US-CERT Vulnerability Summary for the Week of June 12, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
Cobalt Stike Beacon Detected – 103[.]211[.]124[.]126:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 124[.]223[.]91[.]53:88
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 150[.]158[.]100[.]126:88
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 119[.]45[.]188[.]91:2087
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 122[.]152[.]234[.]71:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 192[.]3[.]76[.]38:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
DuckDuckGo browser for Windows available for everyone as public beta
DuckDuckGo has released its privacy-centric browser for Windows to the general public. It is a beta version available for download...
APT37 hackers deploy new FadeStealer eavesdropping malware
The North Korean APT37 hacking group uses a new 'FadeStealer' information-stealing malware containing a 'wiretapping' feature, allowing the threat actor...
VMware fixes vCenter Server bugs allowing code execution, auth bypass
VMware has addressed multiple high-severity security flaws in vCenter Server, which can let attackers gain code execution and bypass authentication...
Microsoft: Hackers hijack Linux systems using trojanized OpenSSH version
Microsoft says Internet-exposed Linux and Internet of Things (IoT) devices are being hijacked in brute-force attacks as part of a...
CISA orders govt agencies to patch bugs exploited by Russian hackers
On Thursday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added six more security flaws to its known exploited vulnerabilities...
Millions of GitHub repos likely vulnerable to RepoJacking, researchers say
Millions of GitHub repositories may be vulnerable to dependency repository hijacking, also known as "RepoJacking," which could help attackers deploy...
Mirai botnet targets 22 flaws in D-Link, Zyxel, Netgear devices
A variant of the Mirai botnet is targeting almost two dozen vulnerabilities aiming to take control of D-Link, Arris, Zyxel,...
CISA: Apple Releases Security Updates for Multiple Products
Apple Releases Security Updates for Multiple Products Apple has released security updates to address vulnerabilities in multiple products. An attacker...
CISA: ISC Releases Security Advisories for Multiple Versions of BIND 9
ISC Releases Security Advisories for Multiple Versions of BIND 9 The Internet Systems Consortium (ISC) has released security advisories that...
MULTI#STORM Campaign Targets India and U.S. with Remote Access Trojans
A new phishing campaign codenamed MULTI#STORM has set its sights on India and the U.S. by leveraging JavaScript files to...
Malware Analysis – amadey – 14aa4c4bfae7b8b397572cd88870000e
Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:fabookie, family:smokeloader, family:vidar, botnet:153ce668f1e21829c936c2b11fa4d869, botnet:pub1, backdoor, discovery, evasion, persistence, ransomware, spyware, stealer, trojanMD5: 14aa4c4bfae7b8b397572cd88870000eSHA1:...
Malware Analysis – djvu – e0227bb951b0bd76d3a21ba42abd3574
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:153ce668f1e21829c936c2b11fa4d869, discovery, persistence, ransomware, spyware, stealerMD5: e0227bb951b0bd76d3a21ba42abd3574SHA1: d2c4f9ccaf0b92ebb9a6aba4179092f5df187da9ANALYSIS DATE: 2023-06-22T17:59:39ZTTPS: T1222, T1082, T1005, T1081,...
Malware Analysis – discovery – ce900ddf20b2554e60cb17de79ddfa27
Score: 10 MALWARE FAMILY: discoveryTAGS:discovery, evasion, persistence, ransomware, trojanMD5: ce900ddf20b2554e60cb17de79ddfa27SHA1: 07b5f2d9e9683ca4bdf983f53b9726270094ffaaANALYSIS DATE: 2023-06-22T18:52:16ZTTPS: T1012, T1120, T1082, T1088, T1089, T1112, T1102,...
Malware Analysis – djvu – 45841d5084e8b6dcb2cae5f631abf9d0
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:153ce668f1e21829c936c2b11fa4d869, discovery, persistence, ransomware, spyware, stealerMD5: 45841d5084e8b6dcb2cae5f631abf9d0SHA1: c9be8e5c7559dd9d623f94247cead30f3efaf231ANALYSIS DATE: 2023-06-22T18:16:28ZTTPS: T1082, T1012, T1053, T1005,...
Malware Analysis – evasion – 1b4e39e65dcc093252b4ddcf6951f258
Score: 7 MALWARE FAMILY: evasionTAGS:evasion, ransomwareMD5: 1b4e39e65dcc093252b4ddcf6951f258SHA1: 36153e151d49ce560049a4e17d9118eac1bba135ANALYSIS DATE: 2023-06-22T19:18:20ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known...
Malware Analysis – djvu – 2a3f36cc1fd1f55dc98fd6592cd5d80a
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:153ce668f1e21829c936c2b11fa4d869, discovery, persistence, ransomware, spyware, stealerMD5: 2a3f36cc1fd1f55dc98fd6592cd5d80aSHA1: 9eabc031f809f6afd46f12de051a6b903952db7bANALYSIS DATE: 2023-06-22T18:54:29ZTTPS: T1060, T1112, T1005, T1081,...
BlogEngine.NET open redirect | CVE-2023-33405
NAME__________BlogEngine.NET open redirectPlatforms Affected:BlogEngine.NET BlogEngine.NET 1.6.1.0 BlogEngine.NET BlogEngine.NET 2.8.0.0 BlogEngine.NET BlogEngine.NET 3.3.8.0Risk Level:4.7Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________BlogEngine.NET could allow a remote attacker...
