Top News

• Stealthy and Persistent: New Ransomware Tactics Target VMware ESXi

"Sygnia’s latest report reveals the evolving tactics of ransomware groups targeting VMware ESXi appliances. By exploiting these critical virtualized infrastructure components, attackers aim to disrupt operations and maintain stealthy persistence within compromised networks."

Link

TLP¹ : Green

• Hackers use Windows RID hijacking to create hidden admin account

"A North Korean threat group has been using a technique called RID hijacking that tricks Windows into treating a low-privileged account as one with administrator permissions."

Link

TLP¹ : Green

• Beware: Fake CAPTCHA Campaign Spreads Lumma Stealer in Multi-Industry Attacks

"Cybersecurity researchers are calling attention to a new malware campaign that leverages fake CAPTCHA verification checks to deliver the infamous Lumma information stealer."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• Attackers allegedly stole $69 million from cryptocurrency platform Phemex

"Crooks stole at least $69 million from Singapore-based cryptocurrency platform Phemex in an alleged cyberattack."

Link

TLP¹ : Green

• Hacker infects 18,000 "script kiddies" with fake malware builder

"A threat actor targeted low-skilled hackers, known as "script kiddies," with a fake malware builder that secretly infected them with a backdoor to steal data and take over computers."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• UnitedHealth now says 190 million impacted by 2024 data breach

"UnitedHealth has revealed that 190 million Americans had their personal and healthcare data stolen in the Change Healthcare ransomware attack, nearly doubling the previously disclosed figure."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

• Researchers Expose Critical Isolation Vulnerability in Intel Trust Domain Extensions (TDX)

"A recent study conducted by a collaborative team of researchers from IIT Kharagpur and Intel Corporation has uncovered a critical vulnerability in Intel’s Trust Domain Extensions (TDX)."

Link

TLP¹ : Green

• Critical Flaw CVE-2024-53299 in Apache Wicket: Memory Leak Flaw Exposes Web Apps to DoS Attacks

"Apache Wicket, the popular Java-based web application framework, has been found vulnerable to a critical security flaw identified as CVE-2024-53299."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• Thinking of getting a job in IT? This course deal may help

"You're not the only one who's trying to get into IT—it's still one of the fastest-growing industries, and opportunities await. If you're looking to make the career switch from an outside field, you don't need a formal degree to get started."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Malicious VS Code Extension Impersonating Zoom Steals Chrome Cookies

"In software development, the extensions available in IDEs like Visual Studio Code (VS Code) are pivotal in enhancing user experience and productivity. However, their necessity to fully leverage the development environment also introduces notable security risks. Hunt researchers uncovered a VS Code extension in late November masquerading as a Zoom application designed to access and steal Google Chrome cookies."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp