In June, the NJCCIC reported on a previous ClickFix campaign that used PowerShell scripts to drop malicious payloads. Recently, ClickFix was identified in two separate phishing campaigns. In one of these campaigns , the threat actors hacked into over 6,000 WordPress sites.
Ransomware groups frequently use Endpoint Detection and Response (EDR) tools like AuKill, EDRKillShifter, and others to disable security systems. Threat actors were recently observed incorporating the open-source tool EDRSilencer into their attack strategies.
The FBI, the CISA, the NSA, the Communications Security Establishment Canada (CSE), Australian Federal Police (AFP), and others released this Joint Cybersecurity Advisory to warn network defenders of Iranian cyber actors’ use of brute force.
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user.
Multiple vulnerabilities have been discovered in Oracle products, the most severe of which could allow for remote code execution. Systems affected include: Autonomous Health Framework, versions prior to 24.9, GoldenGate Stream Analytics, versions 19.1.0.0.0-19.1.0.0.9.
Multiple Vulnerabilities in Palo Alto Network’s Expedition have been discovered, the most severe of which could allow for arbitrary code execution on Palo Alto Firewalls. Palo Alto Network’s Expedition is a migration tool designed to help organizations move configurations...
Since at least 2021, Russian SVR cyber threat actors – also tracked as APT29, Midnight Blizzard (formerly Nobelium), Cozy Bear, and the Dukes – have consistently targeted US, European, and global entities in the Defense Industrial Base, and other sectors.
A vulnerability has been discovered in Mozilla Firefox which could allow for arbitrary code execution. Successful exploitation could allow for arbitrary code execution. Depending on the privileges associated with the user, threat actors could install programs and more..,
The newest threat to emerge from Mirai’s leaked source code has made itself known in a big way. The botnet, dubbed GorillaBot , issued over 300,000 attack commands across 113 countries from September 4 to September 27, targeting China, the United States, and Canada.
The threat actors, associated with the Democratic People’s Republic of Korea (DPRK), pose as prospective employers and target individuals seeking employment within the Information Technology sector through popular job search platforms such as LinkedIn and X.
