Exploit released for critical ManageEngine RCE bug, patch now
Proof-of-concept exploit code is now available for a remote code execution (RCE) vulnerability in multiple Zoho ManageEngine products. This pre-authentication...
Month: January 2023
T-Mobile hacked to steal data of 37 million accounts in API data breach
T-Mobile disclosed a new data breach after a threat actor stole the personal information of 37 million current postpaid and prepaid customer...
Ransomware gang steals data from KFC, Taco Bell, and Pizza Hut brand owner
Yum! Brands, the fast food brand operator of KFC, Pizza Hut, Taco Bell, and The Habit Burger Grill fast-food restaurant...
New ‘Blank Image’ attack hides phishing scripts in SVG files
An unusual phishing technique has been observed in the wild, hiding empty SVG files inside HTML attachments pretending to be...
Ransomware profits drop 40% in 2022 as victims refuse to pay
Ransomware gangs extorted from victims about $456.8 million throughout 2022, a drop of roughly 40% from the record-breaking $765 million...
PayPal accounts breached in large-scale credential stuffing attack
PayPal is sending out data breach notifications to thousands of users who had their accounts accessed through credential stuffing attacks...
Roaming Mantis’ Android malware adds DNS changer to hack WiFi routers
Image: AI-generated through Midjourney The Roaming Mantis malware distribution campaign has updated its Android malware to include a DNS changer...
Vice Society Ransomware Victim: University of Duisburg-Essen
Vice Society Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Vice Society Ransomware Victim: Monmouth College
Vice Society Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Cobalt Stike Beacon Detected – 194[.]165[.]16[.]62:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 121[.]4[.]154[.]240:4000
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 182[.]160[.]0[.]248:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Posh C2 Detected – 146[.]190[.]86[.]212:4443
The Information provided at the time of posting was detected as "Posh C2". Depending on when you are viewing this...
DragonCastle – A PoC That Combines AutodialDLL Lateral Movement Technique And SSP To Scrape NTLM Hashes From LSASS Process
A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process. Description Upload a...
HackerOne Bug Bounty Disclosure: 1-click-account-takeover-via-deeplink-in-[com-kayak-android]byretr02332
Programme HackerOne KAYAK KAYAK Submitted by retr02332 retr02332 Report 1 click Account takeover via deeplink in Full Report A considerable...
HackerOne Bug Bounty Disclosure: private-information-exposed-through-graphql-search-endpoints-aggregatesbyreigertje
Programme HackerOne HackerOne HackerOne Submitted by reigertje reigertje Report Private information exposed through GraphQL search endpoints aggregates Full Report A...
Malware Analysis – djvu – c266d56f0bbea899b2cfa58f192a9f86
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: c266d56f0bbea899b2cfa58f192a9f86SHA1: 0f2191d9571e04ed4cf14188b9eab8f210f6c652ANALYSIS DATE: 2023-01-19T16:59:57ZTTPS: T1222, T1082, T1005, T1081,...
Malware Analysis – djvu – 50fee0fee96a3c681b9c47eada3fffdf
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: 50fee0fee96a3c681b9c47eada3fffdfSHA1: db64c7d74705e4a3c08ca50c140fa84d3c4fce09ANALYSIS DATE: 2023-01-19T17:22:07ZTTPS: T1012, T1222, T1082, T1005,...
Malware Analysis – persistence – da8e21489a2c6c01ee676c304c8541c1
Score: 8 MALWARE FAMILY: persistenceTAGS:persistenceMD5: da8e21489a2c6c01ee676c304c8541c1SHA1: 40e6d3aa1f0fa21fae1a9563174b45b432aa3306ANALYSIS DATE: 2023-01-19T17:42:31ZTTPS: T1060, T1112, T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...
Malware Analysis – discovery – 133af41cfec522b7f583fcf77be37b1a
Score: 8 MALWARE FAMILY: discoveryTAGS:discoveryMD5: 133af41cfec522b7f583fcf77be37b1aSHA1: 50fde70e193eeea8d15c13dfc62cdcb4cbc2bcd0ANALYSIS DATE: 2023-01-19T17:13:15ZTTPS: T1082, T1012 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more...
Malware Analysis – locky – fb6ca1cd232151d667f6cd2484fee8c8
Score: 10 MALWARE FAMILY: lockyTAGS:family:locky, ransomwareMD5: fb6ca1cd232151d667f6cd2484fee8c8SHA1: f7bb52767afd2cd32ede8b5f83012eb99ba1ce28ANALYSIS DATE: 2023-01-19T17:42:29ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known...
LockBit 3.0 Ransomware Victim: tvk[.]nl
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Ukraine links data-wiping attack on news agency to Russian hackers
The Computer Emergency Response Team of Ukraine (CERT-UA) has linked a destructive malware attack targeting the country's national news agency...
Product Security Incident Response: Key Strategies and Best Practices
Written By: Samuel Cure, CISO, AMI In today's digital landscape, it is essential to implement proactive measures to ensure the...
