A couple of weeks after the disclosure of CVE-2024-38112, a critical vulnerability exploited by the Void Banshee group to deploy the Atlantida stealer, another security flaw came into the spotlight. Multiple ransomware groups have weaponized a recently patched vulnerability in VMware ESXi hypervisors tracked as CVE-2024-37085 to gain elevated privileges and distribute file-encrypting malicious samples. […]
Following Microsoft’s recent Patch Tuesday update, which addressed the CVE-2024-38112 vulnerability, researchers uncovered a sophisticated campaign by the Void Banshee APT. This campaign exploits a security gap in the Microsoft MHTML browser engine through zero-day attacks to deploy the Atlantida stealer on victims’ devices. Detecting CVE-2024-38113 Exploitation by Void Banshee In the first half of […]
The latest advisory issued by law enforcement agencies within Australia, the U.S., Canada, Germany, the U.K., New Zealand, South Korea, and Japan, warns of the growing threat posed by APT40 operated on behalf of Beijing’s Ministry of State Security (MSS). Specifically, the advisory details the activities of the People’s Republic of China state-sponsored group able […]
The cyber threat landscape in June is heating up, largely due to the disclosure of new vulnerabilities, such as CVE-2024-4577 and CVE-2024-29849. Researchers have identified a novel critical improper authentication vulnerability in Progress MOVEit Transfer tracked as CVE-2024-5806, which has already been under active exploitation in the wild a couple of hours after its discovery. […]
In Q1 2024, Advanced Persistent Threat (APT) groups from China, North Korea, Iran, and russia demonstrated significantly enhanced and innovative offensive capabilities to proceed with sophisticated cyber-espionage campaigns. This surge in activity has posed considerable challenges to the global cybersecurity landscape. Recently, security experts revealed the activity of the China-linked Velvet Ant group infiltrating F5 […]
Hot on the heels of the disclosure of CVE-2024-29849 and its PoC release, another security flaw is creating a buzz in the cyber threat landscape. Successful exploitation of CVE-2024-4577, which affects Windows-based PHP servers, could lead to RCE. The security bug is a CGI argument injection vulnerability that impacts all versions of PHP on the […]
In mid-April 2024, CERT-UA warned defenders of repeated adversary attempts to compromise Ukrainian organizations using COOKBOX malware. Defenders observed the ongoing phishing campaign targeting Ukraine and took measures to disrupt the offensive attempts. The identified russia-linked malicious activity is tracked under the moniker FlyingYeti and overlaps with the UAC-0149 operation covered in the CERT-UA#9522 alert. […]
There is a growing interest among hacking collectives in exploiting remote-access VPN environments by commony abusing zero-day vulnerabilities as entry points and attack vectors into enterprises. A novel critical zero-day vulnerability in Check Point Network Security gateway products tracked as CVE-2024-24919 has hit the headlines. Since April 2024, the flaw has been exploited in in-the-wild […]
Defenders have disclosed critical cybersecurity issues in F5’s Next Central Manager, which are tracked as CVE-2024-21793 and CVE-2024-26026, giving potential adversaries the green light to seize control over the impacted installation. Upon successful exploitation, hackers can create accounts on any F5 assets to establish persistence and perform further malicious activities. Detecting CVE-2024-21793 & CVE-2024-26026 Exploits […]
While CVE-2024-21111 exploitation risks have been a serious concern for organizations leveraging Oracle Virtualbox software, another critical vulnerability has been hitting the headlines. CrushFTP has recently reported a novel largely exploited zero-day vulnerability impacting the servers. The maximum severity flaw tracked as CVE-2024-4040 can be weaponized in a series of in-the-wild attacks against organizations in […]