Subscribers favorite #1
Researchers have spotted a threat actor used PlayCrypt to leverage Remote Monitoring and Management (RMM) software used by service providers to gain direct access to a customer’s environment, bypassing most of its defenses.
The PlayCrypt ransomware group initially spotted in June last year and believed to be affiliated with the Balloonfly malware group, can utilize the remote access capability to wreak havoc on mid-market firms. It employs double-extortion tactics, stealing victim data before encrypting their networks.
PlayCrypt expanded its toolkit with new tools and exploits like ProxyNotShell, OWASSRF, and a Microsoft Exchange Server Remote Code Execution. They usually use RDP as a vector for network infiltration, they can also use FortiOS vulnerabilities (CVE-2018-13379 and CVE-2020-12812), and other compromised software in the supply chain.
Subscribers favorite #2
Researchers have spotted a security flaw that has been found in Spring Security’s latest versions. The vulnerability tracked is a broken access control related, and as CVE-2023-34034, the flaw has a CVSS score of 9.8.
An investigation on the vulnerability, conducted by researchers and described the exact nature of the flaw, its potential victims, and a proof-of-concept illustrating the scenarios in which this flaw could be triggered for unauthorized access
The flaw centers around a filter bypass issue that can allow unauthorized users to gain access to sensitive areas of applications built on Spring WebFlux. This exploit can potentially compromise the security and integrity of the applications in question.
Subscribers favorite #3
Researchers have spotted malware downloader spoofing Italian organizations, including the tax agency, to deliver a banking Trojan to target Italian organizations.
The downloader is called WikiLoader , which uses multiple mechanisms to evade detection. The financially motivated threat actor behind it, which tracked as TA544. The loader ultimately leads to the Ursnif banking Trojan, one of two Trojans favored by TA544.
Threat actors have pivoted away from using malicious Microsoft Office macro-laced attachments in tandem with Microsoft’s effort to block macros from executing, but TA544 has continued to use them in attack chains.
SUBSCRIBE TO OUR BLOG TODAY !
We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day
Subscribers favorite #4
Threat actors are targeting users in online cryptocurrency trading forums via a now-patched bug in the popular WinRAR file compression and archiving utility.
The vulnerability tracked as CVE-2023-38831 allowed the attackers to hide malicious code in zip archives masquerading as “.jpg,” “.txt,” and other file formats, and then distribute them in online cryptocurrency trading forums.
The attacks have been going on since at least April, and a beta patch was issued on July 20 and an updated version of WinRAR (version 6.23) on Aug. 2. Security experts urged WinRAR users, currently estimated at 500 million, to install the new version immediately to mitigate their exposure to attacks targeting the vulnerability.
Subscribers favorite #5
Abnormal Security has announced a new service called CheckGPT, specifically designed to detect artificial intelligence-generated email attacks.
The service determines when email threats, including business email compromise and other socially engineered attacks, have likely been created using generative AI tools.
The security firm argues that cybercriminals are harnessing the power of generative AI, such as ChatGPT or its malicious counterpart, WormGPT, to craft compelling emails that evade traditional security measures. As generative AI becomes more widely adopted, there is a considerable increase in BEC attacks.