A new phishing campaign has recently been discovered that uses GitHub to deliver Remote Access Trojans (RAT) STRRAT and Vcurms via a malicious Java downloader. ANY.RUN specialists have detected the active spread of these malicious programs and warn users against potential threats. Short About STRRAT and Vcurms STRRAT is a Java-based RAT, notorious for its… Continue reading STRRAT and Vcurms Malware Abuse GitHub for Spreading
Tag: Cybersecurity
Fortinet RCE Vulnerability Affects FortiClient EMS Servers
Fortinet disclosed a critical vulnerability affecting FortiClient EMS products in March 2024. This vulnerability, categorized as an SQL injection, poses a significant cybersecurity threat. Above all, it has the potential to allow remote attackers to execute arbitrary commands on administrative workstations. Fortinet SQLi Vulnerability Causes Remote Code Execution As I mentioned, the vulnerability is classified… Continue reading Fortinet RCE Vulnerability Affects FortiClient EMS Servers
Adobe Reader Infostealer Plagues Email Messages in Brazil
A recent email spam campaign reportedly spreads infostealer malware under the guise of Adobe Reader Installer. Within a forged PDF document, there is a request to install Adobe Reader app, that triggers malware downloading and installation. Considering the language of the said documents, this malicious activity mainly targets Portugal and Brazil. Infostealer Spreads in Fake… Continue reading Adobe Reader Infostealer Plagues Email Messages in Brazil
LockBit Ransomware Taken Down by NCA
On February 19, 2024, LockBit ransomware was taken down by the UK National Crime Agency in cooperation with a selection of other law enforcement agencies. The banner typical for such takedowns now illustrates all the web assets of LockBit ransomware. There is quite a hope about the possible release of decryption keys and even a… Continue reading LockBit Ransomware Taken Down by NCA
MIT Hacked, Students’ Data Sold on the Darknet
On February 13, 2024, a post on a Darknet forum appeared, offering to purchase a large pack of data leaked from Massachusetts Institute of Technology (MIT). The hacker under the alias “Ynnian” claims that the leak happened this year, and consists mainly of students’ data. No pay is asked for this DB, hence the information… Continue reading MIT Hacked, Students’ Data Sold on the Darknet
Warzone RAT Dismantled, Members Arrested
In an international law enforcement operation, the U.S. Department of Justice continues its fight against cybercriminals. The operation dismantled a network that sold and supported the Warzone Remote Access Trojan (RAT). Also, this malware allowed cybercriminals to stealthily infiltrate victims’ computers, resulting in data theft and other malicious activities. Warzone RAT Masters Arrested and Charged… Continue reading Warzone RAT Dismantled, Members Arrested
HijackLoader Malware Comes With New Evasion Methods
The HijackLoader malware has added new defense evasion techniques. Other threat actors are increasingly using the malware to deliver payloads and tooling. The developer used a standard process hollowing technique coupled with a trigger that makes defense evasion stealthier. What is HijackLoader? According to the researchers’ report, the HijackLoader malware, or IDAT Loader, has recently… Continue reading HijackLoader Malware Comes With New Evasion Methods
New Fortinet VPN RCE Flaw Discovered, Patch ASAP
Fortinet has issued a warning about a recently discovered critical vulnerability in its FortiOS SSL VPN system that could be actively exploited by attackers. The vulnerability in Fortinet network security solutions poses a significant threat to organizations. It allows unauthenticated attackers to gain remote code execution (RCE) capabilities through maliciously crafted requests. Fortinet VPN RCE… Continue reading New Fortinet VPN RCE Flaw Discovered, Patch ASAP
Ov3r_Stealer Steals Crypto and Credentials, Exploits Facebook Job Ads
A new Windows malware called Ov3r_Stealer is spreading through fake Facebook job ads, according to a report by Trustwave SpiderLabs. The malware is designed to steal sensitive information and crypto wallets from unsuspecting victims. Let’s delve into the mechanics of these deceptive ads, and Ov3r_Stealer. Ov3r_Stealer Abuses Facebook Job Ads Scammers use elaborate job ads… Continue reading Ov3r_Stealer Steals Crypto and Credentials, Exploits Facebook Job Ads
Hewlett Packard Enterprise Hacked, Darknet Forum Sales Data
On February 1, 2024, a post on a Darknet hacker forum selling Hewlett Packard Enterprise data appeared. Threat actor known as IntelBroker claims hacking into the company’s network and grabbing a whole lot of data, including access tokens and passwords. The company themselves acknowledges the breach, but cannot confirm any cybersecurity incidents happened in the… Continue reading Hewlett Packard Enterprise Hacked, Darknet Forum Sales Data