pixel skylines
dirt enthusiast
Cosmic Funnies
Lint Roller? I Barely Know Her
let's talk about Bridgerton tea, my ask is open
No title available
No title available
titsay
Monterey Bay Aquarium
he wasn't even looking at me and he found me
Game of Thrones Daily
will byers stan first human second
No title available
JBB: An Artblog!
🪼
d e v o n
RMH
Product Placement
Alisa U Zemlji Chuda
TVSTRANGERTHINGS
seen from United States
seen from TĂĽrkiye
seen from TĂĽrkiye
seen from T1
seen from United States
seen from Canada
seen from Canada
seen from Mexico
seen from Italy
seen from South Korea
seen from Singapore
seen from Singapore
seen from Malaysia
seen from Italy
seen from Malaysia
seen from Singapore
seen from Colombia
seen from United Kingdom
seen from Malaysia
seen from United Kingdom
@hivepro
Three critical remote code execution (RCE) vulnerabilities in a WordPress plugin PHP everywhere have been discovered. It is a plugin that allows web developers to utilize PHP code in pages, posts, the sidebar, or anywhere on domains that use the content management system (CMS). This plugin has been installed on over 30,000 websites.
HivePro Uni5 is a Continuous Threat Exposure Management Solution that Proactively Reduce an Organization’s Attack Surface Before It Gets Exploited.
EnemyBot Malware, a Mirai-based botnet, is expanding its arsenal by exploiting well-known vulnerabilities in log4j, VMware workspace, Spring Framework, and others. Keksec, also known as Nero and Freakout, is the threat actor behind EnemyBot. Since 2016, this group has been known for crypto-mining and distributed denial-of-service (DDoS) attacks.
EnemyBot, a Mirai-based botnet, is expanding its arsenal by exploiting well-known vulnerabilities in log4j, VMware workspace, Spring Framework, and others. Keksec, also known as Nero and Freakout, is the threat actor behind EnemyBot. Since 2016, this group has been known for crypto-mining and distributed denial-of-service (DDoS) attacks.
Node.js has released several fixes for vulnerabilities in the JavaScript runtime environment, which could lead to arbitrary code execution, HTTP request smuggling, DNS rebinding vulnerability and other bugs. Several bugs in Node.js lead to Remote Code Execution
Node.js has released several fixes for vulnerabilities in the JavaScript runtime environment, which could lead to arbitrary code execution, HTTP request smuggling, DNS rebinding vulnerability and other bugs
Since March 2022, Industrial Spy ransomware, a new menace in the threat environment, has been stealing and selling data on the dark web marketplace and conducting double extortion attacks, combining data theft and file encryption for around 30+ organizations.
Since March 2022, Industrial Spy ransomware, a new menace in the threat environment, has been stealing and selling data on the dark web marketplace and conducting double extortion attacks, combining data theft and file encryption for around 30+ organizations.
The Last week of July 2022 witnessed the discovery of 462 vulnerabilities out of which 7 gained the attention of Threat Actors and security researchers worldwide. Among these 7, 2 of them were zero-days, there was 1 vulnerability that is awaiting analysis on the National Vulnerability Database (NVD). Hive Pro Threat Research Team has curated a list of 7 CVEs that require immediate action.
Further, we also observed 4 Threat Actor groups being highly active in the last week. APT29, a Russian threat actor group popular for Information theft and espionage was seen launching phishing campaigns to launch malware via cloud storage services, EvilNum an unknown threat actor group popular for Information theft and espionage was seen targeting Decentralized Finance (DeFi) sector, APT37 a North Korean threat actor group popular for Information theft and espionage was seen launching attack campaigns using Konni RAT and KNOTWEED an Austrian threat actor group popular for financial crime and gain, was observed exploiting zero day vulnerabilities of Windows and Adobe to perform targeted attacks against European and Central American customers. Common TTPs which could potentially be exploited by these threat actors or CVEs can be found in the detailed section.
Exotic Lily group is an initial access broker that utilizes large-scale phishing operations to infiltrate specific corporate networks and subsequently sells access to those networks to ransomware groups such as Conti and Diavol gangs.
Exotic Lily was first discovered exploiting a zero-day vulnerability in Microsoft MSHTML (CVE-2021-40444), which piqued the curiosity of researchers as a potentially sophisticated threat actor. Following additional analysis, it was revealed that the group is an initial access broker that utilizes large-scale phishing operations to infiltrate specific corporate networks and subsequently sells access to those networks to ransomware groups such as Conti and Diavol gangs.
The group starts by producing fake social media profiles, including LinkedIn profiles, by exploiting readily available employee data to make the illicit clones look genuine using advanced A.I. imaging technology. When it was originally discovered, the malware was in the form of a document file that attempted to attack the CVE-2021-40444 vulnerability. Subsequently, the threat actor switched to ISO archives having BazarLoader DLLs with LNK shortcuts.
Last week, F5 patched a BIG-IP vulnerability tracked as CVE-2022-1388, soon after a successful Proof-of-concept(PoC) was developed by security researchers making it susceptible to further exploitation.
Last week, F5 patched a vulnerability tracked as CVE-2022-1388, soon after a successful Proof-of-concept(PoC) was developed by security researchers making it susceptible to further exploitation.
This authentication bypass vulnerability affects the iControl REST component in BIG-IP systems. An unauthenticated attacker could use this flaw to gain initial access and control of a vulnerable machine, allowing remote code execution.
This vulnerability has been fixed in versions 17.0.0, 16.1.2.2, 15.1.5.1, 14.1.4.6 or 13.1.5. Organizations that are unable to update their versions are advised to follow these mitigations: •Blocking iControl REST access through the self IP address •Blocking iControl REST access through the management interface •Modifying the BIG-IP httpd configuration.
The Computer Emergency Response Team of Ukraine (CERT-UA) has issued an alert warning of an ongoing spear-phishing attempt aimed at delivering an email with a malware attachment to Ukrainian government institutions and European state agencies.
The Computer Emergency Response Team of Ukraine (CERT-UA) has issued an alert warning of an ongoing spear-phishing attempt aimed at delivering an email with a malware attachment to Ukrainian government institutions and European state agencies. According to CERT-UA researchers, the hacker organization UAC-0010, also known as Armageddon, is responsible for spear-phishing attempts against Ukrainian government personnel.
The group’s principal attack vector has been mass-sending emails to potential victims with harmful attachments that lead to the spread of different malware strains throughout the course of their exposed activity, and the most recent cyber-attacks are no exception. In the early days of their activity, the Gamaredon group used simple tools written in VBScript, VBA Script, C#, C++, and other programming languages, mostly relying on open-source software, before gradually expanding their toolkit with a number of custom cyber espionage tools, such as Pterodo/Pteranodon and EvilGnome malware.
At least 60,000 companies have been affected by the recent sophisticated attacks on Microsoft Exchange Server that have been carried out by threat actors
At least 60,000 companies have been affected by the recent sophisticated attacks on Microsoft Exchange Server that have been carried out by threat actors affecting small and medium sized companies.  The actor group has been breaking into the company’s computer networks through the Microsoft Exchange email software, targeting a number of victims.
Vulnerabilities
Microsoft Exchange Server Remote Code Execution Vulnerability: CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065
Affected Versions: Microsoft Exchange Server 2013, Microsoft Exchange Server 2016, Microsoft Exchange Server 2019
After seven months, a vulnerability that was addressed in August 2021 patch Tuesday remained unpatched. This locally exploited vulnerability is tracked as CVE-2021-34484 and affects the Windows User Profile Service. While Proof-of-concept is been available for some time now, it is not been actively exploited in the wild.
This Elevation of Privilege vulnerability was found by renowned researcher Abdelhamid Naceri and reported to Microsoft, which addressed it in their August 2021 release. Naceri noted that Microsoft’s fix was incomplete soon after it was issued and presented a proof of concept (POC) that bypassed it on all Windows versions. That is when the 0patch team, published an unofficial security update for all Windows versions and made it available for free download to all registered users. Microsoft then patched this security flaw in their January 2022 release, tracking it as CVE-2022-21919. Naceri, on the other hand, discovered a way around this second patch. However, Microsoft’s second attempt to fix the bug altered the “profext.dll” file, resulting in the removal of the unofficial workaround of 0patch from everyone who had installed the January 2022 Windows updates.
Prophet Spider is a well-known Initial Access Broker (IAB) group. Prophet Spider's tradecraft continues to grow while exploiting known web-server vulnerabilities such as Log4j and Citrix.
A remote code execution (RCE) vulnerability(CVE-2021-22941) affecting Citrix ShareFile Storage Zones Controller, was used by Prophet Spider to attack a Microsoft Internet Information Services (IIS) web server. The attacker took advantage of the flaw to launch a WebShell that allowed the download of further tools.
Prophet Spider also exploits known Log4j vulnerabilities in VMware Horizon (CVE-2021-44228, CVE-2021-45046, CVE-2021-44832). Prophet Spider most typically used encoded PowerShell instructions to download a second-stage payload to the targeted PCs after exploiting the vulnerabilities. The specifics of that payload are determined by the attacker’s motivations and aims, such as crypto mining, ransomware, and extortion.
This was a month of cyber warfare. The cyberwar between Ukraine and Russia introduced new attacks to global cybersecurity firms. This month, 55 vulnerabilities were discussed, of which 5 were zero-day vulnerabilities and a few vulnerabilities were exploited in the wild. Learn more!
This was a month of cyber warfare. The cyberwar between Ukraine and Russia introduced new attacks to global cybersecurity firms. This month, 55 vulnerabilities were discussed, of which 5 were zero-day vulnerabilities and a few vulnerabilities were exploited in the wild. Some of the threat actors active this month were APT27, MuddyWater, Molerats, BlackCats, APT28, UNC2596, and APT10. Several other threat actors across the globe started taking sides in the war and started using new sophisticated malware and brought previously used techniques as well. Highly targeted sectors for this month were government, telecommunications, financial, defense, and construction & engineering. Amongst all the malware that had been launched this month, three malware garnered more attention and have been discussed in this report. Last but not the least, the top ten most used TTPs are also depicted.
Previously unidentified macOS backdoor malware, CloudMensis spyware, leverages cloud storage as its command and control channel to exfiltrate documents, keystrokes, and screenshots from affected Macs.
Previously unidentified macOS backdoor malware, CloudMensis, leverages cloud storage as its command and control channel to exfiltrate documents, keystrokes, and screenshots from affected Macs
The Federal Bureau of Investigation (FBI) has released an alert on RagnarLocker Ransomware campaign that has affected nearly 52 organizations encompassing 10 critical infrastructure sectors, including entities in significant manufacturing, energy, financial services, government, and information technology.
The ransomware incorporates VMProtect, UPX, and unique packaging techniques, and it is often installed on hacked computers within a special virtual machine. It also makes use of the Windows API GetLocaleInfoW to determine the system’s location and stops the process if the computer is in certain countries. RagnarLocker scans compromised machines for current infections in order to prevent data corruption, identifies tied hard drives, iterates through all running processes and stops those linked with remote administration, and thereafter attempts to delete all Volume Shadow copies in order to prevent data recovery. Following that, the ransomware encrypts any material of interest – avoiding encrypting files in particular folders – and then leaves a.txt ransom note instructing the victim on how to pay the ransom.
Lazarus a North Korean state-sponsored advanced persistent threat (APT) group is targeting organizations via TraderTraitor with cryptocurrency thefts via TraderTraitor malware issued by FBI, CISA, and CSA.
The initial attack begins with sending a thousands of phishing emails to individuals of the targeted firm. They are tempted by good job opportunities – a common tactic used by the Lazarus APT  to convince individuals to download trojanized cryptocurrency applications on Windows or macOS operating systems. The trojanized applications include TokenAIS, CryptAIS, and Esilet is loaded with TraderTraitor malware. These apps are cross-platform, Electron-based platform utilities created with the Node.js and JavaScript runtime environments. When the payload is executed, the attacker gains access to the victim’s computer and company network by executing commands and sending additional malware.
An improperly patched Windows vulnerability (CVE-2021-24084) can lead to local privilege escalation and information disclosure. The vulnerability was disclosed in October 2020 and even after Microsoft addressed this vulnerability in February 2021’s Patch Tuesday, a researcher was able to exploit the patched vulnerability making it another zero-day made by improper patching.
After examining Microsoft’s fix, Abdelhamid Naceri, the security researcher who discovered this vulnerability, discovered a bypass of the patch as well as a more powerful new zero-day privilege elevation vulnerability. He also made the proof-of-concept available to the public.
An unofficial micro patch has been released by 0patch and will be available for free until Microsoft releases an official patch for the vulnerability.