Hot on the heels of the critical CVE-2024-0204 vulnerability disclosure in Fortraās GoAnywhere MFT software, another critical flaw arrests the attention of cyber defenders. Recently, Jenkins developers have addressed nine security bugs affecting the open-source automation server, including a critical vulnerability tracked as CVE-2024-23897 that can lead to RCE upon its successful exploitation. With PoCs […]
Another day, another critical vulnerability on the radar. This time, itās a critical authentication bypass (CVE-2024-0204) affecting Fortraās GoAnywhere MFT software, which is largely used by enterprises globally for secure file transfer purposes. Hot on the heels of the nefarious flaw in Atlassianās Confluence Server and Data Center, CVE-2024-0204 might be promptly added to the […]
Adversaries carry out high-profile in-the-wild attacks by weaponizing RCE vulnerabilities impacting Atlassian Confluence servers. A newly uncovered RCE vulnerability in the Confluence Data Center and Confluence Server has been observed under active exploitation just a few days after its discovery. The critical flaw tracked as CVE-2023-22527 with the highest possible CVSS score of 10.0 affects […]
Just slightly over a week after the UAC-0050 groupās attack against Ukraine leveraging Remcos RAT, Quasar RAT, and Remote Utilities, adversaries reemerge in the cyber threat arena. CERT-UA has recently notified defenders of the ongoing groupās campaign involving mass email distribution and masquerading the senders as State Service of Special Communications and Information Protection of […]
This time security researchers report a malicious campaign leveraging a now-patched Windows SmartScreen flaw (CVE-2023-36025) to drop the Phemedrone payload. Phemedrone is an open-source information stealer capable of siphoning data from crypto wallets, chatting apps, popular software, and more. Detect Phemedrom StealerĀ With over 1 billion malware samples circulating in the cyber domain, security professionals […]
Critical zero-day vulnerabilities impacting external-facing systems pose severe threats to multiple organizations that rely on them, exposing them to risks of RCE and system compromise, just like the active exploitation of the FortiOS SSL-VPN flaw caused havoc in January 2023. Recently, Chinese state-sponsored hacking groups have been observed exploiting two zero-day vulnerabilities tracked as CVE-2023-46805 […]
At the end of 2023, the nefarious UAC-0050 group loomed in the cyber threat arena, targeting Ukraine using Remcos RAT, a common malware from the groupās offensive toolkit. In the first decade of January 2024, UAC-0050 reemerges to strike again, exploiting Remcos RAT, Quasar RAT, and Remote Utilities. UAC-0050 Offensive Activity Overview Based on the […]
Recent cybersec reports unveil a series of attacks in which hackers take advantage of YouTube channels to spread the Lumma malware variant. Lumma malicious strain designed for stealing sensitive data has been in the limelight since 2022, actively promoted by adversaries on hacking websites and continuously undergoing multiple updates and enhancements.Ā This blog article gains […]
Hard on the heels of the phishing campaign against Ukraine spreading Remcos RAT, another offensive operation relying on a similar adversary toolkit comes to the scene. At the end of December 2023, Trendmicro researchers reported CERT-UA about suspicious military-related files sent through a series of new phishing attacks against Ukraine. The uncovered malicious activity aimed […]
Throughout the second half of December 2023, cybersecurity researchers uncovered a series of phishing attacks against Ukrainian government agencies and Polish organizations attributed to the infamous russian nation-backed APT28 hacking collective. CERT-UA has recently issued a heads-up covering the in-depth overview of the latest APT28 attacks, from the initial compromise to posing a threat to […]