Stealthy Fileless Attack Targets Attendees of Upcoming US-Taiwan Defense Industry Event
Cyble Blog
by rohansinhacyblecom
3h ago
Key Takeaways Cyble Research and Intelligence Labs (CRIL) identified a campaign targeting individuals connected to the upcoming US-Taiwan Defense Industry Conference, as indicated by the lure document uncovered during the investigation. The campaign involves a ZIP archive containing an LNK file that mimics a legitimate PDF registration form for deception. When the LNK file is opened, it executes commands to drop a lure PDF and an executable in the startup folder, establishing persistence. Upon system reboot, the executable downloads additional content and executes it directly in memory, effe ..read more
Visit website
Major ICS Security Flaws Disclosed in LOYTEC, Hughes, and Baxter Products
Cyble Blog
by dakshsharma16
2d ago
Key Takeaways Three major advisories from CISA address 17 vulnerabilities across products from LOYTEC Electronics GmbH, Hughes Network Systems, and Baxter. Multiple products are affected by vulnerabilities allowing for the cleartext transmission of sensitive data, such as passwords, which could be exploited through Man-in-the-Middle (MitM) attacks. Despite being reported in 2021, these vulnerabilities are now publicly disclosed due to the vendor's lack of response. With 629 internet-exposed instances, primarily in Italy and France, the likelihood of exploitation is high. Proof of Concepts (P ..read more
Visit website
The Re-Emergence of CVE-2024-32113: How CVE-2024-45195 has amplified Exploitation Risks
Cyble Blog
by rohansinhacyblecom
3d ago
Overview On September 7, 2024, Cyble Global Sensor Intelligence (CGSI) identified the active exploitation of CVE-2024-32113, a critical path traversal vulnerability in the Apache OFBiz open-source enterprise resource planning (ERP) system. This flaw was initially addressed on April 12, 2024, with a formal patch released on May 8, 2024. CVE-2024-32113 allows Threat Actors (TAs) to execute arbitrary commands by sending specially crafted requests, enabling them to gain unauthorized access and execute arbitrary commands. On September 4, 2024, the identification of CVE-2024-45195 reignited concern ..read more
Visit website
CISA Adds Three Critical Vulnerabilities to Known Exploited Vulnerabilities Catalog
Cyble Blog
by dakshsharma16
3d ago
Key Takeaways CISA has updated its Known Exploited Vulnerabilities (KEV) Catalog with three critical vulnerabilities: CVE-2016-3714, CVE-2017-1000253, and CVE-2024-40766. These vulnerabilities are being actively exploited by cybercriminals, posing significant risks to both federal and private sector organizations. CISA urges all organizations to prioritize the remediation of these vulnerabilities to strengthen their cybersecurity defenses. Organizations should update software with the latest patches, implement multi-factor authentication (MFA), and continuously monitor for unusual activities ..read more
Visit website
Weekly IT Vulnerability Report for August 28, 2024 – September 03, 2024
Cyble Blog
by dakshsharma16
3d ago
Key Takeaways: CISA incorporated four vulnerabilities (CVE-2021-20123, CVE-2021-20124, CVE-2024-7262, and CVE-2024-7965) into its Known Exploited Vulnerability (KEV) catalog based on evidence of active exploitation. The Cyble team analyzed critical and high-severity CVEs including those impacting networking products CVE-2024-7261 and CVE-2024-44341 and Dell's PowerProtect tool CVE-2024-37136, which could lead to remote code execution and information exposure. CRIL detected multiple instances of vulnerability discussions and proof-of-concept sharing in underground forums and channels, includi ..read more
Visit website
Reputation Hijacking with JamPlus: A Maneuver to Bypass Smart App Control (SAC)
Cyble Blog
by rohansinhacyblecom
4d ago
Key takeaways Cyble Research and Intelligence Labs (CRIL) has detected a phishing site masquerading as a CapCut download page. The site aims to trick users into downloading malicious software. Threat actors (TAs) have leveraged a reputation-hijacking technique by embedding a legitimate CapCut-signed application within the malicious downloaded package, exploiting the trustworthiness of well-known apps to bypass security systems. This campaign utilizes a recently demonstrated proof-of-concept (PoC) that repurposes the JamPlus build utility to execute malicious scripts while evading detection ..read more
Visit website
The Rise of Head Mare: A Geopolitical and Cybersecurity Analysis 
Cyble Blog
by Cyble
1w ago
Key takeaways  The Head Mare hacktivist group targets Russian and Belarusian organizations, linking their cyberattacks to geopolitical tensions with Ukraine.  Head Mare's attacks on Russia and Belarus are strategic, aiming to influence political and economic stability in these countries and support its own objectives.  The group uses sophisticated phishing and ransomware attacks, exploiting vulnerabilities like CVE-2023-38831 in WinRAR and ransomware strains like LockBit and Babuk.  Head Mare’s cyber operations align with the Russo-Ukrainian conflict, applying pressure on ..read more
Visit website
Iranian State-Sponsored Hackers Have Become Access Brokers for Ransomware Gangs
Cyble Blog
by dakshsharma16
1w ago
Iranian state-backed actors operating under aliases like "Pioneer Kitten" are increasingly targeting critical infrastructure – and expanding their activities into brokering access for ransomware affiliates. Key Takeaways A group of Iranian state-sponsored hackers has evolved into access brokers for ransomware gangs, targeting critical U.S. and allies’ sectors like education, finance, healthcare, and defense. The FBI, CISA, and DC3 have issued a joint advisory highlighting the dual nature of these threat actors' activities, which include both monetizing network access and conducting espionage ..read more
Visit website
The Intricate Babylon RAT Campaign Targets Malaysian Politicians, Government
Cyble Blog
by Cyble
1w ago
Key takeaways  Cyble Research and Intelligence Lab (CRIL) has identified a highly targeted cyber-attack aimed at political figures and government officials, in Malaysia.   The attack showcases the advanced tactics employed by Threat Actor (TA) in targeting high-profile individuals and institutions.  The campaign active since July, has employed at least three distinct malicious ISO files specifically designed to compromise Malaysian entities.  The malicious ISO files contain multiple components, including a shortcut (LNK) file, a hidden PowerShell script, a malicious ..read more
Visit website
FudModule Rootkit Targets Crypto, Linked to North Korean Citrine Sleet Group
Cyble Blog
by Cyble
1w ago
Key Takeaways  A North Korean threat actor, Citrine Sleet, has been observed exploiting a zero-day vulnerability in Chromium, designated as CVE-2024-7971, to achieve Remote Code Execution (RCE).  Citrine Sleet, also tracked by other security firms under the names AppleJeus, Labyrinth Chollima, UNC4736, and Hidden Cobra, is attributed to Bureau 121 of North Korea's Reconnaissance General Bureau. The group primarily focuses on financial institutions, especially those involved with cryptocurrency, aiming for financial gain.  The group's tactics, techniques, and procedures (TT ..read more
Visit website

Follow Cyble Blog on FeedSpot

Continue with Google
Continue with Apple
OR