Latest News Articles



--- TLP:WHITE ---

News

− Iranian backed group steps up phishing campaigns against Israel, U.S.

Today Google’s Threat Analysis Group (TAG) is sharing insights on APT42, an Iranian government-backed threat actor, and their targeted phishing campaigns.

https://blog.google/threat-analysis-group/iranian-backed-group-steps-up-phishing-campaigns-against-israel-us/

− Ransomware attackers introduce new EDR killer to their arsenal

Sophos analysts recently encountered a new EDR-killing utility being deployed by a criminal group who were trying to attack an organization with ransomware called RansomHub.

https://news.sophos.com/en-us/2024/08/14/edr-kill-shifter/

− .shop gTLD becomes a new favorite to spread waves of cryptocurrency spam emails

Lately, .shop gTLD has been heavily abused by threat actors to spread cryptocurrency spam emails. Shop gTLD (generic top-level domain) was launched in 2016 and is specially designed for online shopping or e-commerce platforms .

https://www.broadcom.com/support/security-center/protection-bulletin/shop-gtld-becomes-a-new-favorite-to-spread-waves-of-cryptocurrency-spam-emails

Vulnerabilities

− Critical Vulnerability exists in Palo Alto Networks Cortex XSOAR CommonScripts (CVE-2024-5914)

A command injection issue in Palo Alto Networks Cortex XSOAR CommonScripts Pack allows an unauthenticated attacker to execute arbitrary commands within the context of an integration container.

https://www.ncsc.gov.ie/pdfs/2408190142_PaloAlto_Cortex_XSOAR_CommonScripts_Pack_Vuln.pdf

− Windows driver zero-day exploited by Lazarus hackers to install rootkit

The notorious North Korean Lazarus hacking group exploited a zero-day flaw in the Windows AFD.sys driver to elevate privileges and install the FUDModule rootkit on targeted systems.

https://www.bleepingcomputer.com/news/microsoft/windows-driver-zero-day-exploited-by-lazarus-hackers-to-install-rootkit/

--- TLP:WHITE ---