A New KV-Botnet Is Using Stealthy Attacks to Target Cisco, DrayTek, and Fortinet Devices
Since at least 2022, a highly capable botnet known as the “KV-botnet” has been associated with the Chinese state-sponsored APT […]
CVE-2023-36553: Command Injection Vulnerability in FortiSIEM
Fortinet, a major cybersecurity company, recently published an advisory regarding a critical vulnerability affecting its FortiSIEM Report Server. Background: The […]
DarkCasino: A New Emerging APT Threat Exploiting a WinRAR Flaw
NSFOCUS researchers examined the DarkCasino attack pattern, which exploited the WinRAR zero-day vulnerability identified as CVE-2023-38831. The financially motivated APT […]
Critical Vulnerability Patched in SAP Business One Product
SAP, a well-known commercial software provider, has disclosed three new vulnerabilities in its Security Patch Day release for November 2023. […]
Exploitation of Apache ActiveMQ Vulnerability CVE-2023-46604
Rapid7 Managed Detection and Response (MDR) found potential exploitation of Apache ActiveMQ CVE-2023-46604 in two distinct customer scenarios on Friday, […]
CVE-2023-4966 (Citrix Bleed) Active Exploitation
Citrix published a security bulletin on October 10, 2023, regarding a vulnerability (CVE-2023-4966) that affects the NetScaler ADC and NetScaler […]
CVE-2023-46747: Critical Authentication Bypass Vulnerability in F5 BIG-IP
BIG-IP, a comprehensive portfolio of hardware platforms and software solutions from F5 Networks, focuses on security, dependability, and performance. These […]
Leveraging DETT&CT Framework
Building detection is a difficult task, particularly with an increasing number of data sources. It might be challenging for detection […]
The Rise of IPFS Phishing
Phishing attacks are still one of the most prevalent methods for threat actors to get access, and they pose a […]
DCSync Attacks Explained
Once an attacker gets access to a Windows endpoint, they can access credentials saved in clear text or as a […]
North Korean Attacks Exploiting JetBrains TeamCity Vulnerability
More than 30,000 clients worldwide use JetBrains’ TeamCity continuous integration and continuous deployment (CI/CD) server. Background: The program can be […]
With Unique Implants, A New ShroudedSnooper Actor Targets Middle Eastern Telecom Companies
State-sponsored actors and highly skilled adversaries have frequently targeted telecommunications businesses worldwide in recent years. Background: The great majority of […]
CVE-2023-34039: Critical Authentication Bypass Vulnerability in VMware Aria Operations for Networks
The VMware Aria management and monitoring package provides full-scope operations management, IT automation, log management, analytics creation, network visibility, and […]
Evidence Leads to Lazarus as the VMConnect Supply Chain Attack Continues
Recently, Sonatype and Reversing Labs analyzed the fraudulent PyPI package ‘VMConnect,’ developed to imitate the authentic VMware vSphere connector module […]
Lazarus Exploits a Zoho ManageEngine Vulnerability to Distribute QuiteRAT and CollectionRAT
A recently fixed vulnerability (CVE-2022-47966) affecting Zoho ManageEngine ServiceDesk Plus has been used by Lazarus, a North Korean state-sponsored APT […]
Cuba Ransomware Group Targets Critical Systems by Using Veeam Vulnerability
Using a mix of outdated and modern techniques, the Cuba ransomware group has been seen launching attacks against American critical […]
Alert Advisory: Supply Chain Attack by Iran’s APT34 Targets the UAE
An Iranian threat group called OilRig typically targets businesses in the Middle East involved in various industries. Still, it has […]
PhishForce: In-the-wild Phishing of Facebook Accounts Using a Vulnerability in Salesforce’s Email Services
We have been subjected to fraudulent emails from the early days of the internet, from intrusive spam to highly targeted […]
Monitoring USB Usages in OT Environments
Industrial control systems are vital infrastructures that need strict security protocols, particularly those that operate in operational technology (OT) environments. […]
A Sneaky Cross-Platform Threat Targeting Redis Server: P2PInfect Worm
Unit 42 cloud researchers discovered a new peer-to-peer (P2P) worm on July 11, 2023, which they have named P2PInfect. Background: […]
Silentbob: A New Campaign by Team TNT Attacking Cloud Environments
The infrastructure of many organizations has included cloud computing in recent years due to its multiple advantages in terms of […]
Merdoor – A Custom Backdoor Used by Lancefly APT to Target Government Organizations
Recent observations show the use of a unique Merdoor backdoor by a hacking group known as Lancefly APT to attack […]
Alert Advisory: Analysis of the Microsoft Storm-0558 SaaS Breach
The operators of Storm-0558 stole a Microsoft account (MSA) consumer signing key to forge tokens for Azure Active Directory (AD) […]