Credit to Author: Abdelrahman Esmail| Date: Fri, 30 Aug 2024 00:00:00 +0000
Trend Micro discovered that old Atlassian Confluence versions that were affected by CVE-2023-22527 are being exploited using a new in-memory fileless backdoor.
Read moreCredit to Author: Ted Lee| Date: Thu, 19 Sep 2024 00:00:00 +0000
We observed Earth Baxia carrying out targeted attacks against APAC countries that involved advanced techniques like spear-phishing and customized malware, with data suggesting that the group operates from China.
Read moreCredit to Author: Richard Y Lin| Date: Wed, 18 Sep 2024 00:00:00 +0000
Our research reveals two significant vulnerabilities in Microsoft Azure Private 5G Core (AP5GC). The first vulnerability (CVE-2024-20685) allows a crafted signaling message to crash the control plane, leading to potential service outages. The second (ZDI-CAN-23960) disconnects and replaces attached base stations, disrupting network operations. While these issues are implementation-specific, their exploitation is made possible by a systemic weakness: the lack of mandatory authentication procedures between base stations and packet-cores.
Read moreCredit to Author: Hitomi Kimura| Date: Thu, 12 Sep 2024 00:00:00 +0000
In this blog entry, we provide an analysis of the recent remote code execution attacks related to Progress Software’s WhatsUp Gold that possibly abused the vulnerabilities CVE-2024-6670 and CVE-2024-6671.
Read moreCredit to Author: Lenart Bermejo| Date: Mon, 09 Sep 2024 00:00:00 +0000
In this blog entry, we discuss our analysis of Earth Preta’s enhancements in their attacks by introducing new tools, malware variants and strategies to their worm-based attacks and their time-sensitive spear-phishing campaign.
Read moreCredit to Author: Pierre Lee| Date: Fri, 06 Sep 2024 00:00:00 +0000
Our research reveals that an unidentified threat cluster we named TIDRONE have shown significant interest in military-related industry chains, particularly in the manufacturers of drones.
Read moreCredit to Author: Mhica Romero| Date: Thu, 05 Sep 2024 00:00:00 +0000
Notorious Mekotio and BBTok are having a resurgence targeting Latin American users. Mekotio’s latest variant suggests the gang behind it is broadening their target, while BBTok is seen abusing MSBuild.exe to evade detection.
Read moreCredit to Author: Cedric Pernet| Date: Wed, 04 Sep 2024 00:00:00 +0000
While monitoring Earth Lusca, we discovered the threat group’s use of KTLVdoor, a highly obfuscated multiplatform backdoor, as part of a large-scale attack campaign.
Read moreCredit to Author: AI Team| Date: Tue, 03 Sep 2024 00:00:00 +0000
This is the second blog in an ongoing series on Rogue AI. Keep following for more technical guidance, case studies, and insights.
Read moreCredit to Author: Mohamed Fahmy| Date: Thu, 29 Aug 2024 00:00:00 +0000
Threat actors are targeting users in the Middle East by distributing sophisticated malware disguised as the Palo Alto GlobalProtect tool.
Read more