Cobalt Stike Beacon Detected – 124[.]223[.]215[.]12:8091
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 18[.]197[.]201[.]242:4433
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 81[.]161[.]229[.]168:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 39[.]101[.]1[.]65:8443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Google Chrome code execution | CVE-2023-0471
NAME__________Google Chrome code executionPlatforms Affected:Google Chrome 109.0Risk Level:8.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Google Chrome could allow a remote attacker to execute arbitrary code...
VMware vRealize Log Insight code execution | CVE-2022-31704
NAME__________VMware vRealize Log Insight code executionPlatforms Affected:VMware vRealize Log Insight 8.0.0 VMware Cloud Foundation 3.0 VMware Cloud Foundation 4.0 VMware...
Google Chrome code execution | CVE-2023-0472
NAME__________Google Chrome code executionPlatforms Affected:Google Chrome 109.0Risk Level:8.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Google Chrome could allow a remote attacker to execute arbitrary code...
FreeSWITCH Sofia-SIP buffer overflow | CVE-2023-22741
NAME__________FreeSWITCH Sofia-SIP buffer overflowPlatforms Affected:FreeSWITCH Sofia-SIP 1.13.10Risk Level:9.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________FreeSWITCH Sofia-SIP is vulnerable to a heap-based buffer overflow, caused by...
Google Chrome code execution | CVE-2023-0473
NAME__________Google Chrome code executionPlatforms Affected:Google Chrome 109.0Risk Level:8.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Google Chrome could allow a remote attacker to execute arbitrary code...
Google Chrome code execution | CVE-2023-0474
NAME__________Google Chrome code executionPlatforms Affected:Google Chrome 109.0Risk Level:8.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Google Chrome could allow a remote attacker to execute arbitrary code...
LockBit 3.0 Ransomware Victim: flatironssolutions[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Daily Vulnerability Trends: Wed Jan 25 2023
Daily Vulnerability Trends (sourced from VulnMon) CVE NAMECVE DescriptionCVE-2023-22809In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments...
Malware Analysis – djvu – c82d642d03203afc33ec1bf6c736b5c5
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: c82d642d03203afc33ec1bf6c736b5c5SHA1: 45385bbb8d54c5adc84e49450c7ec1f69b60906bANALYSIS DATE: 2023-01-25T03:43:41ZTTPS: T1012, T1082, T1005, T1081,...
Malware Analysis – darkcomet – 0370e5464c8f4718128f18548ca236aa
Score: 10 MALWARE FAMILY: darkcometTAGS:family:darkcomet, ransomware, rat, trojanMD5: 0370e5464c8f4718128f18548ca236aaSHA1: a7dc7c6526971d70b887b937bd6965ee82e5fdd0ANALYSIS DATE: 2023-01-25T03:51:31ZTTPS: T1012, T1082, T1491, T1112 ScoreMeaningExample10Known badA malware family...
Malware Analysis – wannacry – e8340564caba7a2635af2c79cb7103eb
Score: 10 MALWARE FAMILY: wannacryTAGS:family:wannacry, bootkit, discovery, persistence, ransomware, spyware, stealer, wormMD5: e8340564caba7a2635af2c79cb7103ebSHA1: 8c62c79508abe5ffa36608d1846dcb20b2a27137ANALYSIS DATE: 2023-01-25T05:05:54ZTTPS: T1112, T1060, T1222, T1012,...
Malware Analysis – wannacry – bc5ee0bcefce9d21f9a17c60a19c2b18
Score: 10 MALWARE FAMILY: wannacryTAGS:family:wannacry, discovery, persistence, ransomware, spyware, stealer, wormMD5: bc5ee0bcefce9d21f9a17c60a19c2b18SHA1: 6b207ad03911865694e5f4c3059c2a5f0242c6daANALYSIS DATE: 2023-01-25T05:04:09ZTTPS: T1491, T1112, T1060, T1107, T1490,...
Malware Analysis – djvu – 333bcc4a842670afc9f50160d7e3055c
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: 333bcc4a842670afc9f50160d7e3055cSHA1: b72cdacbb3e38a705344cdaab0454996563e98fdANALYSIS DATE: 2023-01-25T05:09:28ZTTPS: T1082, T1012, T1005, T1081,...
Malware Analysis – djvu – f297068017e333ac96d70756a87babf6
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, stealerMD5: f297068017e333ac96d70756a87babf6SHA1: 6dbfc207b81246788e0cab826b3dd96a31dfb276ANALYSIS DATE: 2023-01-25T04:11:03ZTTPS: T1130, T1112, T1060, T1222, T1082...
GoTo says hackers stole customers’ backups and encryption key
GoTo (formerly LogMeIn) is warning customers that threat actors who breached its development environment in November 2022 stole encrypted backups...
Hackers use Golang source code interpreter to evade detection
A Chinese-speaking hacking group tracked as ‘DragonSpark’ was observed employing Golang source code interpretation to evade detection while launching espionage...
Microsoft shares workaround for unresponsive Windows Start Menu
Microsoft has confirmed an issue causing the Windows Start menu to become unresponsive and some applications to no longer launch....
VMware fixes critical security bugs in vRealize log analysis tool
VMware released security patches on Tuesday to address vRealize Log Insight vulnerabilities that could enable attackers to gain remote execution...
75k WordPress sites impacted by critical online course plugin flaws
The WordPress online course plugin 'LearnPress' was vulnerable to multiple critical-severity flaws, including pre-auth SQL injection and local file inclusion....
Russia’s largest ISP says 2022 broke all DDoS attack records
Russia's largest internet service provider Rostelecom says 2022 was a record year for Distributed denial of service attacks (DDoS) targeting...
