Collaborate Disseminate
Midnight Blizzard – a cyber espionage group that has been linked to the Russian Foreign Intelligence Service (SVR) – is targeting government, academia, defense, and NGO workers with phishing emails containing a signed Remote Desktop Protoco… Continue reading Russian hackers deliver malicious RDP configuration files to thousands
The identity of a suspected developer and administrator of the Redline malware-as-a-service operation has been revealed: Russian national Maxim Rudometov. Infrastructure takedown As promised on Monday when they announced the disruption of the Redline a… Continue reading US charges suspected Redline infostealer developer, admin
Crooks are leveraging the event management and ticketing website Eventbrite to deliver their phishing emails to potential targets. “Since July, these attacks have increased 25% week over week, resulting in a total growth rate of 900%,” Perc… Continue reading Phishers reach targets via Eventbrite services
Despite two patching attempts, a security issue that may allow attackers to compromise Windows user’s NTLM (authentication) credentials via a malicious Windows themes file still affects Microsoft’s operating system, 0patch researchers have … Continue reading Patching problems: The “return” of a Windows Themes spoofing vulnerability
Black Basta ransomware affiliates are still trying to trick enterprise employees into installing remote access tool by posing as help desk workers, now also via Microsoft Teams. Phishing via MS Teams Earlier this year, Rapid7 warned about Black Basta u… Continue reading Black Basta operators phish employees via Microsoft Teams
The Dutch National Police, along with partner law enforcement agencies, has disrupted the operation of the Redline and Meta infostealers and has collected information that may unmask users who paid to leverage the infamous malware. Screenshot of the Re… Continue reading Police hacks, disrupts Redline, Meta infostealer operations
Threat actors have been leveraging zero and n-day vulnerabilities in Cisco security appliances (CVE-2024-20481), Microsoft Sharepoint (CVE-2024-38094), and Google’s Chrome browser (CVE-2024-4947). CVE-2024-20481 (Cisco ASA/FTD) In the past few da… Continue reading Exploited: Cisco, SharePoint, Chrome vulnerabilities
Fortinet has finally made public information about CVE-2024-47575, a critical FortiManager vulnerability that attackers have exploited as a zero-day. About CVE-2024-47575 CVE-2024-47575 is a vulnerability stemming from missing authentication for a crit… Continue reading Fortinet FortiManager flaw exploited in zero-day attacks (CVE-2024-47575)
Broadcom has released new patches for previously fixed vulnerabilities (CVE-2024-38812, CVE-2024-38813) in vCenter Server, one of which hasn’t been fully addressed the first time and could allow attackers to achieve remote code execution. The vul… Continue reading VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812)
Attackers have exploited an XSS vulnerability (CVE-2024-37383) in the Roundcube Webmail client to target a governmental organization of a CIS country, Positive Technologies (PT) analysts have discovered. The vulnerability was patched in May 2024, in Ro… Continue reading Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383)