.com·
Malvertising Used as Entry Vector for BlackCat Actors Also Leverage SpyBoy Terminator
Cyber Extortion activity reached the highest volume ever recorded in Q1 2023 after a decline of 8% in 2022, reveals new Orange Cyberdefense report
Cyber Extortion activity reached the highest volume ever recorded in Q1 2023 after a decline of 8% in 2022, reveals new Orange Cyberdefense report
  • The shift previously observed in the geographical location of cyber extortion (Cy-X) victims continues to accelerate, moving from the United States (-21%), and Canada (-28%) to Southeast Asia region (+42%), the Nordics (+40%) & Latin America (+32%). * Whilst Manufacturing continues to be the biggest industry impacted, the number of victims decreased (-39%), with a shift towards the Utilities sector (+51%), Educational Services (+41%) and Finance and Insurance Sectors (+11%). * Businesses in 96 different countries were impacted by Cy-X in 2022, equating to nearly half (49%) the countries in the world. Since 2020 Orange Cyberdefense has recorded victims in over 70% of all countries worldwide * Over 2,100 organizations in the world were publicly shamed as a victim of Cy-X in 2022, across an almost even distribution of business sizes.
#orange.com#EN#2023#Cy-X#CyberExtortion#Orange#Cyberdefense#report
·newsroom.orange.com·
Cyber Extortion activity reached the highest volume ever recorded in Q1 2023 after a decline of 8% in 2022, reveals new Orange Cyberdefense report
Creal: New Stealer Targeting Cryptocurrency Users Via Phishing Sites
Creal: New Stealer Targeting Cryptocurrency Users Via Phishing Sites
Open-Source Stealer Widely Abused by Threat Actors The threat of InfoStealers is widespread and has been frequently employed by various Threat Actors (TA)s to launch attacks and make financial gains. Until now, the primary use of stealers by TAs has been to sell logs or to gain initial entry into a corporate network.
#cyble#2023#EN#report#InfoStealer#Creal
·blog.cyble.com·
Creal: New Stealer Targeting Cryptocurrency Users Via Phishing Sites
Creal: New Stealer Targeting Cryptocurrency Users Via Phishing Sites
Creal: New Stealer Targeting Cryptocurrency Users Via Phishing Sites
Open-Source Stealer Widely Abused by Threat Actors The threat of InfoStealers is widespread and has been frequently employed by various Threat Actors (TA)s to launch attacks and make financial gains. Until now, the primary use of stealers by TAs has been to sell logs or to gain initial entry into a corporate network.
#cyble#2023#EN#report#InfoStealer#Creal
·blog.cyble.com·
Creal: New Stealer Targeting Cryptocurrency Users Via Phishing Sites