Latest News Articles
--- TLP:WHITE ---
News
− Iranian backed group steps up phishing campaigns against Israel, U.S.
Today Google’s Threat Analysis Group (TAG) is sharing insights on APT42, an Iranian government-backed threat actor, and their targeted phishing campaigns. https://blog.google/threat-analysis-group/iranian-backed-group-steps-up-phishing-campaigns-against-israel-us/− Ransomware attackers introduce new EDR killer to their arsenal
Sophos analysts recently encountered a new EDR-killing utility being deployed by a criminal group who were trying to attack an organization with ransomware called RansomHub.
https://news.sophos.com/en-us/2024/08/14/edr-kill-shifter/− .shop gTLD becomes a new favorite to spread waves of cryptocurrency spam emails
Lately, .shop gTLD has been heavily abused by threat actors to spread cryptocurrency spam emails. Shop gTLD (generic top-level domain) was launched in 2016 and is specially designed for online shopping or e-commerce platforms .
https://www.broadcom.com/support/security-center/protection-bulletin/shop-gtld-becomes-a-new-favorite-to-spread-waves-of-cryptocurrency-spam-emailsVulnerabilities
− Critical Vulnerability exists in Palo Alto Networks Cortex XSOAR CommonScripts (CVE-2024-5914)
A command injection issue in Palo Alto Networks Cortex XSOAR CommonScripts Pack allows an unauthenticated attacker to execute arbitrary commands within the context of an integration container. https://www.ncsc.gov.ie/pdfs/2408190142_PaloAlto_Cortex_XSOAR_CommonScripts_Pack_Vuln.pdf− Windows driver zero-day exploited by Lazarus hackers to install rootkit
The notorious North Korean Lazarus hacking group exploited a zero-day flaw in the Windows AFD.sys driver to elevate privileges and install the FUDModule rootkit on targeted systems.
https://www.bleepingcomputer.com/news/microsoft/windows-driver-zero-day-exploited-by-lazarus-hackers-to-install-rootkit/--- TLP:WHITE ---