May 5, 2024

North Korea hacking teams hack South Korea defence contractors – police

North Korean hacking groups have targeted defense contractors in South Korea, according to police reports. The attackers were identified through an analysis of source IP addresses, signal re-routing structures, and malware signatures. Authorities, in collaboration with national intelligence agencies and private sector experts, traced the hacks back to these groups.The Hacking teams linked to North Korea’s intelligence apparatus and known […]
April 22, 2024

CVE-2024-2961 – glibc Vulnerability Opens Door to PHP Attacks: Patch Immediately

The vulnerability cataloged as CVE-2024-2961, is rated 8.8 on the CVSS scale and exists in the ISO-2022-CN-EXT plugin of glibc’s icon library. This critical flaw occurs during the character set conversion process from UCS4, where specific escape characters are needed to indicate changes in the character set to the library. However, due to insufficient boundary checks on internal buffers, an […]
April 18, 2024

Cyberattack Takes Frontier Communications Offline

Texas-based Frontier Communications, a provider of local residential and business telecom services in 25 states, experienced a cyberattack. The breach allowed an unauthorized third party to access portions of its information technology environment, resulting in the theft of personally identifiable information (PII). As part of its containment measures, Frontier took certain systems offline, which led to an operational disruption that […]
April 15, 2024

EPA critical infrastructure contacts stolen, attackers claim

JSOutProx malware targets financial customers by delivering fake SWIFT payment notifications to businesses and fake MoneyGram templates to civilians.Currently, the threat group is targeting financial organizations in the Philippines, Laos, Singapore, Malaysia, India, and Saudi Arabia, which researchers believe is linked to China.
April 11, 2024

Threat Actors Are Actively Using Pupy RAT Malware to Attack Linux Systems

A number of cyberattacks have been observed targeting Linux systems in Asian campaigns through the use of the Pupy Remote Access Trojan (RAT). The Pupy RAT’s intricate capabilities, including remote command execution, information theft, keylogging, and its ability to evade detection, make it a valuable tool for cybercriminals seeking to compromise and infiltrate systems in Asia region. In order to […]
March 14, 2024

AndroxGh0st Malware Targets Laravel Apps to Steal Cloud Credentials

AndroxGh0st is a Python-based malware designed to target Laravel applications. It scans and extracts critical information from .env files, revealing login details for AWS and Twilio. As an SMTP cracker, it exploits SMTP using various strategies, including credential exploitation, web shell deployment, and vulnerability scanning. The ability of the program to generate AWS suggests the possibility of brute force attacks. […]
March 14, 2024

DarkGate Malware Leveraged Newly Patched Microsoft Vulnerability in Zero-Day Exploit

An underground campaign called Dark Gate was discovered by the Zero Day Initiative (ZDI) in mid-January 2024 that exploited CVE-2024-21412 by using fake software installers. As part of this campaign, users were lured by PDFs that contained Google DoubleClick Digital Marketing (DDM) open redirects, causing them to navigate to compromised websites that contained the malicious Microsoft Windows SmartScreen bypass CVE-2024-21412 […]
March 13, 2024

Researchers Uncover Kubernetes Flaw allowing Full Control of Windows Nodes

There is a vulnerability that allows remote code execution with SYSTEM privileges on all Windows machines within a Kubernetes cluster. Tracked as CVE-2023-5528 (CVSS score: 7.2), the shortcoming affects all versions of Kubelet, both prior to and after version 1.8.0. A successful exploit of the vulnerability could result in the complete takeover of all Windows nodes in a cluster, and it […]
March 5, 2024

New WogRAT malware abuses online notepad service to store malware

A new malware dubbed ‘WogRAT’ targets both Windows and Linux in attacks abusing an online notepad platform named ‘aNotepad’ as a covert channel for storing and retrieving malicious code. aNotepad isn’t blocklisted or treated suspiciously by security tools, which helps make the infection chain stealthier. When the malware is first executed on the victim’s machine, it is unlikely to be […]
Prev page
123456789101112131415161718192021222324252627282930313233343536373839404142
Next page

Collaboration can mitigate the effects of Ransomware Attacks

Archives
Categories
Privacy Policy
RSS NCSC Threat Reports Feed

© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.