Cyber Intel Brief

Threat Actors Exploit Teams, SharePoint, and OneDrive for Stealthy Malware Delivery, New ZIP File Tactic Unveiled, 142 Firms Leaked with Professional Services Hit Hardest, and CISA Adds Key Vendor Vulnerabilities

North Korea’s Ransomware Collaboration Escalates Threats, SharePoint Vulnerability CVE-2024-38094 Exploitation Details Released, 107 Firms Leaked with Manufacturing Most Affected, and CISA Adds PTZOptics Vulnerabilities

FortiManager Zero-Day Exploited for Data Theft, ClickFix Campaign Threatens Organizations, 162 Firms Leaked with Manufacturing Most Affected, and CISA Adds Cisco, Roundcube, and Fortinet Vulnerabilities

Iranian Actors Sell Critical Infrastructure Access, Bumblebee Returns with New Threats, 108 Firms Leaked with Professional Services Most Affected, and CISA Adds Microsoft, ScienceLogic, and Veeam Vulnerabilities

Credential Harvesting Spreads via File-Hosting Platforms, Nation-State Hackers Exploit Ivanti Flaws, 113 Firms Leaked with Professional Services Hit Hardest, and CISA Adds Key Vendor Vulnerabilities

MedusaLocker Variant BabyLockerKZ Spreads Globally, Zimbra RCE Exploited in Phishing Attacks, 64 Firms Leaked with Professional Services Hit Hardest, and CISA Adds Synacor, Microsoft, and Qualcomm Vulnerabilities

Critical UNIX/Linux Printing Flaws Enable RCE, Malvertising Drives BlackCat Ransomware, 73 Firms Leaked with Manufacturing Hit Hardest, and CISA Adds SAP, Motion Spell, DrayTek, and D-Link Vulnerabilities

Shadow IT Risks Exposed in Server Compromise, Vice Society Targets Healthcare with INC Ransomware, 131 Firms Leaked Amid CL0P's Surge, and CISA Adds New Ivanti Vulnerabilities

Critical Ivanti Vulnerability CVE-2024-29847 Exposed, WhatsUp Gold Targeted, Azure Storage Tool Misused for Data Theft, 72 Firms Leaked, and CISA Adds Major Vendor Vulnerabilities

Earth Lusca Unveils KTLVdoor Backdoor, Russia's GRU Cyber Unit Exposed, 60 Firms Leaked with Manufacturing Hit Hardest, and CISA Adds Microsoft, ImageMagick, Linux, and SonicWall Vulnerabilities

Iranian Hackers Join Forces with Ransomware Groups, BlackByte's Tactics Unveiled, RansomHub Compromises 200+ Organizations, New CVE-2023-22527 Exploits Deliver Godzilla Webshell, and CISA Updates

PEAKLIGHT Memory-Only Malware Uncovered, Qilin Ransomware Strikes, ShinyHunters Target AWS in Extortion Campaign, 65 Firms Leaked, and CISA Adds New Vulnerabilities

EDRKillShifter Targets Endpoint Defenses, Cloud Extortion Exploits .env Files, New DNS Tunneling Backdoor Emerges, Social Engineering Tactics Evolve, 90 Firms Hit by Ransomware, and CISA Updates Exploited List

0.0.0.0 Day Browser Vulnerability Exposes Networks, CISA & FBI Update on Royal Ransomware, Cloud-Based Threats Rise, Qilin Ransomware's Global Impact, Earth Baku Expands Espionage, and Lockbit Leads Ransomware Surge

Phishing Exploits TryCloudflare for RATs, Stealthy Windows Backdoor, Russian APT’s Free Service Malware, StormBamboo’s DNS Poisoning, RAT Unveiled in Ransomware Attack, Ransomware Activity Declines, and CISA Updates

Onyx Sleet Indictments, Black Basta's Dangerous Tactics, ESXi Exploited in Ransomware Attacks, 100 New Ransomware Victims, and CISA Adds VMware, ServiceNow, Acronis Vulnerabilities

Cyberespionage Uses Open-source Tools, FIN7 Tool AvNeutralizer Sold, SocGholish Delivers AsyncRAT, Serverless Computing Threats, Credit Card Data Theft via Swap Files, ICS Malware Modbus Threat, Ransomware Surge, and 2 New Vulnerabilities

APT40's Espionage Techniques, FIN7's Vast Network Exposed, CRYSTALRAY's Credential Theft and Cryptomining, New APT41-Linked Malware, Snowflake Data Theft Impact, and Ransomware Leak Sites

Gootloader v3, Eldorado ransomware, Rejetto Update, MSBuild Abuse, data-leak site additions, and CISA Updates

Critical OpenSSH and Fortra FileCatalyst Vulnerabilities Exploited, Chinese APTs Blur Cybercrime Lines, P2Pinfect Botnet Upgraded, TeamViewer Breach Details, Velvet Ant Zero-Day Attack on Cisco, and CISA Updates

SolarWinds Vulnerability Exploited, Rafel RAT Targets Android, UNC3886 Accesses VMs, MOVEit Transfer Exploited, BMANAGER Malware Emerges, 76 New Leaks, and CISA Updates

‘Sleepy Pickle’ Targets ML Models, Scattered Spider Threatens Cloud Security, Copy-Paste Malware Rises, ShinyHunters Breach Snowflake, 87 New Leaks, and CISA Adds 3 Vulnerabilities

DarkGate Malware Hits U.S. in Malspam Campaign, Chinese Cyber Espionage Groups Exposed, Snowflake Extortion Reveals Security Gaps, 82 Organizations Leaked, and CISA Updates Vulnerabilities Catalog

Active Exploits on Check Point, North Korean Moonstone Sleet Unveiled, and Snowflake Data Breach Underscores MFA Necessity

BitLocker Hijacked by VBS Script, Rust-Based Embargo Ransomware Surges, CISA Alerts on New Vulnerabilities, and Tips to Defend Virtual Environments

New Linux Backdoor from North Korea, LATRODECTUS Phishing Surge, Malicious LNK Files, Data Leak Sites Grow, and CISA Warns of 5 Active Vulnerabilities

VPN RCEs Continue, LLMjacking, Social Engineering by Overload, Hundreds of Newly Published Data Leaks, and Chromium Vulns Added to the KEV Catalog

Command Injection Vulnerability Exploits, Ransomware Surge, Data Leak Sites Multiply, and CISA Bolsters CVE Catalog

Critical Command Injection Vulnerability Exploited, IcedID & Dagon Locker Ransomware Active, Data Leak Sites Expand, and CISA Adds to the CVE Catalog

OpenMetadata Vulnerabilities Mine Crypto, Spoofed IP Scanning Websites Target IT Teams, and DuneQuixote Campaign Includes Spanish Poetry to Deliver CR4T Backdoor

Rhadamanthys Infostealer, Credit Card Skimmer in Fake Meta Pixel Tracker, and Operation Midnight Eclipse

CoralRaider Gets Social, VenomRAT Deployed by ScrubCrypt, and Nearly 50 New Data Leak Victims

WarzoneRAT is Back, Ransomware Has a New Agenda, XZ Backdoor Delivered by Trusted Source, and the Latest from Data Leak Sites

Kimsuky Updates Playbook, Turla Backdoor Attack Chain Exposed, StrelaStealer Debuts, and MuddyWater Rises

Latest Phishing Tactics and Techniques, ShadowSyndicate Scanning Servers, and Fake Google Docs Pages Deliver Azorult Infostealer

Infostealer Circulated Through Facebook, Magnet Goblin Deploys Malware, PLUS 3 Common Post Network Device Tactics and eRAT

CISA Exposes Phobos Affiliates, New Attack Chain Steals NTLM, Plus Terminator and BABYSHARK

Russian Turla Deploys New Arsenal, Attackers Exploit ScreenConnect to Deliver Malware, and Cozy Bear Goes Cloud

TicTacToe Dropper Is No Game, No Malware Needed for Access to Government Victim, and Tycoon Group Offers New Phishing-as-a-Service

CISA Warns of Chinese Pre-Positioning for Attacks, New Raspberry Robin Variant, Bumblebee and Pikabot Return, Ivanti Vulnerability Deploys Unknown Webshell, and Nearly 100 New Ransomware Victims in a Week.

Another Ivanti Connect Secure and Policy Secure Vulnerability, Details on the Cloudflare Attack, a New Variant of Mispadu Stealer, and Valid Account Abuse Challenges.

Fake Website Impersonates Apple Apps, Midnight Blizzard Attacks Microsoft, Publicly-exposed RDP Gets Data Stolen and Ransomware in Three Hours

Androxgh0st Spooks Targets, Iranian APT Spear Phishing, North Korean ScarCruft Campaign Planning, and Critical Vulnerabilities in Confluence

Github Abuses, Ivanti Connect Secure VPN Compromises, New Cloud Hacking Tool FBot, and Phemedrone Infostealer Targets Microsoft Windows Defender SmartScreen

NVIDIA Executable for DLL Sideloading, Phishing with AsyncRAT, and Compromised YouTube Channels Spread Lumma Stealer

New qBit Infostealer, Cybercriminals Utilize Microsoft's App Installer to Deploy Malware, and a Google Exploit Restores Expired Cookies to Allow Persistent Access

Phishing Campaign Uses DarkGate RAT and NetSupport, ATI OSINT and Diligence Pays Dividends, and For Crying Out Loud–Stop Using Microsoft Exchange Server 2013

CozyBear Exploits JetBrains TeamCity, Qakbot Gets Regifted, Phishing Campaign Uses Publicly Available Tool Predator, and an Unexpected Gift from CISA

Russian APT Star Blizzard, Growing Insider Threats, Escalating QR Code Phishing, and the More_Eggs Backdoor

New Nova Infostealer, Gh0st RAT Evolves, New Toolset Unleashed, and a Look at Microsoft Outlook Attack Vectors

Diamond Sleet Rains Worldwide, Two New Web Shell Threats, New Botnet GoTitan Discovered, and Malware Shop Persian Remote World Sells RATS

Scattered Spider Targets IT Help Desks, Compromised VPN Credentials Lead to Rhysida, and a New Phishing Campaign Delivers Darkgate/Pikabot

Lace Tempest Storms Zero-day, Confluence Suffers Vulnerability, APT MuddyWater Evolves C2, and BatLoaders Spread Infostealers

Critical Apache ActiveMQ Vulnerability, New Millenium RAT & AsyncRAT, Socks5Systemz Botnet, and Gootloader Adds Gootbot

APT Octo-Tempest Methods, StripedFly Malware, NetSupport Manager Compromises, and Threat Actors Bypassing MFA

Vulnerability in JetBrains TeamCity Servers, Massive Attacks lead to Cryptomining and Backdoors, SSH Servers Offer Threat Actors Opportunities, and New Dual DLL Sideloading Technique Deploys QasarRat

Darkgate Malware Hits Skype and Teams, ToddyCat APT Creates Backdoors, Ether-Hiding Technique Moves Malware to Blockchain, and Ransomware Data Leak Sites Continue to Add Victims

Qakbot Actors Distribute Ransom Knight Ransomware, Storm-0324 Leverages Microsoft Teams to Distribute JSSLoader, a new APT Grayling Emerges, and Rhysida Ransomware Operators Leverage Valid VPN Credentials

BlackTech Compromises Routers, Lumma Sets Up On Over 150 Servers, Ransomware Groups Repeatedly Hitting Victims, New Malware-as-a-Service Bunnyloader Surfaces, and EvilProxy Phishing Targets Job Site Indeed