Clop, LockBit ransomware gangs behind PaperCut server attacks
​Microsoft has attributed recent attacks on PaperCut servers to the Clop and LockBit ransomware operations, which used the vulnerabilities to...
Month: April 2023
Tencent QQ users hacked in mysterious malware attack, says ESET
A Chinese APT hacking group known as 'Evasive Panda' is linked to a mysterious attack that distributed the MsgBot malware as...
Cisco discloses XSS zero-day flaw in server management tool
Cisco disclosed today a zero-day vulnerability in the company's Prime Collaboration Deployment (PCD) software that can be exploited for cross-site...
PrestaShop fixes bug that lets any backend user delete databases
The open-source e-commerce platform PrestaShop has released a new version that addresses a critical-severity vulnerability allowing any back-office user to...
CISA: Drupal Releases Security Advisory to Address Vulnerability in Drupal Core
Drupal Releases Security Advisory to Address Vulnerability in Drupal Core Drupal has released a security advisory to address an access...
CISA: CISA Releases One Industrial Control Systems Advisory
CISA Releases One Industrial Control Systems Advisory CISA released one Industrial Control Systems (ICS) advisory on April 20, 2023. These...
CISA: Oracle Releases Security Updates
Oracle Releases Security Updates Oracle has released its Critical Patch Update Advisory, Solaris Third Party Bulletin, and Linux Bulletin for...
CISA: Cisco Releases Security Advisories for Multiple Products
Cisco Releases Security Advisories for Multiple Products Cisco has released security updates for vulnerabilities affecting Industrial Network Director (IND), Modeling...
CISA: CISA to Continue and Enhance U.K.’s Logging Made Easy Tool
CISA to Continue and Enhance U.K.’s Logging Made Easy Tool CISA has announced plans to continue and enhance the Logging...
RansomHouse Ransomware Victim: OMT Officine Meccaniche Torino S[.]p[.]A[.]
RansomHouse Logo NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
CISA: CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA Adds Three Known Exploited Vulnerabilities to Catalog CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog,...
CISA: CISA Releases Two Industrial Control Systems Advisories
CISA Releases Two Industrial Control Systems Advisories CISA released two Industrial Control Systems (ICS) advisories on April 25, 2023. These...
CISA: VMware Releases Security Update for Aria Operations for Logs
VMware Releases Security Update for Aria Operations for Logs VMware has released a security update to address multiple vulnerabilities in...
CISA: Abuse of the Service Location Protocol May Lead to DoS Attacks
Abuse of the Service Location Protocol May Lead to DoS Attacks The Service Location Protocol (SLP, RFC 2608(link is external))...
CISA: CISA Releases Two SBOM Documents
CISA Releases Two SBOM Documents Today, CISA released two community-drafted documents around Software Bill of Materials (SBOM): Types of SBOM...
Brute Ratel C4 Detected – 2600:9000:201b:aa00:16:f834:8940:93a1:80
The Information provided at the time of posting was detected as "Brute Ratel C4". Depending on when you are viewing...
US-CERT Vulnerability Summary for the Week of April 17, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
PortEx – Java Library To Analyse Portable Executable Files With A Special Focus On Malware Analysis And PE Malformation Robustness
PortEx is a Java library for static malware analysis of Portable Executable files. Its focus is on PE malformation robustness,...
Daily Threat Intelligence – April 26 – 2023
Chinese cybercriminals were reported using new malware variants in their espionage attacks against South Africa and Nepal. The campaign includes...
Malware Analysis – amadey – 2e2d214abd61d6b40e8ad5e9e437df45
Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:lumma, family:smokeloader, family:vidar, botnet:5cb879265de0011bfc7588d5d251aee6, botnet:pub1, botnet:sprg, backdoor, discovery, persistence, ransomware, spyware, stealer, trojanMD5: 2e2d214abd61d6b40e8ad5e9e437df45SHA1:...
Malware Analysis – djvu – 51a4106e8f56ecb11ff22995f4cfd3e1
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:5cb879265de0011bfc7588d5d251aee6, discovery, persistence, ransomware, spyware, stealerMD5: 51a4106e8f56ecb11ff22995f4cfd3e1SHA1: 2781e07822cf8b54406d5785e0e71e3158f4666fANALYSIS DATE: 2023-04-26T15:49:43ZTTPS: T1012, T1082, T1005, T1081,...
Malware Analysis – amadey – fd68d6d16b3b5a68311907694d3c5967
Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:lumma, family:redline, family:smokeloader, family:vidar, botnet:1379752987, botnet:5cb879265de0011bfc7588d5d251aee6, botnet:sprg, backdoor, discovery, evasion, infostealer, persistence, ransomware, spyware,...
Malware Analysis – – 33868397a64763f16d88e37d4289697a
Score: 1 MALWARE FAMILY: TAGS:MD5: 33868397a64763f16d88e37d4289697aSHA1: 2bd06371967738d0101dc73ed3fa321cbeac4db6ANALYSIS DATE: 2023-04-26T16:00:59ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known damaging...
Malware Analysis – amadey – 05cd8d500f128d1c1ab6844e5b98eb4e
Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:lumma, family:smokeloader, botnet:pub1, botnet:sprg, backdoor, discovery, ransomware, stealer, trojanMD5: 05cd8d500f128d1c1ab6844e5b98eb4eSHA1: 76211cea5ed0667e98e9b99312d6a40cd6ffb1faANALYSIS DATE: 2023-04-26T15:37:31ZTTPS: T1012,...
