Unmasking AVrecon: The Stealthy Malware Infiltrating Global Routers – Lumen Report
Lumen Technologies, formerly known as CenturyLink, is a global technology company that provides a wide range of services, including communications, network services, security, cloud solutions, voice, and managed services. The…
Overcoming the Top Ten Challenges in Open Source Intelligence (OSINT): A Comprehensive Introduction
Open Source Intelligence (OSINT) has become an indispensable tool in the digital age, providing a wealth of information from publicly available sources. It is used extensively in various fields, from…
JumpCloud Security Breach
JumpCloud, a US-based enterprise software firm known for its cloud directory platform, recently disclosed a security breach that was part of a highly targeted operation aimed at a select group…
TeamTNT’s Cloud Credential Stealing Campaign
In the ever-evolving landscape of cybersecurity, threat actors continue to innovate and adapt their methods to exploit new technologies and platforms. One such group, known as TeamTNT, has been actively…
In-Depth Analysis of Storm-0558 Techniques for Unauthorized Email Access
This blog post is based on the detailed analysis provided by Microsoft Security Blog on the techniques used by the threat actor tracked as Storm-0558 for unauthorized email access. Executive…
Act now! In-the-wild Zimbra vulnerability needs a workaround
Security experts are warning Zimbra users that a vulnerability for which there is no patch is being actively exploited in the wild. In a security update about the vulnerability, the…
Hackers exploiting critical WordPress WooCommerce Payments bug
Hackers are conducting widespread exploitation of a critical WooCommerce Payments plugin to gain the privileges of any users, including administrators, on vulnerable WordPress installation. Source: https://www.bleepingcomputer.com/news/security/hackers-exploiting-critical-wordpress-woocommerce-payments-bug/
Active Exploitation of Multiple Adobe ColdFusion Vulnerabilities
Rapid7 managed services teams have observed exploitation of Adobe ColdFusion in multiple customer environments. The attacks our team has responded to thus far appear to be chaining CVE-2023-29298 , a…
A technical analysis of the Quasar-forked RAT called VoidRAT
https://resources.securityscorecard.com/research/technical-analysis-of-the-quasar-forked-rat-called-void-rat Source: A technical analysis of the Quasar-forked RAT called VoidRAT / SecurityScoreCard
Black Basta Overview
Black Basta is a Russian-speaking group that was first spotted in early 2022. It is known for its double extortion attack, where it not only executes ransomware but also exfiltrates…