An organization in the DIB sector was compromised by state-funded hackers using a custom malware program, CovalentStealer, and the Impacket framework. It took approximately ten months for the compromise to be resolved. There is a good chance that the o…
Category: Exploits
Exploits, Global Security News
WireShark 4.0.0 Released – What’s New!!
by BALAJI N •
There are several open-source packet analyzers available, but Wireshark is among the most popular. Moreover, the application has been upgraded to version 4.0.0 and comes with multiple new features and fixes. It is not only network administrators who us…
Exploits, Security Bloggers, Security Vendor News
Container Escape: All You Need is Cap (Capabilities)
by Cybereason Team •
Until a few years ago, most cyberattacks focused mainly around the endpoint. However, new technologies like IoT devices, mobile, and cloud have transformed the entire tech industry – and the way attacks are carried out
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Wednesday, October 5th, 2022
by Dr. Johannes B. Ullrich •
Credential Harvesting with Telegram
https://isc.sans.edu/forums/diary/Credential%20Harvesting%20with%20Telegram%20API/29112/
Updated Microsoft Exchange Fix
https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabili…
Exploits, Global Security News
RansomEXX Gang Hacked Ferrari – Over 7GB of Internal Documents Stolen
by GURUBARAN S •
An Italian luxury sports car manufacturer, Ferrari was hit by ransomware. The RansomEXX gang claims to have hacked Ferrari, more than 7 GB of data, including internal documents, datasheets, and repair manuals have been stolen. The car manufacturer says…
Exploits, Global Security News
Comm100 Live Chat App Hijacked in Supply Chain Attack to Deliver Malware
by BALAJI N •
As part of a new supply-chain attack being carried out against the Comm100 Live Chat application, the official installer for the application was trojanized. Comm100 Live Chat application is a popular Canadian SaaS application that is used extensively b…
Exploits, Global Security News
BlackCat Ransomware Gang Claims to Have Hacked US Department of Defense Contractor
by BALAJI N •
NJVC has been added to the victim list of the BlackCat (ALPHV) ransomware gang. NJVC provides IT support to the US government’s intelligence and defense organizations. With annual revenue of over $290 million, the company NJVC has a very impressive rec…
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Tuesday, October 4th, 2022
by Dr. Johannes B. Ullrich •
Microsoft Exchange Vulnerability Fix Bypassed
https://twitter.com/testanull/status/1576774007826718720
Schneider Electric UMAS Patch Bypass
https://securelist.com/the-secrets-of-schneider-electrics-umas-protocol/107435/
Supply Chain Attack via Trojan…
Exploits, Security Bloggers, Security Vendor News, Vulnerabilities
THREAT ALERT: ProxyNotShell – Two Critical Vulnerabilities Affecting MS Exchange
by Cybereason Global SOC Team •
The Cybereason GSOC Managed Detection and Response (MDR) Team is investigating incidents that involve exploitation of the critical Microsoft Exchange vulnerabilities – CVE-2022–41040 and CVE-2022–41082, also known as ProxyNotShell. …
Exploits, Global Security News
Hackers Target Job Seekers Using Malicious Microsoft Word Document
by GURUBARAN S •
Researchers at Cisco Talos revealed a malicious campaign that deploys Cobalt Strike beacons on compromised hosts. The attack involves a multistage and modular infection chain with fileless, malicious scripts. This attack is a email with a malicious Mic…
Exploits, Global Security News
State-Sponsored Hackers Used MS Exchange 0-Day Bugs to Attack At least 10 Orgs
by BALAJI N •
In August 2022, hackers launched a limited wave of attacks that targeted at least 10 organizations around the world. There are two newly disclosed zero-day vulnerabilities being exploited by the hackers in these attacks in order to gain access to and …
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Monday, October 3rd, 2022
by Dr. Johannes B. Ullrich •
Microsoft Exchange 0-Day Update
https://isc.sans.edu/forums/diary/Exchange+Server+0Day+Actively+Exploited/29106
https://microsoft.github.io/CSS-Exchange/Security/EOMTv2/
CISA Adds Atlasian Bitbucket Vulnerability to Exploited List
https://www.cisa.g…
Exploits, Global Security News
Top 10 Best Malware Removal Tool 2022
by Priya James •
Malware removal tool helps to remove the dangerous malware from your personal computer to protect from hackers and prevent future attacks. Today the most essential thing is to have security on your PC or laptop, as you never know when the cybercriminal…
Exploits, Global Security News
Chinese APT Hacker Group Using Old Windows Logo to Hide a Backdoor Malware
by BALAJI N •
In a recent discovery made by Symantec’s security researchers, the Witchetty group has been found to be launching a malicious campaign that hides a backdoor behind the Windows logo using steganography. Several countries in the Middle East and the…
Exploits, Global Security News
How Does World’s Highly Secured Google Network Works?
by Priya James •
Google always Maintains an Extremely strong Cyber Security Culture for Data Security, Network Security, Cloud Security, and Physical security. Google’s this extreme level of security protection begins from hiring the employee until the biggest se…
Exploits, Global Security News
New Microsoft Exchange Zero-Day RCE Bug Actively Exploited by Hackers
by BALAJI N •
New zero-day bugs existing in Microsoft Exchange that are not disclosed yet publicly are being exploited by the threat actors in order to perform remote code execution on affected systems. These attacks are first spotted by security experts at Vietname…
Exploits, Global Security News
Parrot Security OS 5.1 Release – What’s New!!
by GURUBARAN S •
It has been officially announced that Parrot OS 5.1 has been released, and Parrot OS 5.1 is now available for download as well. A lot of advancements and updates have been made to this new version to increase the efficiency and security of the distribu…
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Friday, September 30th, 2022
by Dr. Johannes B. Ullrich •
PNG Analysis with pngdump.py
https://isc.sans.edu/forums/diary/PNG%20Analysis/29100/
Possible Exchange Server 0-Day Vulnerability
https://www.gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-serv…
Exploits, Global Security News
Beware!! New Go-based Malware Attack Windows & Linux Systems For DDoS
by BALAJI N •
The cybersecurity researchers at Lumen’s Black Lotus Labs asserted that in order to mine crypto-currencies and launch DDoS attacks, hackers are deploying an existing botnet called Chaos, which is rapidly expanding, to target and infect Windows an…
Exploits, Global Security News
Chrome 106 Released – Google Fixed 20 Security Bugs – Update Now!
by BALAJI N •
The Chrome web browser was recently updated to a new stable version released by Google. Google Chrome’s updated version Chrome 106 offers a number of brand-new features and improvements, and it also includes a number of security updates. The new …
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Thursday, September 29th, 2022
by Dr. Johannes B. Ullrich •
10 Years Later: Attacker re-discovering old VTiger CRM Vulnerability
https://isc.sans.edu/forums/diary/10+Years+Later+Attacker+rediscovering+old+VTiger+CRM+Vulnerability/29098
IRS Reports Significant Increase in Texting Scams
https://www.irs.gov/news…
Exploits, Global Security News
Russia Plan a Massive Cyber Attack on Ukraine’s Infrastructure
by BALAJI N •
There has been a warning recently issued by the Ukrainian military intelligence service about massive cyberattacks from Russia. As part of its plan to target the critical infrastructure of Ukraine and its allies, Russia plans to conduct massive cyberat…
Exploits, Global Security News
Hackers Deliver Erbium Password-Stealing Malware Through Fake Cracks and Cheats
by GURUBARAN S •
Several popular video games are now being infected with the brand new Erbium malware, which steals personal and sensitive information. The spread of this malware is happening because hackers are disguised as cracks and cheats for popular video ga…
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Wednesday, September 28th, 2022
by Dr. Johannes B. Ullrich •
DNS Option 15 and Debugging DNSSEC Errors
https://isc.sans.edu/forums/diary/DNS+Option+15+Debugging+DNSSEC+Errors/29094
Yari: A New Era of Yara Debugging
https://engineering.avast.io/yari-a-new-era-of-yara-debugging/
HTTP Archive Almanac
https://alm…
Exploits, Global Security News
Over 75 Applications on Google Play with 13M Installations Deliver Adware
by GURUBARAN S •
Researchers from HUMAN’s Satori Threat Intelligence team found a new adware operation named ‘Scylla’, which is the third wave of an attack reported in August 2019 dubbed ‘Poseidon’. The second wave, indeed from the same threat actor, was called &…
Exploits, Global Security News
Should You Use a VPN for Online Security? 4 Types of Malware and How to Protect Yourself
by Tanya Bhateja •
A VPN creates an encrypted tunnel between your device and the VPN server. All of your data transmissions are protected by the VPN’s encrypted tunnel. With this set-up, your online activity and IP address will be hidden from prying eyes. When usin…
Exploits, Global Security News
BIND DNS Software High-Severity Flaws Let Hackers Remotely Trigger the Attack
by GURUBARAN S •
The ISC (Internet Systems Consortium) released a security patch this week in an attempt to address six vulnerabilities that could allow remote attackers to take control of BIND DNS servers. In total, four of the six vulnerabilities were rated as ‘…
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Tuesday, September 27th, 2022
by Dr. Johannes B. Ullrich •
Easy Python Sandbox Detection
https://isc.sans.edu/forums/diary/Easy+Python+Sandbox+Detection/29090
Hackers use PowerPoint Files for “Mouseover” Malware Delivery
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerp…
Exploits, Global Security News
Beware of Fake Indian Rewards Apps That Installs Malware on Your Devices
by GURUBARAN S •
Microsoft 365 Defender Research Team analysed the new version of previously reported info-stealing Android malware, delivered through an SMS campaign. This new version has remote access trojan (RAT) capabilities, targeting the customers of Indian banks…
Exploits, Global Security News
New WhatsApp 0-Day Bug Let Hackers Execute a Code & Take Full App Control Remotely
by BALAJI N •
WhatsApp silently fixed two critical zero-day vulnerabilities that affect both Android & iOS versions allowing attackers to execute an arbitrary code remotely. Facebook-owned privacy-oriented messenger WhatsApp is one of the Top-ranked Messenger ap…
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Monday, September 26th, 2022
by Dr. Johannes B. Ullrich •
Kids Like Cookies and Malware Likes them Too
https://isc.sans.edu/forums/diary/Kids+Like+Cookies+Malware+Too/29082
Downloading Files from Removed Domains
https://isc.sans.edu/forums/diary/Downloading%20Samples%20From%20Takendown%20Domains/29086/
What…
Exploits, Global Security News
UK Police Arrests 17-Yr-Old Teen Hacker Believed to be Behind Uber & Rockstar Hacks
by BALAJI N •
A British 17-year-old teen has been detained recently (Thursday 22 September 2022) by the City of London Police in connection with recent cyberattacks that have been reported by authorities. While this arrest was officially announced by London Police o…
Exploits, Global Security News
RCE Bug in ZOHO Products Let Hackers Execute Arbitrary Code Remotely
by BALAJI N •
CISA’s bug catalog has been updated with a new vulnerability related to Java deserialization, which has been exploited in the wild by malicious threat actors. As this vulnerability affects multiple Zoho ManageEngine products that are affected. CV…
Exploits, Global Security News
Critical Magento Vulnerability Let Unauthenticated Attackers to Execute Code
by GURUBARAN S •
Sansec Threat Research Team noticed a surge in Magento 2 template attacks. This critical template vulnerability in Magento 2 tracked as (CVE-2022-24086) is increasing among eCommerce cyber criminals. The vulnerability allows unauthenticated attackers t…
Exploits, Global Security News
Diving Deeper to Understand the Windows Event logs for Cyber Security Operation Center (SOC)
by BALA GANESH •
Cyber Security operations center is protecting organizations and sensitive business data of customers. It ensures active monitoring of valuable assets of business with visibility, alerting and investigating threats and a holistic approach to managing r…
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Friday, September 23rd, 2022
by Dr. Johannes B. Ullrich •
RAT Delivered Through FODHelper
https://isc.sans.edu/forums/diary/RAT+Delivered+Through+FODHelper/29078
Microsoft Endpoint Configuration Manager Spoofing Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37972
New Fuz…
Exploits, Global Security News
15-Year-Old Python Bug Let Hacker Execute Code in 350k Python Projects
by BALAJI N •
The cybersecurity researchers at Trellix have recently identified a 15-year-old Python bug that has been found to potentially impact 350,000 open-source repositories. There is a possibility that this bug could lead to the execution of code. This 15-yea…
Exploits, Global Security News
How to Spot Your Biggest Security Threat? Just Look out for the Humans
by Priya James •
What is the biggest security threat in your company? As it turns out, it’s not some AI-powered machine learning super virus or pernicious and anonymous cybercrime syndicate. It’s not the latest and greatest in botnets, malware, or spyware either. Sure,…
Exploits, Global Security News
Hackers Launched Record DDoS Attack with 25.3 Billion Requests in 4 Hours
by BALAJI N • • 0 Comments
On the day of June 27, 2022, Imperva, an internet cybersecurity company mitigated over 25.3 billion requests as part of a DDoS attack. A new record in the field of DDoS mitigation has been set by its solution. A Chinese telecommunications company that …
Exploits, Global Security News
High Severity IDOR Bugs inCNCF ‘Harbor’ Project by VMware
by Priya James •
Oxeye, the provider of award-winning cloud-native application security, today announced that its security researchers have uncovered several new high severity variants of the IDOR (Insecure Director Object Reference) vulnerabilities in CNCF-graduated p…