Cybersec Sentinel (Page 2)

Evolving Techniques in Cloud Atlas Cyber Attacks

Evolving Techniques in Cloud Atlas Cyber Attacks

Threat Group: Cloud Atlas (also known as Inception) Threat Type: Advanced Persistent Threat (APT) Exploited Vulnerabilities: * CVE-2017-11882: Memory corruption in Microsoft Office. * CVE-2018-0802: Formula editor vulnerability in Microsoft Office exploited via malicious RTF files. Malware Used: * VBShower: Polymorphic VBS-based backdoor. * PowerShower: PowerShell-based malware for reconnaissance and lateral movement. * VBCloud: New

FlowerStorm Phishing Service Gains Traction After Rockstar2FA Shutdown

FlowerStorm Phishing Service Gains Traction After Rockstar2FA Shutdown

Threat Group: FlowerStorm Threat Type: Phishing-as-a-Service (PhaaS) Exploited Vulnerabilities: User credentials and session cookies Malware Used: FlowerStorm phishing kit Threat Score: High (8.5/10) – Due to its capability to bypass multi-factor authentication (MFA) and widespread targeting of Microsoft 365 users. Last Threat Observation: December 20, 2024 Overview The cybersecurity

Christmas-Themed LNK Files Used for Malware Delivery

Christmas-Themed LNK Files Used for Malware Delivery

Threat Group: Various Cybercriminal Entities Threat Type: Malware Delivery via LNK Files Exploited Vulnerabilities: Abuse of Windows LNK File Functionality Malware Used: Emotet, Ursnif, Qakbot, IcedID Threat Score: High (8.5/10) – Due to the deceptive nature of LNK files masquerading as legitimate documents, increased holiday-themed phishing campaigns, and the

BellaCPP Expands BellaCiao Capabilities in C++

BellaCPP Expands BellaCiao Capabilities in C++

Threat Group: Charming Kitten (APT35/APT42) Threat Type: Dropper Malware Exploited Vulnerabilities: Potential exploitation of Microsoft Exchange vulnerabilities (e.g., ProxyShell, ProxyNotShell) Malware Used: BellaCPP Threat Score: High (8.5/10) – Due to its targeted approach, advanced evasion techniques, and potential impact on critical infrastructure. Last Threat Observation: December 21,

FortiWLM Security Alert Critical Remote Code Execution Flaw Discovered

Vulnerabilities

FortiWLM Security Alert Critical Remote Code Execution Flaw Discovered

Threat Group: Unknown Threat Actor(s) Threat Type: Remote Code Execution (RCE) Exploited Vulnerabilities: CVE-2023-34990 (Critical) Malware Used: None identified Threat Score: High (9.8/10) – Due to remote code execution potential, unauthenticated access, and widespread use in enterprise environments. Last Threat Observation: December 2024 Overview CVE-2023-34990 is a critical

DarkGate Malware Exploits Microsoft Teams and AnyDesk for Remote Access

DarkGate Malware Exploits Microsoft Teams and AnyDesk for Remote Access

Threat Group: Unknown Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: CVE-2024-21412 Malware Used: DarkGate Threat Score: High (8.5/10) – Due to its advanced evasion techniques, multifunctionality, and recent exploitation of widely used platforms like Microsoft Teams. Last Threat Observation: December 17, 2024 Overview DarkGate is a highly sophisticated

Cybercriminals Leverage Fake CAPTCHAs for Malware Delivery

Cybercriminals Leverage Fake CAPTCHAs for Malware Delivery

Threat Group: Unknown Threat Type: Malvertising, Phishing Exploited Vulnerabilities: Social Engineering, Malvertising Networks Malware Used: Lumma Stealer Threat Score: High (8.5/10) – Due to its widespread reach, advanced obfuscation techniques, and ability to harvest sensitive data. Last Threat Observation: December 2024 (Multiple Security Sources) Overview Cybercriminals are increasingly exploiting

Advanced Cyber Threat Exploits DLL Side Loading with Yokai Backdoor

Advanced Cyber Threat Exploits DLL Side Loading with Yokai Backdoor

Threat Group: Unspecified Threat Actor Threat Type: Backdoor Malware Exploited Vulnerabilities: DLL Side-Loading Malware Used: Yokai Backdoor Threat Score: High (8.5/10) – Due to its targeted approach against government officials, sophisticated delivery mechanisms, and potential for significant data exfiltration. Last Threat Observation: December 16, 2024 Overview A recent cyber-espionage

Winnti Group Unleashes Advanced PHP Backdoor Glutton

Winnti Group Unleashes Advanced PHP Backdoor Glutton

Threat Group: Winnti (APT41) Threat Type: PHP-Based Backdoor Malware Exploited Vulnerabilities: Known vulnerabilities in PHP frameworks (Laravel, ThinkPHP) Malware Used: Glutton, ELF-based Winnti backdoor Threat Score: High (8.5/10) – Due to its advanced modular design, stealth capabilities, and targeting of both legitimate and cybercriminal systems. Last Threat Observation: December

PUMAKIT Rootkit Threatens Linux Systems Worldwide

PUMAKIT Rootkit Threatens Linux Systems Worldwide

Threat Group: Unknown Threat Type: Rootkit Exploited Vulnerabilities: Targets Linux kernels prior to version 5.7 Malware Used: PUMAKIT Threat Score: High (8.0/10) – Due to its advanced stealth capabilities and potential impact on critical infrastructure. Last Threat Observation: December 13, 2024, by Elastic Security Labs Overview PUMAKIT is