Decrypted: DoNex Ransomware and its Predecessors
Researchers from Avast have discovered a flaw in the cryptographic schema of the DoNex ransomware and its predecessors. In cooperation with law enforcement organizations, we have been silently providing the decryptor to DoNex ransomware victims since March 2024. The cryptographic weakness was made public at Recon 2024 and therefore we have no reason to keep […]
The Rise of Packet Rate Attacks: When Core Routers Turn Evil
A sharp increase of DDoS attacks have been observed since the beginning of 2023. A new trend is to send high packet rate attacks though. This article introduces the findings of our teams in order to bring new insights regarding this threat.
Europol coordinates global action against criminal abuse of Cobalt Strike
Abuse by cybercriminals Cobalt Strike is a popular commercial tool provided by the cybersecurity software company Fortra. It is designed to help legitimate IT security experts perform attack simulations that identify weaknesses in security operations and incident responses. In the wrong hands, however, unlicensed copies of Cobalt Strike can provide a malicious actor with a wide range of attack capabilities.Fortra...
A Hacker Stole OpenAI Secrets, Raising Fears That China Could, Too
Early last year, a hacker gained access to the internal messaging systems of OpenAI, the maker of ChatGPT, and stole details about the design of the company’s A.I. technologies. The hacker lifted details from discussions in an online forum where employees talked about OpenAI’s latest technologies, according to two people familiar with the incident, but did not get into the systems where the company houses and builds its artificial intelligence.
%2Fcdn.vox-cdn.com%2Fuploads%2Fchorus_asset%2Ffile%2F25462005%2FSTK155_OPEN_AI_CVirginia_B.jpg?width=92&height=&ar=&mode=&format=avif&dpr=2)
Europol coordinates global action against criminal abuse of Cobalt Strike | Europol
Abuse by cybercriminals Cobalt Strike is a popular commercial tool provided by the cybersecurity software company Fortra. It is designed to help legitimate IT security experts perform attack simulations that identify weaknesses in security operations and incident responses. In the wrong hands, however, unlicensed copies of Cobalt Strike can provide a malicious actor with a wide range of attack capabilities.Fortra...
CVE-2024-29510 - Exploiting Ghostscript using format strings
A format string vulnerability in Ghostscript ≤ 10.03.0 which enables attackers to gain Remote Code Execution (#RCE) while also bypassing sandbox protections. CVE-2024-29510 has significant impact on web-applications and other services offering document conversion and preview functionalities as these often use Ghostscript under the hood. We recommend verifying whether your solution (indirectly) makes use of Ghostscript and if so, update it to the latest version!
Vulnerabilities in CocoaPods Open the Door to Supply Chain Attacks Against Thousands of iOS and MacOS Applications
- E.V.A Information Security researchers uncovered several vulnerabilities in the CocoaPods dependency manager that allows any malicious actor to claim ownership over thousands of unclaimed pods and insert malicious code into many of the most popular iOS and MacOS applications. These vulnerabilities have since been patched. Such an attack on the mobile app ecosystem could infect almost every Apple device, leaving thousands of organizations vulnerable to catastrophic financial and reputational damage. One of the vulnerabilities could also enable zero day attacks against the most advanced and secure organizations’ infrastructure. Developers and DevOps teams that have used CocoaPods in recent years should verify the integrity of open source dependencies used in their application code. * Dependency managers are an often-overlooked aspect of software supply chain security. Security leaders should explore ways to increase governance and oversight over the use these tools.
TeamViewer: Hackers copied employee directory data and encrypted passwords
TeamViewer says that a recently discovered breach appears to be limited to its internal corporate IT network. The software company has attributed it to a hacking operation associated with Russian intelligence.
Analysis of the Phishing Campaign: Behind the Incident
See the results of our investigation into the phishing campaign encountered by our company and get information to defend against it. Here are some key findings: We found around 72 phishing domains pretending to be real or fake companies. These domains created believable websites that tricked people into sharing their login details. The attack was sophisticated, using advanced techniques like direct human interaction to deceive targets. We analyzed several fake websites and reverse-engineered their web-facing application. At the end of the post, you will find a list of IOCs that can be used for improving your organization’s security.
