The UAC-0149 threat actor repeatedly targets Ukrainian governments and military organizations using COOKBOX malware. The latest research by CERT-UA details the new attack leveraging phishing Signal messages and CVE-2023-38831 exploits to deploy COOKBOX on the targeted instances. UAC-0149 Attack Details UAC-0149 hacking collective has been performing malicious operations against Ukraine since at least autumn 2023. […]
FBI and CISA, in conjunction with the U.S. and leading international cybersecurity agencies, have recently issued a joint advisory AA24-109A warning defenders of a surge in cyber attacks leveraging Akira ransomware. According to investigations, related malicious campaigns have affected 250+ organizations and claimed around $42 million in ransom payments. Detect Akira Ransomware Attacks Escalating ransomware […]
The UAC-0184 hacking collective is back, once again setting its eyes on the Armed Forces of Ukraine. Adversaries attempt to gain access to the targeted computers to steal files and messaging data, according to the latest CERT-UA research. UAC-0184 Latest Attack Description Defenders have been observing a significant surge in the malicious activity of the […]
A novel command injection zero-day vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software hits the headlines. The highly critical flaw, identified as CVE-2024-3400, has been already exploited in a series of attacks in the wild. Detect CVE-2024-3400 Exploitation Attempts The number of vulnerabilities weaponized for in-the-wild attacks increases tremendously on a yearly […]
A new maximum severity vulnerability has been discovered in the Rust standard library. This vulnerability poses a serious threat to Windows users by enabling potential command injection attacks. The flaw tracked as CVE-2024-24576 specifically affects situations where batch files on Windows are executed with untrusted arguments. With the PoC code already publicly released, successful exploitation […]
The state-sponsored russia-linked Gamaredon (aka Hive0051, UAC-0010, Armageddon APT) hacking collective comes to the spotlight launching a new wave of cyber attacks. Adversaries have been observed leveraging new iterations of Gamma malware, adopting DNS Fluxing to drop the malicious strains and leading to 1,000+ infections per day. The infection chain displays a novel, aggressive, multi-layered […]
Cybersecurity researchers have unveiled a novel sophisticated multi-stage attack, in which adversaries take advantage of the ScrubCrypt anti-malware evasion tool to drop VenomRAT along with multiple harmful plugins, including nefarious Remcos, XWorm, NanoCore RAT, and other malicious strains. Detect VenomRAT Deployed via ScrubCrypt With cyber-attacks proliferating and employing increasingly sophisticated intrusion methods, cyber defenders require […]
Security researchers warn of a critical privilege escalation vulnerability in multiple macOS versions that enables unauthorized users, including those with guest rights, to gain full root access to the affected instance. Detect CVE-2023-42931 Exploitation Attempts With an exponential rise in attack volumes and sophistication, the threat landscape of 2024 is assumed to be even more […]
Hard on the heels of the DEEP#GOSU offensive campaign associated with the North Korean hacking collective Kimsuky APT, the group comes to the spotlight once again by shifting their adversary TTPs. Defenders have recently observed Kimsuky’s use of Microsoft Compiled HTML Help (CHM) files to spread malware and collect sensitive data from impacted instances. Detect […]
Ransomware remains a top threat to organizations globally, with a constant surge in the volume and sophistication of attacks. Among key players in the ransomware arena, the ALPHA SPIDER group stands out by taking credit for a series of recent high-profile attacks targeting the U.S. healthcare payment software processor Change and MGM gaming industry giant. […]