Jan 12, 2024NewsroomVulnerability / Threat Intelligence As many as five different malware families were deployed by suspected nation-state actors as part of post-exploitation activities leveraging two zero-day vulnerabilities in Ivanti Connect Secure (ICS) VPN appliances since early December 2023. “These families allow the threat actors to circumvent authentication and provide backdoor access to these devices,” […]
This post is also available in: 日本語 (Japanese) Executive Summary Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. Medusa threat actors use this site to disclose sensitive […]
Jan 12, 2024NewsroomDevSecOps / Software security GitLab has released security updates to address two critical vulnerabilities, including one that could be exploited to take over accounts without requiring any user interaction. Tracked as CVE-2023-7028, the flaw has been awarded the maximum severity of 10.0 on the CVSS scoring system and could facilitate account takeover by […]
Snitchy & Scratchy The brainchild of Atlanta based producer/polymath Jonah Swilley – a founding member of Mattiel and also known for his production work with Moonwalks and Night Beats – and Columbus, GA rapper Brandon ‘Bez’ Evans, Revival Season’s debut album, Golden Age Of Self Snitching is out next month and looks like it’ll turn […]
Defense evasion by exploiting CVE-2023-36025 Once the malicious .url file exploiting CVE-2023-36025 is executed, it connects to an attacker-controlled server to download and execute a control panel item (.cpl) file. Microsoft Windows Defender SmartScreen should warn users with a security prompt before executing the .url file from an untrusted source. However, the attackers craft a […]
Technical Analysis Zscaler ThreatLabz has previously analyzed DreamBus and its modules. Each DreamBus module is an Executable and Linkable Format (ELF) binary that is packed by UPX with a modified header and footer. This alteration is designed to prevent the UPX command-line tool from statically unpacking DreamBus binaries. The magic bytes UPX! (0x21585055) are typically […]
Scope Neglect comes via the mighty Mute empire Iceland-based Australian composer Ben Frost has released his first studio album in six years. Scope Neglect, which is released via Mute, is described as an experimental and genre-shifting album forged from Frost’s admiration for heavy metal. The results meld elements of the genre with the composer’s dramatic, […]
A recent spate of phishing scams — promoted through counterfeit websites — has prompted warnings from police and local businesses in the United Arab Emirates (UAE). The alerts flag fake websites posing as Dubai’s Road and Transport Authority (RTA), which runs the metro and bus network in the city, as well as tourist sites such […]
Team Liquid’s wiki leak exposes 118K users Pierluigi Paganini January 12, 2024 Liquipedia, an online e-sports platform run by Team Liquid, exposed a database revealing its users’ email addresses and other details. Users of the e-sports knowledge base were exposed via a publicly accessible and passwordless MongoDB database, the Cybernews research team has discovered. The […]