Today, CISA—in partnership with the Federal Bureau of Investigation (FBI)—released a joint Cybersecurity Advisory, North Korea State-Sponsored Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs. The advisory was coauthored with the following
Continue ReadingMonth: July 2024
Positron Broadcast Signal Processor
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Positron S.R.L Equipment: Broadcast Signal Processor TRA7005 Vulnerability: Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION
Continue ReadingAPT45: North Korea’s Digital Military Machine
Written by: Taylor Long, Jeff Johnson, Alice Revelli, Fred Plan, Michael Barnhart Executive Summary APT45 is a long-running, moderately sophisticated North Korean cyber operator that has carried out espionage campaigns as early as 2009. APT45
Continue ReadingXWorm Hidden With Process Hollowing, (Thu, Jul 25th)
XWorm is not a brand-new malware family[1]. It's a common RAT (Remote Access Tool) re-use regularly in new campaigns. Yesterday, I found a sample that behaves like a dropper and runs the malware using the Process
Continue ReadingISC Stormcast For Thursday, July 25th, 2024 https://isc.sans.edu/podcastdetail/9068, (Thu, Jul 25th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingISC Releases Security Advisories for BIND 9
The Internet Systems Consortium (ISC) released security advisories to address vulnerabilities affecting multiple versions of ISC’s Berkeley Internet Name Domain (BIND) 9. A cyber threat actor could exploit one of these vulnerabilities to cause a denial-of-service
Continue Reading“Mouse Logger” Malicious Python Script, (Wed, Jul 24th)
Keylogging is a pretty common feature of many malware families because recording the key pressed on a keyboard may reveal a lot of interesting information like usernames, passwords, etc. Back from SANSFIRE, I looked at my backlog
Continue ReadingISC Stormcast For Wednesday, July 24th, 2024 https://isc.sans.edu/podcastdetail/9066, (Wed, Jul 24th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingNew Exploit Variation Against D-Link NAS Devices (CVE-2024-3273), (Tue, Jul 23rd)
In April, an OS command injection vulnerability in various D-Link NAS devices was made public [1]. The vulnerability, %%CVE:2024-3273%% was exploited soon after it became public. Many of the affected devices are no longer supported. We
Continue ReadingWhose Voice Is It Anyway? AI-Powered Voice Spoofing for Next-Gen Vishing Attacks
Written by: Emily Astranova, Pascal Issa Executive Summary AI-powered voice cloning can now mimic human speech with uncanny precision, creating for more realistic phishing schemes. According to news reports, scammers have leveraged voice cloning and
Continue Reading