101010.pl

🛡 H3lium@infosec.exchange/:~# :blinking_cursor:"⚠️ Windows SmartScreen Bypass Alert: CVE-2024-21351 Unveiled 🔓"A new vulnerability, CVE-2024-21351, exposes a security feature bypass in Windows SmartScreen, enabling attackers to execute arbitrary code by tricking users into opening a malicious file. This flaw, with a CVSS score of 7.6, follows the previously patched CVE-2023-36025, indicating a method to circumvent Microsoft's efforts in securing its SmartScreen feature. Attackers exploit this vulnerability actively in the wild, despite Microsoft's release of an official fix. Technical breakdown: CVE-2024-21351 allows code injection into SmartScreen, bypassing protections and potentially leading to data exposure or system unavailability. Cybersecurity professionals must understand the attack vector, which requires social engineering to convince a user to open a malicious file.Tags: <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/WindowsSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#WindowsSecurity</a> <a href="https://infosec.exchange/tags/CVE2024" class="mention hashtag" rel="nofollow noopener" target="_blank">#CVE2024</a>-21351 <a href="https://infosec.exchange/tags/SmartScreenBypass" class="mention hashtag" rel="nofollow noopener" target="_blank">#SmartScreenBypass</a> <a href="https://infosec.exchange/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#Vulnerability</a> <a href="https://infosec.exchange/tags/PatchNow" class="mention hashtag" rel="nofollow noopener" target="_blank">#PatchNow</a> <a href="https://infosec.exchange/tags/InfoSecCommunity" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSecCommunity</a> <a href="https://infosec.exchange/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatIntelligence</a> 🛡️💻🔧Mitre CVE Summary: <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21351" rel="nofollow noopener" target="_blank">CVE-2024-21351</a>

🛡 H3lium@infosec.exchange/:~# :blinking_cursor:"🚨 <a href="https://infosec.exchange/tags/FortinetFlaw" class="mention hashtag" rel="nofollow noopener" target="_blank">#FortinetFlaw</a> Alert! RCE Vulnerability in SSL VPN - Act Now! 🚨"Fortinet's SSL VPN is in the spotlight due to a newly discovered RCE vulnerability, potentially exploited in recent attacks due to the existence of an exploit being publicly available. Identified as CVE-2022-40684 (FG-IR-24-015) (Critical/9.8 rating), this flaw allows unauthenticated attackers to execute arbitrary code. Upgrading to version 6.2.16, 6.4.15, 7.0.14, 7.2.7 or 7.4.3 eliminates this vulnerability. Security researchers urge immediate patching as exploits are likely circulating. 🛡️💻🔐<a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/RCE" class="mention hashtag" rel="nofollow noopener" target="_blank">#RCE</a> <a href="https://infosec.exchange/tags/Fortinet" class="mention hashtag" rel="nofollow noopener" target="_blank">#Fortinet</a> <a href="https://infosec.exchange/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#Vulnerability</a> <a href="https://infosec.exchange/tags/PatchNow" class="mention hashtag" rel="nofollow noopener" target="_blank">#PatchNow</a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://infosec.exchange/tags/SSLVPN" class="mention hashtag" rel="nofollow noopener" target="_blank">#SSLVPN</a> <a href="https://infosec.exchange/tags/Exploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#Exploit</a>Source: <a href="https://www.bleepingcomputer.com/news/security/new-fortinet-rce-flaw-in-ssl-vpn-likely-exploited-in-attacks/" rel="nofollow noopener" target="_blank">BleepingComputer</a>, <a href="https://www.tenable.com/plugins/nessus/190238" rel="nofollow noopener" target="_blank">Tenable</a>Tags: <a href="https://infosec.exchange/tags/CVE2022" class="mention hashtag" rel="nofollow noopener" target="_blank">#CVE2022</a>-40684 <a href="https://infosec.exchange/tags/FORTIOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#FORTIOS</a> <a href="https://infosec.exchange/tags/SecurityUpdate" class="mention hashtag" rel="nofollow noopener" target="_blank">#SecurityUpdate</a> <a href="https://infosec.exchange/tags/Mitigation" class="mention hashtag" rel="nofollow noopener" target="_blank">#Mitigation</a> <a href="https://infosec.exchange/tags/InfoSecCommunity" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSecCommunity</a> <a href="https://infosec.exchange/tags/CyberThreats" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberThreats</a> <a href="https://infosec.exchange/tags/FGIR24015" class="mention hashtag" rel="nofollow noopener" target="_blank">#FGIR24015</a>

🛡 H3lium@infosec.exchange/:~# :blinking_cursor:"🚨 2x High Alert: Ivanti's CVE-2024-21888 - Privilege Escalation Vulnerability AND CVE-2024-21893 - Server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure🚨"A high-severity vulnerability, CVE-2024-21888, has been identified in Ivanti Connect Secure & Ivanti Policy Secure (versions 9.x, 22.x). This vulnerability permits privilege escalation, allowing a user to gain administrative privileges. And also a high vulnerability, named CVE-2024-21893, has been discovered in Ivanti Connect Secure and Policy Secure up to versions 9.1R18/22.6R2. This vulnerability affects the SAML component and can be exploited remotely. It allows an attacker to manipulate unknown input, leading to a server-side request forgery issue. There is no publicly available exploit. A patch has been released to address this vulnerability. Admins are advised to apply patches ASAP and consider a factory reset of devices as an extra precaution.Tags: <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/VulnerabilityAlert" class="mention hashtag" rel="nofollow noopener" target="_blank">#VulnerabilityAlert</a> <a href="https://infosec.exchange/tags/Ivanti" class="mention hashtag" rel="nofollow noopener" target="_blank">#Ivanti</a> <a href="https://infosec.exchange/tags/CVE202421888" class="mention hashtag" rel="nofollow noopener" target="_blank">#CVE202421888</a> <a href="https://infosec.exchange/tags/CVE2024221893" class="mention hashtag" rel="nofollow noopener" target="_blank">#CVE2024221893</a> <a href="https://infosec.exchange/tags/PrivilegeEscalation" class="mention hashtag" rel="nofollow noopener" target="_blank">#PrivilegeEscalation</a> <a href="https://infosec.exchange/tags/PatchManagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#PatchManagement</a> <a href="https://infosec.exchange/tags/InfosecCommunity" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfosecCommunity</a> <a href="https://infosec.exchange/tags/SystemAdmins" class="mention hashtag" rel="nofollow noopener" target="_blank">#SystemAdmins</a> 🔐💻🛡️ Source: <a href="https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US" rel="nofollow noopener" target="_blank">Ivanti's Forums</a> <a href="https://www.tenable.com/cve/CVE-2024-21888" rel="nofollow noopener" target="_blank">Tenable</a>

🛡 H3lium@infosec.exchange/:~# :blinking_cursor:"🚨 Akira Ransomware Strikes! Bucks County's Emergency Services Crippled 🚨"Bucks County's emergency dispatch system faced a severe cyberattack, which is now traced back to the notorious Akira ransomware gang. This attack resulted in significant operational disruptions, forcing emergency services to revert to manual methods. As a sophisticated group known for targeting governments and businesses globally, Akira's modus operandi includes charging exorbitant ransoms for releasing hijacked data. The county, in collaboration with federal agencies, continues to investigate, maintaining operational 9-1-1 services despite the challenges.Source: <a href="https://www.nbcphiladelphia.com/news/local/akira-ransomware-behind-bucks-co-security-attack-that-crippled-emergency-dispatch-system-officials-say/3759350/" rel="nofollow noopener" target="_blank">Hayden Mitman via nbcphiladelphia.com</a>Tags: <a href="https://infosec.exchange/tags/CyberAttack" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberAttack</a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Ransomware</a> <a href="https://infosec.exchange/tags/EmergencyServices" class="mention hashtag" rel="nofollow noopener" target="_blank">#EmergencyServices</a> <a href="https://infosec.exchange/tags/AkiraRansomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#AkiraRansomware</a> <a href="https://infosec.exchange/tags/BucksCounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#BucksCounty</a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> 🚒🔒💻Additional insights from Sophos News highlight the Akira ransomware gang's techniques, including exploiting Remote Desktop Protocol (RDP) for lateral movement and utilizing tools like Advanced IP Scanner for network reconnaissance. They're known for persistence tactics, such as creating user accounts and modifying registry keys for sustained access. Defense evasion strategies include uninstalling security tools and manipulating Windows Defender settings. For command-and-control, AnyDesk and bespoke Trojans are employed for remote network access.This deep dive into Akira's tactics emphasizes the need for robust cybersecurity measures in critical infrastructure sectors.Source: <a href="https://news.sophos.com/en-us/2023/12/21/akira-again-the-ransomware-that-keeps-on-taking/" rel="nofollow noopener" target="_blank">Sophos News</a>Tags: <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/APT" class="mention hashtag" rel="nofollow noopener" target="_blank">#APT</a> <a href="https://infosec.exchange/tags/RansomwareTactics" class="mention hashtag" rel="nofollow noopener" target="_blank">#RansomwareTactics</a> <a href="https://infosec.exchange/tags/Sophos" class="mention hashtag" rel="nofollow noopener" target="_blank">#Sophos</a> <a href="https://infosec.exchange/tags/InfoSecCommunity" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSecCommunity</a> <a href="https://infosec.exchange/tags/NetworkSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#NetworkSecurity</a> 🛡️💡💻

🛡 H3lium@infosec.exchange/:~# :blinking_cursor:"⚠️ Chae$ 4.1: Taunting direct message to researchers at Morphisec within the source code. ⚠️"The original Chae$ malware was identified in September 2023, and its latest version, dubbed Chae$ 4.1, employs advanced code polymorphism to bypass antivirus detection. It also includes a direct message to Morphisec researchers thanking them for their effort and hoping not to disappoint. That's got to sting...🛡️💻🔒Source: <a href="https://www.hackread.com/fake-fix-chaes-4-1-malware-hides-driver-downloads/" rel="nofollow noopener" target="_blank">Hackread by Deeba Ahmed</a>Tags: <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/MalwareAlert" class="mention hashtag" rel="nofollow noopener" target="_blank">#MalwareAlert</a> <a href="https://infosec.exchange/tags/Chae" class="mention hashtag" rel="nofollow noopener" target="_blank">#Chae</a>$Malware <a href="https://infosec.exchange/tags/Morphisec" class="mention hashtag" rel="nofollow noopener" target="_blank">#Morphisec</a> <a href="https://infosec.exchange/tags/AdvancedThreats" class="mention hashtag" rel="nofollow noopener" target="_blank">#AdvancedThreats</a> <a href="https://infosec.exchange/tags/InfoSecCommunity" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSecCommunity</a> <a href="https://infosec.exchange/tags/DriverScam" class="mention hashtag" rel="nofollow noopener" target="_blank">#DriverScam</a> <a href="https://infosec.exchange/tags/DataProtection" class="mention hashtag" rel="nofollow noopener" target="_blank">#DataProtection</a> <a href="https://infosec.exchange/tags/UserAwareness" class="mention hashtag" rel="nofollow noopener" target="_blank">#UserAwareness</a> 🚨🌍💡

🛡 H3lium@infosec.exchange/:~# :blinking_cursor:"DarkGate Malware Unleashed: A New Threat in the Cybersecurity Arena 🚨"The Splunk Threat Research Team has recently conducted an in-depth analysis of DarkGate malware, uncovering its utilization of the AutoIt scripting language for malicious purposes. This malware is notorious for its sophisticated evasion techniques and persistence, posing a significant threat. DarkGate employs multi-stage payloads and leverages obfuscated AutoIt scripts, making it difficult to detect through traditional methods. It is capable of exfiltrating sensitive data and establishing command-and-control communications, underscoring the need for vigilant detection strategies.The key tactics and techniques of DarkGate include keylogging, remote connections, registry persistence, browser information theft, and C2 communication. One of its attack vectors involves the use of malicious PDF files that trigger the download of a .MSI file containing the DarkGate payload, demonstrating the complex strategies employed by adversaries.For threat emulation and testing, the team recommends employing an Atomic Test focused on AutoIt3 execution (as per the MITRE ATT&CK technique T1059). Security teams are advised to concentrate on endpoint telemetry sources such as Process Execution & Command Line Logging, Windows Security Event Logs, and PowerShell Script Block Logging for effective detection.Special commendations to authors Teoderick Contreras and Michael Haag, and the entire Splunk Threat Research Team, for their comprehensive analysis.Tags: <a href="https://infosec.exchange/tags/DarkGate" class="mention hashtag" rel="nofollow noopener" target="_blank">#DarkGate</a> <a href="https://infosec.exchange/tags/AutoIt" class="mention hashtag" rel="nofollow noopener" target="_blank">#AutoIt</a> <a href="https://infosec.exchange/tags/MalwareAnalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#MalwareAnalysis</a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatIntelligence</a> <a href="https://infosec.exchange/tags/MITREATTACK" class="mention hashtag" rel="nofollow noopener" target="_blank">#MITREATTACK</a> <a href="https://infosec.exchange/tags/InfoSecCommunity" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSecCommunity</a> <a href="https://infosec.exchange/tags/SplunkResearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#SplunkResearch</a><a href="https://www.splunk.com/en_us/blog/security/enter-the-gates-an-analysis-of-the-darkgate-autoit-loader.html" rel="nofollow noopener" target="_blank">Blog Splunk Threat Research Team</a>

cackalackyconDo you have a mentee, friend, or even yourself that's done something cool and ready to present it this year?We encourage you to submit it to Cackalacky Con <a href="https://infosec.exchange/tags/callforpapers" class="mention hashtag" rel="nofollow noopener" target="_blank">#callforpapers</a> open now for the <a href="https://infosec.exchange/tags/infoseccommunity" class="mention hashtag" rel="nofollow noopener" target="_blank">#infoseccommunity</a> <a href="https://infosec.exchange/tags/conference" class="mention hashtag" rel="nofollow noopener" target="_blank">#conference</a> on May 17-19, 2024<a href="https://infosec.exchange/tags/CFP" class="mention hashtag" rel="nofollow noopener" target="_blank">#CFP</a> <a href="https://infosec.exchange/tags/hackers" class="mention hashtag" rel="nofollow noopener" target="_blank">#hackers</a> <a href="https://infosec.exchange/tags/hackercon" class="mention hashtag" rel="nofollow noopener" target="_blank">#hackercon</a> <a href="https://docs.google.com/forms/d/e/1FAIpQLSeEzxjhhfyjbgrJtlTeJhPyVsmHhTBdopg9dw3WZ71KeIXVMg/viewform" rel="nofollow noopener" translate="no" target="_blank">https://docs.google.com/forms/d/e/1FAIpQLSeEzxjhhfyjbgrJtlTeJhPyVsmHhTBdopg9dw3WZ71KeIXVMg/viewform</a>

🛡 H3lium@infosec.exchange/:~# :blinking_cursor:"Intellexa and Cytrox: The Evolution of Spyware into Intel Agency-Grade Threats 🚨"In a recent study by Cisco Talos researchers, they delved into the complex workings of Predator Spyware, a highly advanced commercial spyware. Developed by the Intellexa Alliance, which encompasses firms like Cytrox, Nexa Technologies, and Senpai Technologies, Predator has gained notoriety for its ability to remain operational even after a device reboot, a feature dependent on the specific licensing option chosen by the client. Moreover, the spyware is designed with geographical usage restrictions, but these can be relaxed for an additional charge.The spyware, notorious enough to be listed on the U.S. Entity List in July 2023 for its role in cyber espionage, relies heavily on a loader component known as Alien. This symbiotic relationship enhances Predator's effectiveness, particularly in targeting both Android and iOS devices.Predator stands out for its exclusive licensing model, often priced at millions of dollars, thereby restricting its accessibility to only sophisticated cybercriminals. It belongs to a class of spyware, akin to Pegasus, that exploits zero-day vulnerabilities. However, these programs also can purchase exploit chains from external brokers. Notably, Intellexa's business strategy involves offloading the setup of attack infrastructure to its customers, a move that allows the company to maintain plausible deniability.Source: <a href="https://blog.talosintelligence.com/intellexa-and-cytrox-intel-agency-grade-spyware/" rel="nofollow noopener" target="_blank">Talos Intelligence Blog</a>Tags: <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/Intellexa" class="mention hashtag" rel="nofollow noopener" target="_blank">#Intellexa</a> <a href="https://infosec.exchange/tags/Cytrox" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cytrox</a> <a href="https://infosec.exchange/tags/Spyware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Spyware</a> <a href="https://infosec.exchange/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatIntelligence</a> <a href="https://infosec.exchange/tags/DigitalSurveillance" class="mention hashtag" rel="nofollow noopener" target="_blank">#DigitalSurveillance</a> <a href="https://infosec.exchange/tags/InfoSecCommunity" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSecCommunity</a> 🌐🔓🕵️‍♂️📱

🛡 H3lium@infosec.exchange/:~# :blinking_cursor:"🚨 <a href="https://infosec.exchange/tags/NKabuse" class="mention hashtag" rel="nofollow noopener" target="_blank">#NKabuse</a> Exposed: North Korean APT's Sophisticated Cyber Espionage 🕵️‍♂️🌍"Kaspersky's Global Emergency Response Team (GERT) and GReAT have identified a new multiplatform threat named "NKAbuse," which exploits the NKN (New Kind of Network) protocol. This malware, written in Go, targets primarily Linux desktops but can also infect MISP and ARM systems, posing a risk to IoT devices. NKAbuse infiltrates systems by uploading an implant, establishing persistence through a cron job, and installing itself in the host's home folder. It offers a range of capabilities, including flooding, backdoor access, and remote administration (RAT).The initial attack vector exploited an old vulnerability related to Struts2 (CVE-2017-5638 - Apache Struts2), targeting a financial company. NKAbuse uses the NKN protocol for bot communication, enabling it to perform a variety of DDoS attacks and act as a backdoor. It also has RAT capabilities, allowing it to capture screenshots, manage files, and execute system commands. This threat is notable for its use of blockchain technology, ensuring reliability and anonymity, and has been detected in Colombia, Mexico, and Vietnam. The article, written by Costin Raiu, Brian Bartholomew, and team, unravels IoC's and NKabuse's tactics, including a custom backdoor and strategic web compromises. 🧩🔐Source: <a href="https://securelist.com/unveiling-nkabuse/111512/" rel="nofollow noopener" target="_blank">Securelist - Unveiling NKabuse</a>Tags: <a href="https://infosec.exchange/tags/CyberEspionage" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberEspionage</a> <a href="https://infosec.exchange/tags/APT" class="mention hashtag" rel="nofollow noopener" target="_blank">#APT</a> <a href="https://infosec.exchange/tags/NorthKorea" class="mention hashtag" rel="nofollow noopener" target="_blank">#NorthKorea</a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/KonniRAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#KonniRAT</a> <a href="https://infosec.exchange/tags/StateSponsored" class="mention hashtag" rel="nofollow noopener" target="_blank">#StateSponsored</a> <a href="https://infosec.exchange/tags/CyberThreats" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberThreats</a> <a href="https://infosec.exchange/tags/SocialEngineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#SocialEngineering</a> <a href="https://infosec.exchange/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malware</a> <a href="https://infosec.exchange/tags/InfoSecCommunity" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSecCommunity</a>

🛡 H3lium@infosec.exchange/:~# :blinking_cursor:"⚠️ ATMZOW's Sophisticated Skimming: 40 New Domains Uncovered ⚠️"Sucuri's Denis Sinegubko (@unmaskparasites on Twitter) has found 40 new domains linked to the ATMZOW skimmer group. They're known for infecting Magento sites since 2015. These new domains use Google Tag Manager to hide their malicious activity, making it hard to detect and prolonging their attack. ATMZOW keeps coming up with new ways to steal credit card info, showing how cyber threats keep evolving. This reminds us to keep an eye on unfamiliar website scripts. A recent report revealed that ATMZOW compromised 40 new Google Tag Manager domains, affecting thousands of sites. They target Google Tag Manager because it's widely used and can insert code. The breach involves complex code in the GTM-TVKQ79ZS container, making it tough to decipher. The attackers also use a naming strategy for their domains to avoid detection. They've created new containers like GTM-NTV2JTB4 and GTM-MX7L8F2M with the same bad code, reinfecting compromised websites. Stay informed and stay safe! 💻🔍🛡️Source: <a href="https://blog.sucuri.net/2023/12/40-new-domains-of-magecart-veteran-atmzow-found-in-google-tag-manager.html" rel="nofollow noopener" target="_blank">Sucuri Blog</a>Tags: <a href="https://infosec.exchange/tags/ATMZOW" class="mention hashtag" rel="nofollow noopener" target="_blank">#ATMZOW</a> <a href="https://infosec.exchange/tags/Magecart" class="mention hashtag" rel="nofollow noopener" target="_blank">#Magecart</a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malware</a> <a href="https://infosec.exchange/tags/EcommerceSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#EcommerceSecurity</a> <a href="https://infosec.exchange/tags/ObfuscationTechniques" class="mention hashtag" rel="nofollow noopener" target="_blank">#ObfuscationTechniques</a> <a href="https://infosec.exchange/tags/GoogleTagManager" class="mention hashtag" rel="nofollow noopener" target="_blank">#GoogleTagManager</a> <a href="https://infosec.exchange/tags/InfosecCommunity" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfosecCommunity</a>

🛡 H3lium@infosec.exchange/:~# :blinking_cursor:"🔍 Decoding PlugX: A Comprehensive Analysis by Splunk Threat Research Team 🛡️"The Splunk Threat Research Team delves into the PlugX malware, revealing its sophisticated side-loading technique and multi-layered encryption methods. 🕵️‍♂️💻Highlights:<ul><li>PlugX employs side-loading and RC4 algorithm for stealthy execution.</li><li>Utilizes 'msbtc.exe' for malicious code execution.</li><li>STRT's 'plugx_extractor.py' tool aids in threat analysis and data extraction.</li><li>Keylogging and user impersonation are among its insidious features.</li></ul>Indicators of Compromise (IoCs):<ul><li>msbtc.cfg (SHA256: 66f9cc42c27cf689911f6ba3e24ad9cbec6fa3066a50c448d4cbf5d8a66d2eb5)</li><li>msbtc.dat (SHA256: f991c13a24df578a9f31741a263dc1405eac660d4e749465991bac68eccdc490)</li><li>More in the article.</li></ul>Thanks to Teoderick Contreras and team for this insightful piece!👏Source: <a href="https://www.splunk.com/en_us/blog/security/unmasking-the-enigma-a-historical-dive-into-the-world-of-plugx-malware.html" rel="nofollow noopener" target="_blank">Splunk Blog</a>Tags: <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/MalwareAnalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#MalwareAnalysis</a> <a href="https://infosec.exchange/tags/PlugX" class="mention hashtag" rel="nofollow noopener" target="_blank">#PlugX</a> <a href="https://infosec.exchange/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatIntelligence</a> <a href="https://infosec.exchange/tags/Splunk" class="mention hashtag" rel="nofollow noopener" target="_blank">#Splunk</a> <a href="https://infosec.exchange/tags/Encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#Encryption</a> <a href="https://infosec.exchange/tags/SideLoading" class="mention hashtag" rel="nofollow noopener" target="_blank">#SideLoading</a> <a href="https://infosec.exchange/tags/InfoSecCommunity" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSecCommunity</a> 🌍🔐📊

🛡 H3lium@infosec.exchange/:~# :blinking_cursor:"⚠️ Apache Struts Vulnerability Alert: CVE-2023-41835 🛡️"A recent security bulletin, ESB-2023.7343, has highlighted a significant vulnerability in Apache Struts, affecting versions 2.0.0 through 2.5.31 and 6.1.2.1 through 6.3.0. The issue, identified as CVE-2023-41835, carries a CVSS score of 7.5, indicating a high level of severity. This vulnerability arises when multipart requests exceed the maxStringLength limit, leading to the retention of uploaded files in the struts.multipart.saveDir, even if the request is denied. The recommended action is to upgrade to Struts versions 2.5.32, 6.1.2.2, or 6.3.0.1 or later, which contain the necessary patches. For further details and updates, refer to the original bulletin at <a href="https://lists.apache.org/thread/6wj530kh3ono8phr642y9sqkl67ys2ft" rel="nofollow noopener" target="_blank">Apache Struts Security Bulletin</a>. For detailed vulnerability info, visit <a href="https://www.cve.org/CVERecord?id=CVE-2023-41835" rel="nofollow noopener" target="_blank">CVE-2023-41835</a>.Tags: <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#Vulnerability</a> <a href="https://infosec.exchange/tags/ApacheStruts" class="mention hashtag" rel="nofollow noopener" target="_blank">#ApacheStruts</a> <a href="https://infosec.exchange/tags/CVE202341835" class="mention hashtag" rel="nofollow noopener" target="_blank">#CVE202341835</a> <a href="https://infosec.exchange/tags/InfoSecCommunity" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSecCommunity</a> <a href="https://infosec.exchange/tags/RiskManagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#RiskManagement</a> 🌍🔐🛡️

🛡 H3lium@infosec.exchange/:~# :blinking_cursor:"⚠️ <a href="https://infosec.exchange/tags/HPEOneView" class="mention hashtag" rel="nofollow noopener" target="_blank">#HPEOneView</a> Alert! Triple Vulnerability Threat Uncovered ⚠️"Hewlett Packard Enterprise's OneView Software is under the spotlight with three critical vulnerabilities identified. These flaws can lead to authentication bypass, sensitive data exposure, and even denial of service. If you're using HPE OneView, it's time to patch up! 🛡️Vulnerabilities: 1️⃣ CVE-2023-30908 – Remote Authentication Bypass: Scored a whopping 9.8 on CVSS, this flaw allows attackers to bypass authentication due to mishandling of user credentials in HPE OneView. Kudos to Sina Kheirkhah (<a href="https://infosec.exchange/@SinSinology" class="u-url mention" rel="nofollow noopener" target="_blank">@SinSinology</a>) from the Summoning Team (@SummoningTeam) for reporting this! 🕵️‍♂️2️⃣ CVE-2022-4304 – Disclosure of Sensitive Information: A timing-based side channel in OpenSSL's RSA Decryption can leak sensitive info. Attackers can exploit this by sending numerous trial decryption messages. 📩3️⃣ CVE-2023-2650 – Denial of Service: This flaw lies in OpenSSL's OBJ_obj2txt() method, allowing attackers to launch a DoS attack on HPE OneView. 🚫Impacted? 🤔 Versions prior to v8.5 and v6.60.05 patch are vulnerable. But don't fret! HPE has released patches for these versions. Head to the HPE Support Center and upgrade ASAP! ⏳Source: <a href="https://cybersecuritynews.com/hpe-oneview-vulnerability/" rel="nofollow noopener" target="_blank">Guru's Article, September 11, 2023</a>Tags: <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/HPE" class="mention hashtag" rel="nofollow noopener" target="_blank">#HPE</a> <a href="https://infosec.exchange/tags/VulnerabilityAlert" class="mention hashtag" rel="nofollow noopener" target="_blank">#VulnerabilityAlert</a> <a href="https://infosec.exchange/tags/PatchNow" class="mention hashtag" rel="nofollow noopener" target="_blank">#PatchNow</a> <a href="https://infosec.exchange/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSSL</a> <a href="https://infosec.exchange/tags/DoS" class="mention hashtag" rel="nofollow noopener" target="_blank">#DoS</a> <a href="https://infosec.exchange/tags/AuthenticationBypass" class="mention hashtag" rel="nofollow noopener" target="_blank">#AuthenticationBypass</a> <a href="https://infosec.exchange/tags/SensitiveDataLeak" class="mention hashtag" rel="nofollow noopener" target="_blank">#SensitiveDataLeak</a> <a href="https://infosec.exchange/tags/InfoSecCommunity" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSecCommunity</a>

Recent searches

Search options

Administered by:

Server stats:

#infoseccommunity