A phishing campaign exploiting a bug in Nespresso’s website has been able to evade detection by taking advantage of security tools that fail to look for malicious nested or hidden links.
Microsoft specifically highlighted a group named Emerald Sleet (aka Kimusky or TA427), which has been observed using LLMs to bolster spear-phishing efforts aimed at Korean Peninsula experts.
The ransomware landscape has undergone significant changes in Q1 2024, with major shifts in the behavior of Ransomware-as-a-Service (RaaS) groups, according to GuidePoint Security’s GRIT Q1 2024 Ransomware Report.
CERT-UA reports that in March 2024, APT44 conducted operations to disrupt information and communication systems at energy, water, and heating suppliers in 10 regions of Ukraine.
Androxgh0st operators are exploiting multiple CVEs, including CVE-2021-3129 and CVE-2024-1709 to deploy a web shell on vulnerable servers, granting remote control capabilities. Evidence also suggests active web shells associated with CVE-2019-2725.
The exploit occurs when referencing a private/local package, which inadvertently fetches a malicious package similarly named from the public registry due to misconfigurations in package managers.
As the company also explains in a public security advisory published on Friday, this zero-day bug enables unauthenticated attackers to escape the user’s virtual file system (VFS) and download system files.
In a briefing at Black Hat Asia, Shmuel Cohen, security researcher at SafeBreach, described how he not only reverse-engineered and cracked into the company’s signature Cortex product but also weaponized it to deploy a reverse shell and ransomware.
The starting point of the attack is a dropper, which comes in two variants — a regular dropper that’s either implemented as an executable or a DLL file and a tampered installer file for a legitimate tool named Total Commander.
Select Ukrainian government networks have remained infected with a malware called OfflRouter since 2015. “The documents contained VBA code to drop and run an executable with the name ‘ctrlpanel.exe,’” security researcher Vanja Svajcer said.