Cybersec Sentinel - Cybersec Sentinel (Page 2)

Cybersec Sentinel

Cybersec Sentinel: 30+ years of IT expertise, delivering clear, actionable cyber security insights.

Advanced Evasion Techniques Used by NonEuclid RAT

Advanced Evasion Techniques Used by NonEuclid RAT

Threat Group: Developer unknown, promoted by underground forums and individual actors Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: Privilege escalation, outdated security patches, and social engineering Malware Used: NonEuclid RAT Threat Score: High (9.0/10) – Advanced persistence, ransomware capabilities, and widespread appeal within cybercrime circles Last Threat Observation:

REF5961 Group Deploys EAGERBEE Backdoor Against Critical Sectors

REF5961 Group Deploys EAGERBEE Backdoor Against Critical Sectors

Threat Group: REF5961 Threat Type: Backdoor Malware Exploited Vulnerabilities: Potential exploitation of Microsoft Exchange ProxyLogon (CVE-2021-26855) Malware Used: EAGERBEE, RUDEBIRD, DOWNTOWN Threat Score: High (8.5/10) – Due to its focus on critical infrastructure, advanced evasion techniques, and persistent access capabilities. Last Threat Observation: January 7, 2025 Overview EAGERBEE is

DoubleClickjacking Exploit Turns Your Clicks into Chaos

DoubleClickjacking Exploit Turns Your Clicks into Chaos

Threat Group: Unattributed Threat Type: Clickjacking Variant Exploited Vulnerabilities: User Interface (UI) Redressing Vulnerabilities Malware Used: None Threat Score: High (8.0/10) – Due to its ability to bypass existing clickjacking defenses and exploit common user interactions. Last Threat Observation: January 3, 2025 Overview DoubleClickjacking is an advanced form of

Threat Surge as Lumma Stealer Expands Its Reach

Threat Surge as Lumma Stealer Expands Its Reach

Threat Group: Lumma (operated by "Shamel") Threat Type: Information Stealer (Malware-as-a-Service) Exploited Vulnerabilities: No specific vulnerabilities; relies on social engineering and deceptive tactics Malware Used: Lumma Stealer (also known as LummaC2) Threat Score: High (8.5/10) – Due to its advanced evasion techniques, broad targeting capabilities, and widespread

IoT Devices Under Fire by FICORA and CAPSAICIN

IoT Devices Under Fire by FICORA and CAPSAICIN

Threat Group: Unattributed Threat Type: IoT-Based Botnets Exploited Vulnerabilities: D-Link HNAP Interface Flaws (CVE-2015-2051, CVE-2019-10891, CVE-2022-37056, CVE-2024-33112) Malware Used: Mirai Variant "FICORA", Kaiten Variant "CAPSAICIN" Threat Score: High (8.7/10) – Due to the exploitation of widely deployed IoT devices and the potential for large-scale Distributed

Evolving Techniques in Cloud Atlas Cyber Attacks

Evolving Techniques in Cloud Atlas Cyber Attacks

Threat Group: Cloud Atlas (also known as Inception) Threat Type: Advanced Persistent Threat (APT) Exploited Vulnerabilities: * CVE-2017-11882: Memory corruption in Microsoft Office. * CVE-2018-0802: Formula editor vulnerability in Microsoft Office exploited via malicious RTF files. Malware Used: * VBShower: Polymorphic VBS-based backdoor. * PowerShower: PowerShell-based malware for reconnaissance and lateral movement. * VBCloud: New

FlowerStorm Phishing Service Gains Traction After Rockstar2FA Shutdown

FlowerStorm Phishing Service Gains Traction After Rockstar2FA Shutdown

Threat Group: FlowerStorm Threat Type: Phishing-as-a-Service (PhaaS) Exploited Vulnerabilities: User credentials and session cookies Malware Used: FlowerStorm phishing kit Threat Score: High (8.5/10) – Due to its capability to bypass multi-factor authentication (MFA) and widespread targeting of Microsoft 365 users. Last Threat Observation: December 20, 2024 Overview The cybersecurity

Christmas-Themed LNK Files Used for Malware Delivery

Christmas-Themed LNK Files Used for Malware Delivery

Threat Group: Various Cybercriminal Entities Threat Type: Malware Delivery via LNK Files Exploited Vulnerabilities: Abuse of Windows LNK File Functionality Malware Used: Emotet, Ursnif, Qakbot, IcedID Threat Score: High (8.5/10) – Due to the deceptive nature of LNK files masquerading as legitimate documents, increased holiday-themed phishing campaigns, and the

BellaCPP Expands BellaCiao Capabilities in C++

BellaCPP Expands BellaCiao Capabilities in C++

Threat Group: Charming Kitten (APT35/APT42) Threat Type: Dropper Malware Exploited Vulnerabilities: Potential exploitation of Microsoft Exchange vulnerabilities (e.g., ProxyShell, ProxyNotShell) Malware Used: BellaCPP Threat Score: High (8.5/10) – Due to its targeted approach, advanced evasion techniques, and potential impact on critical infrastructure. Last Threat Observation: December 21,

FortiWLM Security Alert Critical Remote Code Execution Flaw Discovered

Vulnerabilities

FortiWLM Security Alert Critical Remote Code Execution Flaw Discovered

Threat Group: Unknown Threat Actor(s) Threat Type: Remote Code Execution (RCE) Exploited Vulnerabilities: CVE-2023-34990 (Critical) Malware Used: None identified Threat Score: High (9.8/10) – Due to remote code execution potential, unauthenticated access, and widespread use in enterprise environments. Last Threat Observation: December 2024 Overview CVE-2023-34990 is a critical