Cybersec Sentinel - Cybersec Sentinel (Page 2)

Cybersec Sentinel

Cybersec Sentinel: 30+ years of IT expertise, delivering clear, actionable cyber security insights.

Golden Chickens more_eggs Exploits Social Engineering for Infections

Golden Chickens more_eggs Exploits Social Engineering for Infections

Threat Group: Golden Chickens (aka Venom Spider) Threat Type: Malware-as-a-Service (MaaS) Exploited Vulnerabilities: Social engineering via spear-phishing Malware Used: More_eggs backdoor, RevC2 backdoor, Venom Loader Threat Score: High (8.0/10) — Due to sophisticated delivery mechanisms, evasion techniques, and deployment of multi-functional payloads Last Threat Observation: December 7 Overview

Gafgyt Malware Expands Its Reach Targeting Docker Servers

Gafgyt Malware Expands Its Reach Targeting Docker Servers

Threat Group: Various Cybercriminal Entities Threat Type: Botnet Malware Exploited Vulnerabilities: Misconfigured Docker Remote API servers, weak/default credentials in IoT devices Malware Used: Gafgyt (also known as Bashlite, Lizkebab) Threat Score: High (8.5/10) — Due to its expansion into Docker environments and potential for widespread DDoS attacks Last

SmokeLoader A Modular Malware Loader Returns in Targeted Campaigns

SmokeLoader A Modular Malware Loader Returns in Targeted Campaigns

Threat Group: SMOKY SPIDER Threat Type: Modular Malware Loader Exploited Vulnerabilities: CVE-2017-0199, CVE-2017-11882 Malware Used: SmokeLoader (also known as Dofoil, Sharik) Threat Score: High (8.5/10) — Due to its advanced evasion techniques, modular capabilities, and recent resurgence targeting critical sectors. Last Threat Observation: December 3, 2024 Overview SmokeLoader, a

Rockstar 2FA Phishing Kit Empowers Hackers to Bypass MFA Defenses

Rockstar 2FA Phishing Kit Empowers Hackers to Bypass MFA Defenses

Threat Group: Storm-1575 Threat Type: Phishing-as-a-Service (PhaaS) Exploited Vulnerabilities: User credentials and session cookies Malware Used: Rockstar 2FA phishing kit Threat Score: High (8.5/10) — Due to its capability to bypass multi-factor authentication (MFA) and widespread targeting of Microsoft 365 users. Last Threat Observation: November 30, 2024 Overview The

Matrix Botnet Exploits IoT Devices for Widespread DDoS Attacks

Matrix Botnet Exploits IoT Devices for Widespread DDoS Attacks

Threat Group: Matrix Threat Type: Distributed Denial-of-Service (DDoS) Botnet Exploited Vulnerabilities: Weak/default credentials; known vulnerabilities in IoT devices, routers, and enterprise servers Malware Used: Mirai, PYbot, Pynet, DiscordGo, Homo Network Threat Score: High (8.5/10) — Due to its expansive scope targeting IoT and enterprise systems, easy-to-access attack tools,

Linux UEFI at Risk with Bootkitty Malware Emergence

Linux UEFI at Risk with Bootkitty Malware Emergence

Threat Group: Unknown Threat Type: UEFI Bootkit Exploited Vulnerabilities: Linux UEFI Firmware (Kernel Signature Verification Bypass) Malware Used: Bootkitty Threat Score: High (8.0/10) — Due to its advanced attack vector targeting the boot process and its implications for Linux system security. Last Threat Observation: November 27, 2024, Overview In

Earth Estries Uses GhostSpider Malware to Infiltrate High Value Targets

Earth Estries Uses GhostSpider Malware to Infiltrate High Value Targets

Threat Group: Earth Estries (also known as Salt Typhoon, GhostEmperor, UNC2286) Threat Type: Advanced Persistent Threat (APT) Exploited Vulnerabilities: Multiple N-day vulnerabilities in Ivanti Connect Secure, Fortinet FortiClient EMS, Sophos Firewall, and Microsoft Exchange Server Malware Used: GHOSTSPIDER backdoor, MASOL RAT, Demodex rootkit, Deed RAT (SNAPPYBEE) Threat Score: High (8.

APT-K-47 Deploys Enhanced Asyncshell to Exploit Vulnerabilities

APT-K-47 Deploys Enhanced Asyncshell to Exploit Vulnerabilities

Threat Group: Mysterious Elephant (APT-K-47) Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: WinRAR Vulnerability (CVE-2023-38831) Malware Used: Asyncshell (versions 1 through 4), ORPCBackdoor, MSMQSPY Threat Score: High (8.5/10) — Due to its targeted approach, advanced obfuscation techniques, and evolving attack vectors. Last Threat Observation: November 27, Overview APT-K-47,

NodeStealer Evolves with Python to Exploit Facebook Ads Manager

NodeStealer Evolves with Python to Exploit Facebook Ads Manager

Threat Group: Unattributed; suspected Vietnamese origin Threat Type: Information-Stealing Malware Exploited Vulnerabilities: Browser session cookies, Facebook Business accounts Malware Used: NodeStealer Threat Score: High (8.8/10) — Due to its focus on Facebook Ads Manager and credit card data theft. Last Threat Observation: November 23, 2024 Overview NodeStealer, first identified

Gelsemium APT Shifts Focus to Linux with WolfsBane Backdoor

Gelsemium APT Shifts Focus to Linux with WolfsBane Backdoor

Threat Group: Gelsemium APT Threat Type: Advanced Persistent Threat (APT) Exploited Vulnerabilities: Linux systems, specifically Apache Tomcat servers Malware Used: WolfsBane (Linux backdoor), FireWood (Linux backdoor) Threat Score: High (8.5/10) — Focus on critical infrastructure, advanced obfuscation, and cross-platform targeting. Last Threat Observation: November 22, 2024. Overview The WolfsBane