Goodwill ransomware group propagates very unusual demands in exchange for the decryption key. The Robin Hood-like group is forcing its Victims to donate to the poor and provides financial assistance to the patients in need.

We discovered that Gimmick MacOS malware communicates only through their C2 server hosted on Google Drive. The malware was discovered in the first week of May and it has been actively targeting macOS devices

CloudSEK’s contextual AI digital risk platform XVigil discovered an unprecedented, sophisticated phishing technique, commonly known as Browser-in-the-Browser (BitB) attack, that has been targeting government websites across the world, including India.

CloudSEK’s Threat Research team has analyzed the MS Office RCE 0day vulnerability that has been dubbed as Follina and has been given the CVE-2022-30190. The attack vector and the vulnerability very closely resembles CVE-2021-40444.

Category: Adversary Intelligence Threat Type: Hacktivism Industry: Government & Private Region: India Update 2: 13 June 2022, 18:30 IST CloudSEK’s researchers captured a member of the DragonForce forum executing the purported DDOS attack on the BJP official website. The IP address in the image matches the BJP’s server’s IP address (ie.104[.]18[.]130[.]37). In […]

XVigil discovered a threat actor advertising a “battle-tested” reverse proxy/PHP phishing app called “NakedPages”, on a cybercrime forum.

XVigil identified a post, advertising 170 SonicVPN accesses for USD 2,000. Threat actors have been targeting SonicVPN frequently, which puts these accesses at a high risk of being exploited.

CVE-2022-26314 is an unauthenticated and remote OGNL injection vulnerability that could lead to remote code execution.