Cybersec Sentinel (Page 2)

Advanced Malware SteelFox Uses Windows Vulnerabilities for System Access

Advanced Malware SteelFox Uses Windows Vulnerabilities for System Access

Threat Group: Unknown Threat Type: Crimeware Bundle (Information Stealer and Cryptominer) Exploited Vulnerabilities: CVE-2020-14979, CVE-2021-41285 Malware Used: SteelFox Threat Score: High (8.5/10) — Due to advanced privilege escalation, data theft, and cryptocurrency mining techniques. Last Threat Observation: November 2024 Overview SteelFox is a sophisticated malware campaign that combines information-stealing

AndroxGh0st Malware Evolves to Target IoT and Critical Infrastructure

AndroxGh0st Malware Evolves to Target IoT and Critical Infrastructure

Threat Group: Unknown Threat Type: Malware/Botnet Exploited Vulnerabilities: CVE-2017-9841, CVE-2018-15133, CVE-2021-41773 Malware Used: AndroxGh0st Threat Score: High (8.5/10) — Due to its focus on critical infrastructure, advanced exploitation techniques, and integration with other botnets. Last Threat Observation: November 8 Overview AndroxGh0st is a Python-based malware that has evolved

Remcos RAT Malware Campaign Poses Persistent Threat to Windows Users

Remcos RAT Malware Campaign Poses Persistent Threat to Windows Users

Cybersec Sentinel November 9, 2024 Threat Group: Various Cybercriminal Entities Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: Phishing emails, CVE-2017-0199, multi-layer obfuscation Malware Used: Remcos RAT Threat Score: Medium Last Threat Observation: November 9, 2024 Overview Remcos RAT, a commercial RAT initially marketed as a legitimate tool for remote

Winos4.0 RAT Targets Gamers and Educational Institutions in New Malware Campaign

Winos4.0 RAT Targets Gamers and Educational Institutions in New Malware Campaign

Threat Group: Unknown Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: Social engineering through gaming-related applications targeting Windows Malware Used: Winos4.0 Threat Score: High (8.5/10) — due to its sophisticated evasion, control functions, and targeting of gaming and educational sectors Last Threat Observation: November 6, 2024, by FortiGuard

APT36 Goes Cloudy ElizaRAT Puts Indian Systems in the Crosshairs

APT36 Goes Cloudy ElizaRAT Puts Indian Systems in the Crosshairs

Threat Group: APT36 (Transparent Tribe) Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: Windows, Linux-based espionage with cloud-based C2 communication Malware Used: ElizaRAT, ApoloStealer Threat Score: High (8.8/10) — Enhanced evasion and control tactics, leveraging multiple cloud services for concealment Last Threat Observation: November 2024 (AlienVault, Check Point Research)

SYS01 Malware Exploits Meta Business Ads to Steal Credentials

SYS01 Malware Exploits Meta Business Ads to Steal Credentials

Threat Overview Threat Group: Unknown, suspected Rilide malware affiliates Threat Type: Infostealer Malware Exploited Vulnerabilities: Browser credential storage, Facebook account access, Windows Task Scheduler Malware Used: SYS01 Infostealer Threat Score: High (8.5/10) — Due to sophisticated targeting of widely-used platforms, persistent evasion tactics, and expansive reach Last Threat Observation:

OpenAI Impersonation Scam Puts ChatGPT Users at Risk

OpenAI Impersonation Scam Puts ChatGPT Users at Risk

Threat Group: Unknown Cybercriminals Threat Type: Phishing Attack Exploited Vulnerabilities: Credential Harvesting Malware Used: None detected, phishing-only campaign Threat Score: High (7.5/10) — Due to scale and the use of advanced impersonation tactics. Last Threat Observation: November 2024 Threat Group: Unknown Cybercriminals Threat Type: Phishing Attack Exploited Vulnerabilities: Credential

Interlock Ransomware Targets FreeBSD and Critical Infrastructure

Interlock Ransomware Targets FreeBSD and Critical Infrastructure

Threat Group: Interlock Threat Type: Ransomware Exploited Vulnerabilities: Network vulnerabilities; FreeBSD and VMware ESXi environments Malware Used: Interlock ransomware variants for FreeBSD and Windows Threat Score: High (8.0/10) — due to cross-platform targeting, focus on critical infrastructure, and double-extortion tactics Last Threat Observation: November 2024 Overview Interlock ransomware is

Emerging Threat Play Ransomware Targets Critical Infrastructure

Emerging Threat Play Ransomware Targets Critical Infrastructure

Threat Type: Ransomware Exploited Vulnerabilities: Microsoft Exchange ProxyNotShell (CVE-2022-41040, CVE-2022-41082), FortiOS vulnerabilities (CVE-2018-13379, CVE-2020-12812), Remote Desktop Protocol (RDP) Malware Used: Play ransomware encryptor, custom VSS copying tool, Grixba information stealer Threat Score: Critical (9/10) — Enhanced threat level due to state-backed collaborations and increased targeting of high-value sectors Last Threat

Phish 'n' Ships Aims to Disrupt the Global Shipping Industry

Phish 'n' Ships Aims to Disrupt the Global Shipping Industry

Threat Type: - Phishing and Credential Theft Exploited Vulnerabilities: - Human Error via Phishing Attacks Malware Used: - None specified (primarily credential-harvesting techniques) Threat Score: - Moderate to High (7.5/10) — The campaign targets the maritime sector, a critical infrastructure, with phishing designed to penetrate operational technology (OT) networks.