Behind the Attack: Live Chat Phishing
In this blog, we investigate a phishing attack that leverages the inherent trust we put in live-human-chat support.
interpreted.%26imtext3%3D%2520%26imtext4%3D%2520%2520%2520%26font%3D25%26Gravity%3DCenter?width=92&height=&ar=&mode=&format=avif&dpr=2)
CVE-2024-4577 Exploits in the Wild One Day After Disclosure
- The Akamai Security Intelligence Response Team (SIRT) has been monitoring activity surrounding CVE-2024-4577, a PHP vulnerability that affects installations running CGI mode that was disclosed in June 2024. The vulnerability primarily affects Windows installations using Chinese and Japanese language locales, but it is possible that the vulnerability applies to a wider range of installations. As early as one day after disclosure, the SIRT observed numerous exploit attempts to abuse this vulnerability, indicating high exploitability and quick adoption by threat actors. The exploitations include command injection and multiple malware campaigns: Gh0st RAT, RedTail cryptominers, and XMRig. Akamai App & API Protector has been automatically mitigating exploits that target our customers. In this blog post, we’ve included a comprehensive list of indicators of compromise (IOCs) for the various exploits we discuss.
How do cryptocurrency drainer phishing scams work?
In recent months, a surge in cryptodrainer phishing attacks has been observed, targeting cryptocurrency holders with sophisticated schemes aimed at tricking them into divulging their valuable credentials.
Resurrecting Internet Explorer: Threat Actors Using Zero-day Tricks in Internet Shortcut File to Lure Victims (CVE-2024-38112)
Check Point Research recently discovered that threat actors have been using novel (or previously unknown) tricks to lure Windows users for remote code execution. Specifically, the attackers used special Windows Internet Shortcut files (.url extension name), which, when clicked, would call the retired Internet Explorer (IE) to visit the attacker-controlled URL. An additional trick on IE is used to hide the malicious .hta extension name. By opening the URL with IE instead of the modern and much more secure Chrome/Edge browser on Windows, the attacker gained significant advantages in exploiting the victim’s computer, although the computer is running the modern Windows 10/11 operating system.
Chinese APT40 hackers hijack SOHO routers to launch attacks
An advisory by CISA and multiple international cybersecurity agencies highlights the tactics, techniques, and procedures (TTPs) of APT40 (aka
APT40 Advisory PRC MSS tradecraft in action
This advisory, authored by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), the United States Cybersecurity and Infrastructure Security Agency (CISA), the United States National Security Agency (NSA), the United States Federal Bureau of Investigation (FBI), the United Kingdom National Cyber Security Centre (NCSC-UK), the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NCSC-NZ), the German Federal Intelligence Service (BND) and Federal Office for the Protection of the Constitution (BfV), the Republic of Korea's National Intelligence Service (NIIS) and NIS’ National Cyber Security Center, and Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) and National Police Agency (NPA) – hereafter referred to as the “authoring agencies” – outlines a People’s Republic of China (PRC) state-sponsored cyber group and their current threat to Australian networks. The advisory draws on the authoring agencies’ shared understanding of the threat as well as ASD’s ACSC incident response investigations.
New Blast-RADIUS attack breaks 30-year-old protocol used in networks everywhere
Ubiquitous RADIUS scheme uses homegrown authentication based on MD5. Yup, you heard right.
BLAST RADIUS
Blast-RADIUS is a vulnerability that affects the RADIUS protocol. RADIUS is a very common protocol used for authentication, authorization, and accounting (AAA) for networked devices on enterprise and telecommunication networks.
CVE-2024-38021: Moniker RCE Vulnerability Uncovered in Microsoft Outlook
Morphisec researchers have discovered an important Microsoft Outlook vulnerability. Read on for CVE-2024- 38021 details and technical impact.
New OpenSSH Vulnerability Discovered: Potential Remote Code Execution Risk
OpenSSH vulnerability CVE-2024-6409 found in Red Hat Linux 9 may enable remote code execution. Discover more.
US Disrupts Russian Bots Spreading Propaganda on Twitter
Russian media outlet RT ran the bot farm to pump out disinformation via 968 Twitter accounts, the US Justice Department says.
Turla: A Master’s Art of Evasion
Turla, a well-known piece of malware, has taken to weaponising LNK-files to infect computers. We have observed a current example of this.
BlackSuit Ransomware: Insights and Defense Strategies
Learn about BlackSuit ransomware, its impact across sectors, and how to defend against its attacks.
Decrypted: DoNex Ransomware and its Predecessors
Researchers from Avast have discovered a flaw in the cryptographic schema of the DoNex ransomware and its predecessors. In cooperation with law enforcement organizations, we have been silently providing the decryptor to DoNex ransomware victims since March 2024. The cryptographic weakness was made public at Recon 2024 and therefore we have no reason to keep […]
Eldorado Ransomware: The New Golden Empire of Cybercrime?
All about Eldorado Ransomware and how its affiliates make their own samples for distribution.
South African pathology labs down after ransomware attack
The National Health Laboratory Service is the primary diagnostic service for 80% of the population, and no timeline for its restoration has been determined
New Intel CPU Vulnerability 'Indirector' Exposes Sensitive Data
Discover how the 'Indirector' attack threatens Intel CPUs and learn about the 'TIKTAG' vulnerability in Arm processors.
Russia forces Apple to remove VPN apps from the App Store
Apple has caved to pressure from Russian authorities and removed a number of the best iPhone VPN apps from the App Store in the country.
Supply Chain Compromise Leads to Trojanized Installers | Rapid7 Blog
Rapid7 investigated suspicious behavior emanating from the installation of Notezilla, RecentX, & Copywhiz. These installers are distributed by Conceptworld.
Indian Software Firm's Products Hacked to Spread Data-Stealing Malware
Conceptworld software installers trojanized with data-stealing malware. Users of Notezilla, RecentX, and Copywhiz urged to check for compromise.
Formula 1 governing body discloses data breach after email hacks
FIA (Fédération Internationale de l'Automobile), the auto racing governing body since the 1950s, says attackers gained access to personal data after compromising several FIA email accounts in a phishing attack.
How scam networks use fake celebrity ads to lure online investors
Investor beware: online promises of quick profits are not always as legitimate as they look. Swiss public broadcaster, SRF, looked into a Cyprus-based network of scam websites.
The Rise of Packet Rate Attacks: When Core Routers Turn Evil
A sharp increase of DDoS attacks have been observed since the beginning of 2023. A new trend is to send high packet rate attacks though. This article introduces the findings of our teams in order to bring new insights regarding this threat.
RoguePuppet – A Critical Puppet Forge Supply Chain Vulnerability
What if there was a supply chain attack that could provide an attacker with direct access to core infrastructure within thousands of companies worldwide. What if that attack required no social engi…
Europol coordinates global action against criminal abuse of Cobalt Strike
Abuse by cybercriminals Cobalt Strike is a popular commercial tool provided by the cybersecurity software company Fortra. It is designed to help legitimate IT security experts perform attack simulations that identify weaknesses in security operations and incident responses. In the wrong hands, however, unlicensed copies of Cobalt Strike can provide a malicious actor with a wide range of attack capabilities.Fortra...
blog.ethereum.org mailing list incident
On 2024-06-23, 00:19 AM UTC, a phishing email was sent out to 35,794 email addresses by updates@blog.ethereum.org with the following content
A Hacker Stole OpenAI Secrets, Raising Fears That China Could, Too
Early last year, a hacker gained access to the internal messaging systems of OpenAI, the maker of ChatGPT, and stole details about the design of the company’s A.I. technologies. The hacker lifted details from discussions in an online forum where employees talked about OpenAI’s latest technologies, according to two people familiar with the incident, but did not get into the systems where the company houses and builds its artificial intelligence.
Sonar
We discovered 4 critical code vulnerabilities in Gogs, a source code hosting solution, which are still unpatched. Read about the details and how to protect yourself.
Caught in the Net: Using Infostealer Logs to Unmask CSAM Consumers
Discover how Recorded Future uses infostealer logs to identify CSAM consumers and trends. Learn key findings and mitigation strategies.
%2Fcdn.vox-cdn.com%2Fuploads%2Fchorus_asset%2Ffile%2F25462005%2FSTK155_OPEN_AI_CVirginia_B.jpg?width=92&height=&ar=&mode=&format=avif&dpr=2)
OpenAI’s ChatGPT Mac app was storing conversations in plain text
OpenAI updated its ChatGPT macOS app on Friday after users discovered it stored conversations insecurely in plain text.