Trending Intelligence Insights

Stay informed with the most accessed intelligence reports, analyzing the latest trends and threats in financial security.

Top Intel

Global Attack Vectors View

Top Viewed Intel

Stay ahead of the curve with a curated selection of the most popular intel

Hacktivist Alert: R00TK1T Cyber Team initiates Cyber Attacks against Qatar Entities on wake of Israel-Palestine Conflict
Summary
R00TK1T, a Pro-Israeli Hacktivist Group have made a declaration of targeting Qatari entities, in a new wave of attacks - on the wake of the Israeli-Palestine conflict
Advisory ID:
ADV-02-39-252
Posted On:
15 Dec, 2023 07:08:45 AM
Analysis of the Global Malware Trend: Exploiting Undocumented OAuth2 Functionality to Regenerate Google Service Cookies Regardless of IP or Password Reset.
Summary
In October 2023, PRISMA, a developer, uncovered a critical exploit that allows the generation of persistent Google cookies through token manipulation. This exploit enables continuous access to Google services, even after a user's password reset. A client, a threat actor, later reverse-engineered this script and incorporated it into Lumma Infostealer (See Appendix8), protecting the methodology with advanced blackboxing techniques. This marked the beginning of a ripple effect, as the exploit rapidly spread among various malware groups to keep on par with unique features. CloudSEK's threat research team, leveraging HUMINT and technical analysis, identified the exploit's root at an undocumented Google Oauth endpoint named "MultiLogin". This report delves into the exploit's discovery, its evolution, and the broader implications for cybersecurity.
Advisory ID:
ADV-02-36-19
Posted On:
29 Dec, 2023 05:45:17 AM
CVE-2023-7028 GitLab Addresses Account Takeover
Summary
This advisory reports on CVE-2023-7028, a critical vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE) affecting versions 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2. This vulnerability allows an attacker to reset any GitLab user's password and potentially gain unauthorized access to their account, including source code repositories, issue trackers, and project management features. This poses a significant risk to individuals, organizations, and critical infrastructure using GitLab.
Advisory ID:
VUL-04-18-446
Posted On:
17 Jan, 2024 09:35:13 AM
Exposing Qwiklabs Email Misuse in Sneaky Payment Scams involving setting up UPI merchant accounts
Summary
CloudSEK’s Threat Intelligence team uncovered a new attack vector for soiling the brand reputation of organizations by supplementing existing scam infrastructure. Threat Actors have always been on the lookout for ways that they can use to make their scam operations seem legitimate. Historically, we have seen that even if the Fake Domain or the scam domain might seem very real the end goal of the threat actor is receiving money from the victims.
Advisory ID:
ADV-02-28-7
Posted On:
16 Jan, 2024 10:40:39 AM
Threat Actor Reposting Databases of Multiple Organizations
Summary
On 21 December 2023, a threat actor known as SenjorZeroday reposted the databases of three organizations CACI.com, pawline.com and saltattire.com.
Advisory ID:
ADV-02-25-972
Posted On:
26 Dec, 2023 04:09:36 PM
Cyber Attacks by Anony BXD Targeting Indian Government Websites
Summary
Anony BXD, a hacktivist group, executed a series of Distributed Denial of Service (DDoS) attacks on various Indian government websites. The targeted entities encompass significant platforms like the Indian Embassy in the USA, www.giveindia.org, https://www.easemytrip.com, https://www.whitehatjr.com, https://www.calcuttahighcourt.gov.in, https://pgportal.gov.in, https://apsts.arunachal.gov.in, and https://invest.up.gov.in. Through CloudSEK's historical analysis of the affiliate groups associated with the Hacktivist Groups, it was discovered that these entities are actively involved in deploying techniques for conducting HTTP Flooding attacks. CloudSEK has also identified specific tools and technologies related to Distributed Denial of Service (DDoS) utilized by similar hacktivist groups. These DDoS tools leverage freely available, open-source proxy servers to amplify their traffic volume.
Advisory ID:
ADV-02-39-256
Posted On:
31 Jan, 2024 03:05:46 PM
Security Incident Report: Laravel Vulnerability Led to Data Breach at Hathway ISP
Summary
Hathway, the largest ISP provider in India, experienced a severe data breach attributable to a vulnerability within its Laravel framework application. The breach exposed sensitive information of over 41.5 million customers, including their names, email addresses, phone numbers, and physical addresses.
Advisory ID:
ADV-02-25-975
Posted On:
05 Jan, 2024 05:24:06 PM
Threat Actor Offers Initial Access to Global Entities
Summary
On December 10, 2023, a disturbing post surfaced on an underground forum by a threat actor known as 'maj00r.' The actor is actively selling initial access to various organizations worldwide, spanning diverse sectors such as vehicle trade, real estate, banking, education, and more. Each entry provides details on the country, industry, annual income, access type (Shell), and the associated price. Notably, access to entities with substantial financial standing is offered, emphasizing the urgent need for heightened cybersecurity measures. Security researchers and CISOs should take immediate notice of this threat, recognizing the potential risks to organizations across different countries and industries. The actor's contact information is provided as
Advisory ID:
ADV-02-29-621
Posted On:
11 Dec, 2023 12:08:07 PM
APT Group Overview: Mustang Panda
Summary
Mustang Panda is a China-based cyber espionage threat actor, first observed in 2017, potentially active since 2014. The group targets a diverse set of entities, including government organizations, nonprofits, religious groups, and other NGOs across various countries, such as the U.S., Europe, Mongolia, Myanmar, Pakistan, and Vietnam.
Advisory ID:
ADV-02-33-3164
Posted On:
24 Dec, 2023 08:05:56 AM
Phishing Attack led to Infrastructure Compromise using EternalBlue Exploit and Ghostlocker Deployment
Summary
CloudSEK has identified a threat actor (TA) who successfully breached Global Protect employee VPN access by executing a phishing attack and obtaining the VPN credentials.
Advisory ID:
ADV-02-27-402
Posted On:
04 Jan, 2024 02:21:48 PM
CVE-2023-6348 Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page
Summary
Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Advisory ID:
VUL-04-18-392
Posted On:
06 Dec, 2023 01:41:41 PM
Pig butchering scam targeting individuals using Multiple brand names using Telegram and YouTube
Summary
CloudSEK’s contextual AI digital risk platform XVigil detected multiple videos on youtube linking back to multiple Telegram channels allegedly promoting investment websites using Big Brand Names to lure victims easily
Advisory ID:
ADV-02-28-260
Posted On:
12 Jan, 2024 09:37:47 AM
CVE-2023-6847 improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request
Summary
An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request. To exploit this vulnerability, an attacker would need network access to the Enterprise Server appliance configured in Private Mode. This vulnerability affected all versions of GitHub Enterprise Server since 3.9 and was fixed in version 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program.
Advisory ID:
VUL-04-18-436
Posted On:
27 Dec, 2023 07:23:06 AM
Database of Manipur Police shared by Hacktivist Indonesia
Summary
Database of Manipur Police shared by Hacktivist Indonesia
Advisory ID:
ADV-02-39-248
Posted On:
13 Dec, 2023 01:25:20 PM
Threat actor posted the database of the Jawaharlal Nehru Custom House
Summary
Threat actor on BreachForums posted the database of the Jawaharlal Nehru Custom House. The breach, affecting 7888 companies involved in import-export activities, was attributed to a hack of the jawaharcustoms.gov.in website in January 2024.
Advisory ID:
ADV-02-25-978
Posted On:
30 Jan, 2024 01:44:56 PM

Global Feeds

Verified and Reliable Source Feeds

Vulnerability Intelligence
Software and Web App Vulnerabilities
CVE-2024-21762 out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests
INDUSTRY
Multiple
REGION
Global
DATA TYPE
Vulnerability/Exploit
Summary
A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests
Advisory ID:
VUL-04-18-511
Posted On:
16 Feb, 2024 09:52:06 PM
Vulnerability Intelligence
Software and Web App Vulnerabilities
CVE-2024-24495 SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0
INDUSTRY
Multiple
REGION
Global
DATA TYPE
Vulnerability/Exploit
Summary
SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via crafted GET request.
Advisory ID:
VUL-04-18-502
Posted On:
13 Feb, 2024 11:13:35 PM
Vulnerability Intelligence
Software and Web App Vulnerabilities
CVE-2024-24024 arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com
INDUSTRY
Multiple
REGION
Global
DATA TYPE
Vulnerability/Exploit
Summary
An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: fileDownload(). An attacker can pass in specially crafted filePath and fieName parameters to perform arbitrary File download.
Advisory ID:
VUL-04-18-500
Posted On:
13 Feb, 2024 10:05:08 PM
Vulnerability Intelligence
Software and Web App Vulnerabilities
CVE-2024-24018 SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions
INDUSTRY
Multiple
REGION
Global
DATA TYPE
Vulnerability/Exploit
Summary
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via /system/dataPerm/list
Advisory ID:
VUL-04-18-499
Posted On:
13 Feb, 2024 10:03:35 PM
Vulnerability Intelligence
Software and Web App Vulnerabilities
CVE-2023-41704 Processing of CID references at E-Mail can be abused to inject malicious script code that passes the sanitization engine
INDUSTRY
Multiple
REGION
Global
DATA TYPE
Vulnerability/Exploit
Summary
Processing of CID references at E-Mail can be abused to inject malicious script code that passes the sanitization engine. Malicious script code could be injected to a users sessions when interacting with E-Mails. Please deploy the provided updates and patch releases. CID handing has been improved and resulting content is checked for malicious content. No publicly available exploits are known.
Advisory ID:
VUL-04-18-498
Posted On:
13 Feb, 2024 09:44:13 PM
Vulnerability Intelligence
Software and Web App Vulnerabilities
CVE-2023-27318 StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.13 are susceptible to a Denial of Service (DoS) vulnerability
INDUSTRY
Multiple
REGION
Global
DATA TYPE
Vulnerability/Exploit
Summary
StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.13 are susceptible to a Denial of Service (DoS) vulnerability. A successful exploit could lead to a crash of the Local Distribution Router (LDR) service.
Advisory ID:
VUL-04-18-488
Posted On:
12 Feb, 2024 10:32:26 PM
Vulnerability Intelligence
Software and Web App Vulnerabilities
CVE-2023-46687 In Emerson Rosemount GC370XA, GC700XA, and GC1500X products, an unauthenticated user with network access could execute arbitrary commands in root context from a remote computer
INDUSTRY
Multiple
REGION
Global
DATA TYPE
Vulnerability/Exploit
Summary
In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could execute arbitrary commands in root context from a remote computer.
Advisory ID:
VUL-04-18-486
Posted On:
12 Feb, 2024 10:02:15 PM
Vulnerability Intelligence
Software and Web App Vulnerabilities
CVE-2023-51437 Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification
INDUSTRY
Multiple
REGION
Global
DATA TYPE
Vulnerability/Exploit
Summary
Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification.Users are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users should also consider updating the configured secret in the `saslJaasServerRoleTokenSignerSecretPath` file.Any component matching an above version running the SASL Authentication Provider is affected. That includes the Pulsar Broker, Proxy, Websocket Proxy, or Function Worker.2.11 Pulsar users should upgrade to at least 2.11.3.3.0 Pulsar users should upgrade to at least 3.0.2.3.1 Pulsar users should upgrade to at least 3.1.1.Any users running Pulsar 2.8, 2.9, 2.10, and earlier should upgrade to one of the above patched versions.For additional details on this attack vector, please refer to https://codahale.com/a-lesson-in-timing-attacks/ .
Advisory ID:
VUL-04-18-485
Posted On:
12 Feb, 2024 09:54:09 PM
Vulnerability Intelligence
Software and Web App Vulnerabilities
CVE-2023-4551 Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows OS Command Injection
INDUSTRY
Multiple
REGION
Global
DATA TYPE
Vulnerability/Exploit
Summary
Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows OS Command Injection.The AppBuilder's Scheduler functionality that facilitates creation of scheduled tasks is vulnerable to command injection. This allows authenticated users to inject arbitrary operating system commands into the executing process.This issue affects AppBuilder: from 21.2 before 23.2.
Advisory ID:
VUL-04-18-482
Posted On:
10 Feb, 2024 02:34:40 PM
Vulnerability Intelligence
Software and Web App Vulnerabilities
CVE-2023-45735 potential attacker with access to the Westermo Lynx device may be able to execute malicious code that could affect the correct functioning of the device
INDUSTRY
Multiple
REGION
Global
DATA TYPE
Vulnerability/Exploit
Summary
A potential attacker with access to the Westermo Lynx device may be able to execute malicious code that could affect the correct functioning of the device.
Advisory ID:
VUL-04-18-477
Posted On:
10 Feb, 2024 12:07:50 PM
Vulnerability Intelligence
Software and Web App Vulnerabilities
CVE-2023-38579 The cross-site request forgery token in the request may be predictable or easily guessable allowing attackers to craft a malicious request, which could be triggered by a victim unknowingly
INDUSTRY
Multiple
REGION
Global
DATA TYPE
Vulnerability/Exploit
Summary
The cross-site request forgery token in the request may be predictable or easily guessable allowing attackers to craft a malicious request, which could be triggered by a victim unknowingly. In a successful CSRF attack, the attacker could lead the victim user to carry out an action unintentionally.
Advisory ID:
VUL-04-18-476
Posted On:
10 Feb, 2024 12:06:40 PM
Vulnerability Intelligence
Software and Web App Vulnerabilities
CVE-2023-40545 Authentication bypass when an OAuth2 Client is using client_secret_jwt as its authentication method on affected 11.3 versions via specially crafted requests
INDUSTRY
Multiple
REGION
Global
DATA TYPE
Vulnerability/Exploit
Summary
Authentication bypass when an OAuth2 Client is using client_secret_jwt as its authentication method on affected 11.3 versions via specially crafted requests.
Advisory ID:
VUL-04-18-475
Posted On:
10 Feb, 2024 12:05:07 PM
Vulnerability Intelligence
Software and Web App Vulnerabilities
CVE-2023-32327 IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data
INDUSTRY
Multiple
REGION
Global
DATA TYPE
Vulnerability/Exploit
Summary
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 254783.
Advisory ID:
VUL-04-18-474
Posted On:
07 Feb, 2024 09:52:41 AM
Vulnerability Intelligence
Software and Web App Vulnerabilities
CVE-2023-39303 improper authentication vulnerability has been reported to affect several QNAP operating system versions
INDUSTRY
Multiple
REGION
Global
DATA TYPE
Vulnerability/Exploit
Summary
An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network.We have already fixed the vulnerability in the following versions:QTS 5.1.3.2578 build 20231110 and laterQuTS hero h5.1.3.2578 build 20231110 and laterQuTScloud c5.1.5.2651 and later
Advisory ID:
VUL-04-18-471
Posted On:
07 Feb, 2024 09:44:28 AM
Vulnerability Intelligence
Software and Web App Vulnerabilities
CVE-2023-50939 IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information
INDUSTRY
Multiple
REGION
Global
DATA TYPE
Vulnerability/Exploit
Summary
IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275129.
Advisory ID:
VUL-04-18-470
Posted On:
07 Feb, 2024 09:33:46 AM

Research Tracker Feeds

Underground Source Feeds

Adversary Intelligence
Hacktivism
Cyber Attacks by Anony BXD Targeting Indian Government Websites
INDUSTRY
Government
REGION
Asia & Pacific
DATA TYPE
Publicly Available Information (PAI)
Summary
Anony BXD, a hacktivist group, executed a series of Distributed Denial of Service (DDoS) attacks on various Indian government websites. The targeted entities encompass significant platforms like the Indian Embassy in the USA, www.giveindia.org, https://www.easemytrip.com, https://www.whitehatjr.com, https://www.calcuttahighcourt.gov.in, https://pgportal.gov.in, https://apsts.arunachal.gov.in, and https://invest.up.gov.in. Through CloudSEK's historical analysis of the affiliate groups associated with the Hacktivist Groups, it was discovered that these entities are actively involved in deploying techniques for conducting HTTP Flooding attacks. CloudSEK has also identified specific tools and technologies related to Distributed Denial of Service (DDoS) utilized by similar hacktivist groups. These DDoS tools leverage freely available, open-source proxy servers to amplify their traffic volume.
Advisory ID:
ADV-02-39-256
Posted On:
31 Jan, 2024 03:05:46 PM
Adversary Intelligence
Compromised Data
Threat actor posted the database of the Jawaharlal Nehru Custom House
INDUSTRY
Government
REGION
Asia & Pacific
DATA TYPE
Database
Summary
Threat actor on BreachForums posted the database of the Jawaharlal Nehru Custom House. The breach, affecting 7888 companies involved in import-export activities, was attributed to a hack of the jawaharcustoms.gov.in website in January 2024.
Advisory ID:
ADV-02-25-978
Posted On:
30 Jan, 2024 01:44:56 PM
Adversary Intelligence
Hacktivism
Anti-Israel hacktivist group 'GARUDA FROM CYBER' targets the State Council of Education, Research and Training by National Informatics Centre, Odisha State Unit, Bhubaneswar, with cyber attacks
INDUSTRY
Government
REGION
Asia & Pacific
DATA TYPE
Database
Summary
The State Council of Education, Research, and Training, under the National Informatics Centre in Odisha State Unit, Bhubaneswar, experienced a cyber attack. A hacktivist group, expressing dissatisfaction with India's position on the Israel-Palestine conflict, asserted responsibility for leaking data.
Advisory ID:
ADV-02-39-255
Posted On:
30 Jan, 2024 12:58:55 PM
Adversary Intelligence
Hacktivism
Anti-Israel hacktivist group 'Anonymous Collective' targets the Central Bank of India, with cyber attacks
INDUSTRY
Finance & Banking
REGION
Asia & Pacific
DATA TYPE
Access
Summary
The hacktivist group initially obtained access to the bank's internal network and followed it up with a DDOS Attack. The attack was politically motivated and coincided with India's celebration of it's 75th Republic Day.
Advisory ID:
ADV-02-39-254
Posted On:
30 Jan, 2024 10:49:22 AM
Adversary Intelligence
Pre-Attack tactics
Underground Marketplace Alert: Sale of Fortinet VPN and M365 Access to Government Software/IT Services
INDUSTRY
Telecommunications
REGION
Asia & Pacific
DATA TYPE
Access
Summary
"TheColorYellow" is offering compromised access, including Fortinet VPN and M365, for a Software/IT services provider catering to law enforcement and government in India.
Advisory ID:
ADV-02-29-629
Posted On:
16 Jan, 2024 05:46:34 PM
Vulnerability Intelligence
Software and Web App Vulnerabilities
Threat Actor Selling Access to McDonald's Corporation FTP Data for $500
INDUSTRY
FMCG
REGION
Multiple
DATA TYPE
Vulnerability/Exploit
Summary
On 14 January 2024, a threat actor named "pine" offered FTP (File Transfer Protocol) access to McDonald's Corporation on a Russian-speaking forum.
Advisory ID:
VUL-04-18-444
Posted On:
16 Jan, 2024 04:29:57 PM
Adversary Intelligence
Pre-Attack tactics
Sandocan: A Versatile Threat Actor Targeting Global Industries Through RDweb Connections
INDUSTRY
Multiple
REGION
Global
DATA TYPE
RDP
Summary
Operating within a Russian-speaking underground forum, the threat actor known as
Advisory ID:
ADV-02-29-628
Posted On:
16 Jan, 2024 04:21:20 PM
Adversary Intelligence
Compromised Data
Underground Forum Alert: Sale of Compromised Spanish Telecom Database
INDUSTRY
Telecommunications
REGION
Europe
DATA TYPE
Database
Summary
A threat actor named
Advisory ID:
ADV-02-25-976
Posted On:
16 Jan, 2024 02:13:07 PM
Malware Intelligence
Ransomware
Builder For Stop-DJVU Ransom sold on Ungerground forum
INDUSTRY
Multiple
REGION
Global
DATA TYPE
Malware
Summary
A threat actor named
Advisory ID:
MAL-03-01-249
Posted On:
16 Jan, 2024 10:06:39 AM
Adversary Intelligence
Hacktivism
Hacktivist Retaliation: Anonymous Sudan Targets UK for Yemen Involvement and Zionist Support
INDUSTRY
IT & Technology
REGION
Europe
DATA TYPE
Vulnerability/Exploit
Summary
Anonymous Sudan, a group of hacktivists, carried out this attack as a reaction to the UK's participation in and backing of air strikes in Yemen, along with their unconditional support for the genocidal Zionist regime in Israel.
Advisory ID:
ADV-02-39-253
Posted On:
16 Jan, 2024 07:39:22 AM
Adversary Intelligence
Compromised DataInformation Compromise
Threat Actor Reposting Databases of Multiple Organizations
INDUSTRY
Multiple
REGION
Global
DATA TYPE
Database
Summary
On 21 December 2023, a threat actor known as SenjorZeroday reposted the databases of three organizations CACI.com, pawline.com and saltattire.com.
Advisory ID:
ADV-02-25-972
Posted On:
26 Dec, 2023 04:09:36 PM
Malware Intelligence
Malware Enablers
Wraith Crypter 2.0 Unveiled: A Weapon in Evasion Tactics
INDUSTRY
Multiple
REGION
Global
DATA TYPE
Malware
Summary
Threat actor Ternary introduced Wraith Crypter 2.0 on an underground forum, showcasing its advanced features such as Smart Screen Bypass, UAC Bypass, and Payload Injection.
Advisory ID:
MAL-03-16-127
Posted On:
21 Dec, 2023 09:29:49 AM
Adversary Intelligence
Pre-Attack tactics
Sale of VPN access to USA based telecommunication company on russian speaking underground forum
INDUSTRY
Telecommunications
REGION
North America
DATA TYPE
Access
Summary
On December 21, 2023, threat actor named Michon posted on an underground forum, auctioning compromised access to a USA based Telecommunications company offering VPN with domain privileges, including Domain Admin and AV Cortex Xdr capabilities. With a revenue of 10 billion USD, the auction, starting at 25k, raises concerns for security researchers and CISOs due to the potential threat to critical infrastructure. The compromise allows unauthorized access to Telecommunications systems, posing a serious risk to network security.
Advisory ID:
ADV-02-29-627
Posted On:
21 Dec, 2023 08:25:41 AM
Adversary Intelligence
Pre-Attack tactics
Multiple billion-dollar companies from the eCommerce and Fashion/Clothing industries for sale on underground forum
INDUSTRY
Multiple
REGION
North America
DATA TYPE
RDP
Summary
On December 17, 2023, the threat actor
Advisory ID:
ADV-02-29-626
Posted On:
19 Dec, 2023 07:31:13 AM
Adversary Intelligence
Exploits
Underground Forum Listing: Windows LPE Exploit (CVE-2023-36036) for Sale
INDUSTRY
Multiple
REGION
Global
DATA TYPE
Vulnerability/Exploit
Summary
On 13 December 2023, a threat actor named
Advisory ID:
ADV-02-36-17
Posted On:
18 Dec, 2023 09:42:56 AM
powered by