May 12, 2024

IntelBroker Hacker Claims Breach of Top Cybersecurity Firm, Selling Access

The notorious and somewhat high-profile hacker going by the pseudonym “IntelBroker” has claimed to have successfully breached one of the largest cybersecurity companies in the world.The hacker, believed to be from Serbia, has a reputation for targeting major organizations across industries like government, telecommunications, automotive, and tech. Known as the operator of the Endurance ransomware, IntelBroker has taken credit for […]
May 5, 2024

North Korea hacking teams hack South Korea defence contractors – police

North Korean hacking groups have targeted defense contractors in South Korea, according to police reports. The attackers were identified through an analysis of source IP addresses, signal re-routing structures, and malware signatures. Authorities, in collaboration with national intelligence agencies and private sector experts, traced the hacks back to these groups.The Hacking teams linked to North Korea’s intelligence apparatus and known […]
April 11, 2024

Threat Actors Are Actively Using Pupy RAT Malware to Attack Linux Systems

A number of cyberattacks have been observed targeting Linux systems in Asian campaigns through the use of the Pupy Remote Access Trojan (RAT). The Pupy RAT’s intricate capabilities, including remote command execution, information theft, keylogging, and its ability to evade detection, make it a valuable tool for cybercriminals seeking to compromise and infiltrate systems in Asia region. In order to […]
March 14, 2024

AndroxGh0st Malware Targets Laravel Apps to Steal Cloud Credentials

AndroxGh0st is a Python-based malware designed to target Laravel applications. It scans and extracts critical information from .env files, revealing login details for AWS and Twilio. As an SMTP cracker, it exploits SMTP using various strategies, including credential exploitation, web shell deployment, and vulnerability scanning. The ability of the program to generate AWS suggests the possibility of brute force attacks. […]
March 14, 2024

DarkGate Malware Leveraged Newly Patched Microsoft Vulnerability in Zero-Day Exploit

An underground campaign called Dark Gate was discovered by the Zero Day Initiative (ZDI) in mid-January 2024 that exploited CVE-2024-21412 by using fake software installers. As part of this campaign, users were lured by PDFs that contained Google DoubleClick Digital Marketing (DDM) open redirects, causing them to navigate to compromised websites that contained the malicious Microsoft Windows SmartScreen bypass CVE-2024-21412 […]
March 13, 2024

Researchers Uncover Kubernetes Flaw allowing Full Control of Windows Nodes

There is a vulnerability that allows remote code execution with SYSTEM privileges on all Windows machines within a Kubernetes cluster. Tracked as CVE-2023-5528 (CVSS score: 7.2), the shortcoming affects all versions of Kubelet, both prior to and after version 1.8.0. A successful exploit of the vulnerability could result in the complete takeover of all Windows nodes in a cluster, and it […]
March 5, 2024

New WogRAT malware abuses online notepad service to store malware

A new malware dubbed ‘WogRAT’ targets both Windows and Linux in attacks abusing an online notepad platform named ‘aNotepad’ as a covert channel for storing and retrieving malicious code. aNotepad isn’t blocklisted or treated suspiciously by security tools, which helps make the infection chain stealthier. When the malware is first executed on the victim’s machine, it is unlikely to be […]
February 29, 2024

A North Korean-linked APT group exploited a zero-day vulnerability in the Windows AppLocker driver (appid.sys) to gain kernel-level access to a target system

An APT group linked to North Korea is exploiting a zero-day vulnerability in the appid.sys AppLocker driver using an admin-to-kernel exploit. A zero-day exploit, identified as CVE-2024-21338, was addressed by Microsoft in February. The flaw CVE-2024-21338 resides within the IOCTL (Input and Output Control) dispatcher of the driver appid.sys. In the AppLocker application, this driver controls which apps and files […]
February 29, 2024

Black Basta ransomware attacks ZircoDATA company

ZircoDATA is the leading provider of secure document storage and records management (RIM) solutions from information governance and digital conversion to storage, language services and secure shredding since 1995.ZircoDATA has been attacked by the Black Basta Group, claiming 395 GB of data, including financial documents, personal user folders, and confidentiality agreements. There are at least 46 passport scans and 12 […]
Prev page
1234567891011121314151617181920212223242526272829303132
Next page

Collaboration can mitigate the effects of Ransomware Attacks

Archives
Categories
Privacy Policy
RSS NCSC Threat Reports Feed

© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.