Found 133 bookmarks
Custom sorting
Cache Me If You Can: Local Privilege Escalation in Zscaler Client Connector (CVE-2023-41973)
Cache Me If You Can: Local Privilege Escalation in Zscaler Client Connector (CVE-2023-41973)
A couple months ago, my colleague Winston Ho and I chained a series of unfortunate bugs into a zero-interaction local privilege escalation in Zscaler Client Connector. This was an interesting journey into Windows RPC caller validation and bypassing several checks, including Authenticode verification. Check out the original Medium blogpost for Winston’s own ZSATrayManager Arbitrary File Deletion (CVE-2023-41969)!
#spaceraccoon#EN#204#report#vulnerability#Zscaler#Client#Connector#CVE-2023-41973
·spaceraccoon.dev·
Cache Me If You Can: Local Privilege Escalation in Zscaler Client Connector (CVE-2023-41973)
APT trends report Q1 2024
APT trends report Q1 2024
For more than six years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research. They provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They are designed to highlight the significant events and findings that we feel people should be aware of.
#securelist#Kaspersky#EN#2024#report#APT#Gelsemium#Careto
·securelist.com·
APT trends report Q1 2024
From IcedID to Dagon Locker Ransomware in 29 Days
From IcedID to Dagon Locker Ransomware in 29 Days
  • In late August 2023, we observed an intrusion that started with a phishing campaign using PrometheusTDS to distribute IcedID. IcedID dropped and executed a Cobalt Strike beacon, which was then used through-out the intrusion. The threat actor leveraged a bespoke PowerShell tool known as AWScollector to facilitate a range of malicious activities including discovery, lateral movement, data exfiltration, and ransomware deployment. Group Policy was used to distribute Cobalt Strike beacons at login to a specific privileged user group. The threat actor utilized a suite of tools to support their activities, deploying Rclone, Netscan, Nbtscan, AnyDesk, Seatbelt, Sharefinder, and AdFind. * This case had a TTR (time to ransomware) of 29 days.
#thedfirreport#EN#2024#PrometheusTDS#TTR#IcedID#report
·thedfirreport.com·
From IcedID to Dagon Locker Ransomware in 29 Days
The Fall of LabHost: Law Enforcement Shuts Down Phishing Service Provider | Trend Micro (US)
The Fall of LabHost: Law Enforcement Shuts Down Phishing Service Provider | Trend Micro (US)
On Thursday, April 18, 2024, the UK’s Metropolitan Police Service, along with fellow UK and international law enforcement, as well as several trusted private industry partners, conducted an operation that succeeded in taking down the Phishing-as-a-Service (PhaaS) provider LabHost. This move was also timed to coincide with a number of key arrests related to this operation. In this entry, we will briefly explain what LabHost was, how it affected its victims, and the impact of this law enforcement operation — including the assistance provided by Trend Micro.
#trendmicro#EN#2024#cybercrime#report#LabHost#takedown#PhaaS#Phishing-as-a-Service
·trendmicro.com·
The Fall of LabHost: Law Enforcement Shuts Down Phishing Service Provider | Trend Micro (US)
Largest European DDoS Attack on Record
Largest European DDoS Attack on Record
The risk of distributed denial-of-service attacks (DDoS) has never been greater. Over the past several years, organizations have encountered a deluge of DDoS extortion, novel threats, state-sponsored hacktivism, and unprecedented innovation in the threat landscape.
#Akamai#DDoS#EN#2022#report#record#Europe
·akamai.com·
Largest European DDoS Attack on Record
Defending Ukraine: Early Lessons from the Cyber War
Defending Ukraine: Early Lessons from the Cyber War
This report represents research conducted by Microsoft’s threat intelligence and data science teams with the goal of sharpening our understanding of the threat landscape in the ongoing war in Ukraine. The report also offers a series of lessons and conclusions resulting from the data gathered and analyzed. Notably, the report reveals new information about Russian efforts including an increase in network penetration and espionage activities amongst allied governments, non-profits and other organizations outside Ukraine. This report also unveils detail about sophisticated and widespread Russian foreign influence operations being used among other things, to undermine Western unity and bolster their war efforts. We are seeing these foreign influence operations enacted in force in a coordinated fashion along with the full range of cyber destructive and espionage campaigns. Finally, the report calls for a coordinated and comprehensive strategy to strengthen collective defenses – a task that will require the private sector, public sector, nonprofits and civil society to come together. The foreword of this new report, written by Microsoft President and Vice Chair Brad Smith, offers additional detail below.
#microsoft#EN#2022#cyberwar#Russia-Ukraine-war#espionage#report#influence#operations#cyberoperations
·blogs.microsoft.com·
Defending Ukraine: Early Lessons from the Cyber War
Aquarium Leaks. Inside the GRU’s Psychological Warfare Program
Aquarium Leaks. Inside the GRU’s Psychological Warfare Program
In this exclusive and groundbreaking report, Free Russia Foundation has translated and published five documents from the GRU, Russia’s military intelligence agency. The documents, obtained and analyzed by Free Russia Foundation’s Director of Special Investigations Michael Weiss, details the...
#4freerussia#EN#2022#GRU#Leak#report#Warfare#Aquarium#Program
·4freerussia.org·
Aquarium Leaks. Inside the GRU’s Psychological Warfare Program
State of WordPress Security In 2024
State of WordPress Security In 2024
This year, we’ve partnered with Sucuri. With both of our data combined, we can cover the entire timeline of security incidents from the vulnerability being found to the point where malware infection gets detected on a vulnerable website. 2023 was another record year of new vulnerabilities being discovered and fixed in the WordPress ecosystem. In 2023, we added 5,948 new vulnerabilities to the Patchstack vulnerability database. That’s 24% more than in 2022.
#patchstack#EN#WordPress#report
·patchstack.com·
State of WordPress Security In 2024
Largest European DDoS Attack on Record
Largest European DDoS Attack on Record
The risk of distributed denial-of-service attacks (DDoS) has never been greater. Over the past several years, organizations have encountered a deluge of DDoS extortion, novel threats, state-sponsored hacktivism, and unprecedented innovation in the threat landscape.
#Akamai#DDoS#EN#2022#report#record#Europe
·akamai.com·
Largest European DDoS Attack on Record
Defending Ukraine: Early Lessons from the Cyber War
Defending Ukraine: Early Lessons from the Cyber War
This report represents research conducted by Microsoft’s threat intelligence and data science teams with the goal of sharpening our understanding of the threat landscape in the ongoing war in Ukraine. The report also offers a series of lessons and conclusions resulting from the data gathered and analyzed. Notably, the report reveals new information about Russian efforts including an increase in network penetration and espionage activities amongst allied governments, non-profits and other organizations outside Ukraine. This report also unveils detail about sophisticated and widespread Russian foreign influence operations being used among other things, to undermine Western unity and bolster their war efforts. We are seeing these foreign influence operations enacted in force in a coordinated fashion along with the full range of cyber destructive and espionage campaigns. Finally, the report calls for a coordinated and comprehensive strategy to strengthen collective defenses – a task that will require the private sector, public sector, nonprofits and civil society to come together. The foreword of this new report, written by Microsoft President and Vice Chair Brad Smith, offers additional detail below.
#microsoft#EN#2022#cyberwar#Russia-Ukraine-war#espionage#report#influence#operations#cyberoperations
·blogs.microsoft.com·
Defending Ukraine: Early Lessons from the Cyber War
Aquarium Leaks. Inside the GRU’s Psychological Warfare Program
Aquarium Leaks. Inside the GRU’s Psychological Warfare Program
In this exclusive and groundbreaking report, Free Russia Foundation has translated and published five documents from the GRU, Russia’s military intelligence agency. The documents, obtained and analyzed by Free Russia Foundation’s Director of Special Investigations Michael Weiss, details the...
#4freerussia#EN#2022#GRU#Leak#report#Warfare#Aquarium#Program
·4freerussia.org·
Aquarium Leaks. Inside the GRU’s Psychological Warfare Program
Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks | Trend Micro (US)
Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks | Trend Micro (US)
Since early 2022, we have been monitoring an APT campaign that targets several government entities worldwide, with a strong focus in Southeast Asia, but also seen targeting Europe, America, and Africa.
#trendmicro#EN#2024#targeted-attacks#research#report#Earth-Krahang#i-soon
·trendmicro.com·
Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks | Trend Micro (US)
Largest European DDoS Attack on Record
Largest European DDoS Attack on Record
The risk of distributed denial-of-service attacks (DDoS) has never been greater. Over the past several years, organizations have encountered a deluge of DDoS extortion, novel threats, state-sponsored hacktivism, and unprecedented innovation in the threat landscape.
#Akamai#DDoS#EN#2022#report#record#Europe
·akamai.com·
Largest European DDoS Attack on Record
Defending Ukraine: Early Lessons from the Cyber War
Defending Ukraine: Early Lessons from the Cyber War
This report represents research conducted by Microsoft’s threat intelligence and data science teams with the goal of sharpening our understanding of the threat landscape in the ongoing war in Ukraine. The report also offers a series of lessons and conclusions resulting from the data gathered and analyzed. Notably, the report reveals new information about Russian efforts including an increase in network penetration and espionage activities amongst allied governments, non-profits and other organizations outside Ukraine. This report also unveils detail about sophisticated and widespread Russian foreign influence operations being used among other things, to undermine Western unity and bolster their war efforts. We are seeing these foreign influence operations enacted in force in a coordinated fashion along with the full range of cyber destructive and espionage campaigns. Finally, the report calls for a coordinated and comprehensive strategy to strengthen collective defenses – a task that will require the private sector, public sector, nonprofits and civil society to come together. The foreword of this new report, written by Microsoft President and Vice Chair Brad Smith, offers additional detail below.
#microsoft#EN#2022#cyberwar#Russia-Ukraine-war#espionage#report#influence#operations#cyberoperations
·blogs.microsoft.com·
Defending Ukraine: Early Lessons from the Cyber War
Aquarium Leaks. Inside the GRU’s Psychological Warfare Program
Aquarium Leaks. Inside the GRU’s Psychological Warfare Program
In this exclusive and groundbreaking report, Free Russia Foundation has translated and published five documents from the GRU, Russia’s military intelligence agency. The documents, obtained and analyzed by Free Russia Foundation’s Director of Special Investigations Michael Weiss, details the...
#4freerussia#EN#2022#GRU#Leak#report#Warfare#Aquarium#Program
·4freerussia.org·
Aquarium Leaks. Inside the GRU’s Psychological Warfare Program
CVE-2024-21412: Water Hydra Targets Traders with Microsoft Defender SmartScreen Zero-Day
CVE-2024-21412: Water Hydra Targets Traders with Microsoft Defender SmartScreen Zero-Day
The APT group Water Hydra has been exploiting the Microsoft Defender SmartScreen vulnerability CVE-2024-21412 in its campaigns targeting financial market traders. This vulnerability, which has now been patched by Microsoft, was discovered and disclosed by the Trend Micro Zero Day Initiative.
#trendmicro#EN#2024#CVE-2024-21412#Water-Hydra#exploits-&-vulnerabilities#research#report#apt-&-targeted-attacks
·trendmicro.com·
CVE-2024-21412: Water Hydra Targets Traders with Microsoft Defender SmartScreen Zero-Day
KV-Botnet: Don’t call it a Comeback - Lumen
KV-Botnet: Don’t call it a Comeback - Lumen
Executive Summary On December 13, 2023, Lumen’s Black Lotus Labs reported our findings on the KV-botnet, a covert data transfer network used by state-sponsored actors based in China to conduct espionage and intelligence activities targeting U.S. critical infrastructure. Around the time of the first publication, we identified a spike in activity that we assess aligns
#lumen#EN#2024#KV-Botnet#China#espionnage#report
·blog.lumen.com·
KV-Botnet: Don’t call it a Comeback - Lumen
Ransomware Hit $1 Billion in 2023
Ransomware Hit $1 Billion in 2023
In 2023, ransomware actors intensified their operations, targeting high-profile institutions and critical infrastructure, including hospitals, schools, and government agencies. Major ransomware supply chain attacks were carried out exploiting the ubiquitous file transfer software MOVEit, impacting companies ranging from the BBC to British Airways. As a result of these attacks and others, ransomware gangs reached an unprecedented milestone, surpassing $1 billion in extorted cryptocurrency payments from victims. Last year’s developments highlight the evolving nature of this cyber threat and its increasing impact on global institutions and security at large.
#chainalysis#En#2024#Ransomware#Statistics#2023#report
·chainalysis.com·
Ransomware Hit $1 Billion in 2023