Cybersec Sentinel

UEFI Secure Boot Vulnerability Highlighted in CVE 2024 7344

Vulnerabilities

UEFI Secure Boot Vulnerability Highlighted in CVE 2024 7344

Threat Group: N/A Threat Type: Vulnerability Exploitation Exploited Vulnerabilities: CVE-2024-7344 Malware Used: Custom PE Loader with Encrypted Payload Threat Score: High (9.2/10) – Due to its ability to bypass foundational security mechanisms like UEFI Secure Boot, enabling undetectable and persistent compromises. Overview CVE-2024-7344 is a critical vulnerability found

The Return of PlugX Malware with Fresh Tricks

The Return of PlugX Malware with Fresh Tricks

Threat Group: Likely associated with Chinese Advanced Persistent Threat (APT) groups Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: Multiple, including spear-phishing and exploiting unpatched software vulnerabilities Malware Used: PlugX Threat Score: High (8.7/10) – Due to its versatility, stealth capabilities, and association with espionage campaigns Last Threat Observation:

Phishing Campaigns Fuel Compiled AutoIt Malware Distribution

Phishing Campaigns Fuel Compiled AutoIt Malware Distribution

Threat Group: Various (including XLoader, SnakeKeylogger, RedLine, AgentTesla, RemcosRAT) Threat Type: Multi-Functional Malware via Phishing Campaigns Exploited Vulnerabilities: None specific; relies on social engineering for initial infection Malware Used: AutoIt Compile Malware (XLoader, SnakeKeylogger, RedLine, AgentTesla, RemcosRAT) Threat Score: High (8.7/10) – Due to the rapid increase in distribution

macOS Users Targeted by the New Variant of Banshee Infostealer

macOS Users Targeted by the New Variant of Banshee Infostealer

Threat Group: Unknown Threat Type: Information Stealer (Infostealer) Exploited Vulnerabilities: No specific vulnerabilities exploited; relies on social engineering and phishing tactics Malware Used: Banshee Stealer Threat Score: High (8.5/10) – Due to its advanced evasion techniques, targeting of macOS systems, and comprehensive data theft capabilities. Last Threat Observation: January

Advanced Evasion Techniques Used by NonEuclid RAT

Advanced Evasion Techniques Used by NonEuclid RAT

Threat Group: Developer unknown, promoted by underground forums and individual actors Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: Privilege escalation, outdated security patches, and social engineering Malware Used: NonEuclid RAT Threat Score: High (9.0/10) – Advanced persistence, ransomware capabilities, and widespread appeal within cybercrime circles Last Threat Observation:

REF5961 Group Deploys EAGERBEE Backdoor Against Critical Sectors

REF5961 Group Deploys EAGERBEE Backdoor Against Critical Sectors

Threat Group: REF5961 Threat Type: Backdoor Malware Exploited Vulnerabilities: Potential exploitation of Microsoft Exchange ProxyLogon (CVE-2021-26855) Malware Used: EAGERBEE, RUDEBIRD, DOWNTOWN Threat Score: High (8.5/10) – Due to its focus on critical infrastructure, advanced evasion techniques, and persistent access capabilities. Last Threat Observation: January 7, 2025 Overview EAGERBEE is

DoubleClickjacking Exploit Turns Your Clicks into Chaos

DoubleClickjacking Exploit Turns Your Clicks into Chaos

Threat Group: Unattributed Threat Type: Clickjacking Variant Exploited Vulnerabilities: User Interface (UI) Redressing Vulnerabilities Malware Used: None Threat Score: High (8.0/10) – Due to its ability to bypass existing clickjacking defenses and exploit common user interactions. Last Threat Observation: January 3, 2025 Overview DoubleClickjacking is an advanced form of

Threat Surge as Lumma Stealer Expands Its Reach

Threat Surge as Lumma Stealer Expands Its Reach

Threat Group: Lumma (operated by "Shamel") Threat Type: Information Stealer (Malware-as-a-Service) Exploited Vulnerabilities: No specific vulnerabilities; relies on social engineering and deceptive tactics Malware Used: Lumma Stealer (also known as LummaC2) Threat Score: High (8.5/10) – Due to its advanced evasion techniques, broad targeting capabilities, and widespread

IoT Devices Under Fire by FICORA and CAPSAICIN

IoT Devices Under Fire by FICORA and CAPSAICIN

Threat Group: Unattributed Threat Type: IoT-Based Botnets Exploited Vulnerabilities: D-Link HNAP Interface Flaws (CVE-2015-2051, CVE-2019-10891, CVE-2022-37056, CVE-2024-33112) Malware Used: Mirai Variant "FICORA", Kaiten Variant "CAPSAICIN" Threat Score: High (8.7/10) – Due to the exploitation of widely deployed IoT devices and the potential for large-scale Distributed

Evolving Techniques in Cloud Atlas Cyber Attacks

Evolving Techniques in Cloud Atlas Cyber Attacks

Threat Group: Cloud Atlas (also known as Inception) Threat Type: Advanced Persistent Threat (APT) Exploited Vulnerabilities: * CVE-2017-11882: Memory corruption in Microsoft Office. * CVE-2018-0802: Formula editor vulnerability in Microsoft Office exploited via malicious RTF files. Malware Used: * VBShower: Polymorphic VBS-based backdoor. * PowerShower: PowerShell-based malware for reconnaissance and lateral movement. * VBCloud: New