ذكاء التهديدات

Upgraded version of Generaly OTP bot advertised on a cybercrime forum. The bot has a dedicated Telegram channel to capture & display information. Captured OTP can be used to bypass 2FA and gain complete access to bank accounts.

The email orders organizations to review the attachment and submit their plan of action to combat Coronavirus, much similar to APT36's pattern of attack.

KFC and McDonald’s were targeted via phishing campaigns. Campaigns aimed at the Saudi Arabia, UAE, and Singapore regions. Payment details has also been compromised.

RCE vulnerability targeting MS Exchange servers that enable attackers to compromise Internet-facing instances. The zero-day vulnerability is being actively exploited by threat actors to target Windows users.

A post on a cybercrime forum is advertising Slycer Ransomware, a Python-based malware that encrypts files and sends its decryption key to the attacker

BlackMatter ransomware operators claim that it combines the best aspects of REvil, Darkside, and Lockbit ransomware. They target a variety of industries with revenue higher than USD 1 million, with the exception of organizations in the healthcare, government, oil and gas, and non-profit sectors.

CloudSEK Threat Intel has detected a threat actor selling a list of systems on the Internet that are vulnerable to CVE-2018-13379 which is a Fortinet SSL VPN path traversal vulnerability.

Category: Vulnerability Intelligence Vulnerability Class: Access of Resource Using Incompatible Type CVE ID: CVE-2022-1096 CVSS:3.0 Score: 9.1 Executive Summary CloudSEK’s Threat Research Team has discovered a breach affecting ~0.5 million users due to an active zero-day vulnerability being exploited in the wild by the RedLine stealer malware. The zero-day vulnerability exploits all the chromium-based […]