April 11, 2024

Threat Actors Are Actively Using Pupy RAT Malware to Attack Linux Systems

A number of cyberattacks have been observed targeting Linux systems in Asian campaigns through the use of the Pupy Remote Access Trojan (RAT). The Pupy RAT’s intricate capabilities, including remote command execution, information theft, keylogging, and its ability to evade detection, make it a valuable tool for cybercriminals seeking to compromise and infiltrate systems in Asia region. In order to […]
March 14, 2024

AndroxGh0st Malware Targets Laravel Apps to Steal Cloud Credentials

AndroxGh0st is a Python-based malware designed to target Laravel applications. It scans and extracts critical information from .env files, revealing login details for AWS and Twilio. As an SMTP cracker, it exploits SMTP using various strategies, including credential exploitation, web shell deployment, and vulnerability scanning. The ability of the program to generate AWS suggests the possibility of brute force attacks. […]
March 14, 2024

DarkGate Malware Leveraged Newly Patched Microsoft Vulnerability in Zero-Day Exploit

An underground campaign called Dark Gate was discovered by the Zero Day Initiative (ZDI) in mid-January 2024 that exploited CVE-2024-21412 by using fake software installers. As part of this campaign, users were lured by PDFs that contained Google DoubleClick Digital Marketing (DDM) open redirects, causing them to navigate to compromised websites that contained the malicious Microsoft Windows SmartScreen bypass CVE-2024-21412 […]
March 13, 2024

Researchers Uncover Kubernetes Flaw allowing Full Control of Windows Nodes

There is a vulnerability that allows remote code execution with SYSTEM privileges on all Windows machines within a Kubernetes cluster. Tracked as CVE-2023-5528 (CVSS score: 7.2), the shortcoming affects all versions of Kubelet, both prior to and after version 1.8.0. A successful exploit of the vulnerability could result in the complete takeover of all Windows nodes in a cluster, and it […]
March 5, 2024

New WogRAT malware abuses online notepad service to store malware

A new malware dubbed ‘WogRAT’ targets both Windows and Linux in attacks abusing an online notepad platform named ‘aNotepad’ as a covert channel for storing and retrieving malicious code. aNotepad isn’t blocklisted or treated suspiciously by security tools, which helps make the infection chain stealthier. When the malware is first executed on the victim’s machine, it is unlikely to be […]
March 4, 2024

NTLM authentication hashes are stolen during phishing attacks by hackers

As a result of a recent shift in tactics, the hacking group known as TA577 has employed phishing emails to steal the authentication hashes of NT LAN Manager (NTLM) accounts in order to use them for account hijackings. The NTLM hash is a key component of Windows authentication and session security and can be used for offline password cracking to […]
February 29, 2024

Suspected Iranian Threat Actor UNC1549 Targets Israeli and Middle East Aerospace and Defense Sectors

Suspected Iran-nexus espionage activity targeting the aerospace, aviation and defense industries in Middle East countries, including Israel and the United Arab Emirates (UAE) and potentially Turkey, India, and Albania. Mandiant attributes this activity with moderate confidence to the Iranian actor UNC1549, which overlaps with Tortoiseshell—a threat actor that has been publicly linked to Iran’s Islamic Revolutionary Guard Corps (IRGC). Tortoiseshell […]
February 29, 2024

CISA: Admin Credentials of a Former Employee Leveraged to Compromise a State Government Organization

Cybersecurity and Infrastructure Security Agency (CISA) and Multi-State Information Sharing & Analysis Center (MS-ISAC) conducted an incident response assessment of a state government organization’s network environment after documents with host and user information, including metadata, were posted on a dark web brokerage site. An analysis confirmed that an unknown threat actor compromised network administrator credentials through the account of a […]
February 29, 2024

A North Korean-linked APT group exploited a zero-day vulnerability in the Windows AppLocker driver (appid.sys) to gain kernel-level access to a target system

An APT group linked to North Korea is exploiting a zero-day vulnerability in the appid.sys AppLocker driver using an admin-to-kernel exploit. A zero-day exploit, identified as CVE-2024-21338, was addressed by Microsoft in February. The flaw CVE-2024-21338 resides within the IOCTL (Input and Output Control) dispatcher of the driver appid.sys. In the AppLocker application, this driver controls which apps and files […]
12345678910111213141516171819202122232425262728293031323334
Next page

Collaboration can mitigate the effects of Ransomware Attacks

Archives
Categories
Privacy Policy
RSS NCSC Threat Reports Feed

© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.