AWS SSM Agent Abused as a Remote Access Trojan
Cybersecurity experts have recently unearthed a novel post-exploitation method within Amazon Web Services (AWS), highlighting potential risks to Windows and Linux environments. This technique involves the unauthorized use of the AWS Systems Manager Agent (SSM Agent) as a remote access trojan.
The SSM Agent, initially designed for administrative purposes, can be maliciously repurposed by attackers who have obtained high privilege access on an endpoint with the SSM Agent installed. Once compromised, the attacker gains… Read more
‘Mysterious Team Bangladesh’ Targets Indian and Israeli Entities with DDoS and Data Breach
Cybersecurity experts have unveiled a new threat on the digital landscape, attributing over 750 distributed denial-of-service (DDoS) attacks and 78 website defacements to a hacktivist group called Mysterious Team Bangladesh since June 2022.
The modus operandi of this group centers around targeting logistics, government, and financial sector entities in India and Israel. According to Group-IB… Read more
NodeStealer Targets Facebook Business Accounts and Crypto Wallets
Cybersecurity researchers have exposed a novel Python variant of the notorious stealer malware, NodeStealer, which can seize complete control of Facebook business accounts and drain cryptocurrency reserves.
Palo Alto Network’s Unit 42 findings identified this previously undocumented strain amid an ongoing campaign that was set in motion in December 2022. As of now, there is no evidence… Read more
APT Actors Target Ivanti EPMM with Zero-Day Exploits, CISA and NCSC-NO Issues Joint Advisory
Advanced persistent threat (APT) actors have recently exploited a critical vulnerability, identified as CVE-2023-35078, in the Ivanti Endpoint Manager Mobile (EPMM) software.
The flaw, which has been operating as a zero-day since April 2023, was weaponized to launch targeted attacks against several Norwegian entities, including a government network. CVE-2023-35078 is a severe vulnerability that grants threat actors access to personally identifiable information (PII) and… Read more
SpyNote Trojan Campaign Targets European Bank Customers
Cybersecurity experts have reported a concerning surge in cyberattacks targeting various European bank customers during June and July 2023.
This aggressive campaign revolves around an Android banking trojan named SpyNote, also known as SpyMax, which has proven to be a formidable threat. Delivered through email phishing or smishing campaigns, the malware combines remote access trojan (RAT) capabilities with… Read more
Space Pirates Commit Cyber Espionage Across Russia and Serbia
In a recent cybersecurity report, the notorious threat actor known as “Space Pirates” has been identified as the perpetrator behind a series of sophisticated cyberattacks against 16 organizations based in Russia and Serbia.
The investigation by Positive Technologies further revealed the threat actor’s keen interest in harvesting PST email archives, as well as using a malware artifact called Deed RAT, an exclusive tool to… Read more
Cybercriminals Target Italian Organizations with Banking Trojan by Renting WikiLoader
Cybersecurity experts have recently identified a phishing campaign targeting organizations in Italy. This threat employs a novel strain of malware called WikiLoader, with its primary objective being the installation of a potent combination of a banking trojan, a stealer, and spyware, aptly named Ursnif or Gozi.
According to a technical report by Proofpoint, WikiLoader acts as a sophisticated downloader with the sole purpose of delivering a secondary… Read more
Redis Servers Targeted by P2PInfect Worm Employing New Breach Methods
Cybersecurity analysts are sounding the alarm as a new peer-to-peer (P2) worm, named P2PInfect, exhibits a series of previously unreported tactics to infiltrate vulnerable Redis servers and conscript them into a formidable botnet.
The malware targets exposed Redis instances by manipulating the replication functionality. By connecting to the exposed Redis instance and issuing the SLAVEOF command, threat actors can pave the way for replication and… Read more
Ninja Forms Plugin Vulnerabilities Expose 800,000 Sites to Risk
Cybersecurity experts have recently unveiled a series of security vulnerabilities plaguing the popular Ninja Forms plugin for WordPress, putting over 800,000 websites at risk.
The identified flaws, labeled CVE-2023-37979, CVE-2023-38386, and CVE-2023-38393, target versions 3.6.25 and earlier, creating opportunities for threat actors to execute privilege escalation… Read more
Hackers Exploit Windows Search Feature to Install RATs
Cybersecurity researchers have uncovered a novel attack technique that exploits a legitimate Windows search feature, placing unsuspecting users at significant risk.
The threat involves unknown malicious actors utilizing the “search-ms:” URI protocol handler, which allows applications and HTML links to initiate custom local searches on a device, alongside the… Read more