Top News

• Coyote Banking Trojan: A Stealthy Attack via LNK Files

"Over the past month, FortiGuard Labs has identified several similar LNK files containing PowerShell commands designed to execute malicious scripts and connect to remote servers."

Link

TLP¹ : Green

• Hackers are hijacking WordPress sites to push Windows and Mac malware

"Hackers are exploiting outdated versions of WordPress and plug-ins to alter thousands of websites in an attempt to trick visitors to download and install malware, security researchers have found."

Link

TLP¹ : Green

• Microsoft advertisers phished via malicious Google ads

"Just days after we uncovered a campaign targeting Google Ads accounts, a similar attack has surfaced, this time aimed at Microsoft advertisers."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• Threat Actors Exploit Government Websites for Phishing

"Cybercriminals have been increasingly exploiting government website vulnerabilities to conduct phishing campaigns."

Link

TLP¹ : Green

• KuCoin to pay nearly $300 million in penalties after guilty plea

"KuCoin's operator, PEKEN Global Limited, pleaded guilty to operating an unlicensed money-transmitting business and agreed to pay $297 million in penalties to settle charges in the U.S."

Link

TLP¹ : Green

• Police dismantles HeartSender cybercrime marketplace network

​"Law enforcement authorities in the United States and the Netherlands have seized 39 domains and associated servers used by the HeartSender phishing gang operating out of Pakistan."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• US healthcare provider data breach impacts 1 million patients

"Community Health Center (CHC), a leading Connecticut healthcare provider, is notifying over 1 million patients of a data breach that impacted their personal and health data."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

• Broadcom Patches VMware Aria Flaws – Exploits May Lead to Credential Theft

"Broadcom has released security updates to patch five security flaws impacting VMware Aria Operations and Aria Operations for Logs, warning customers that attackers could exploit them to gain elevated access or obtain sensitive information."

Link

TLP¹ : Green

• ABB Advisory Warns of CVE-2024-48841: RCE Threat with CVSS 10.0 Severity

"ABB has released a cybersecurity advisory addressing multiple critical vulnerabilities in its FLXeon controllers. These vulnerabilities, tracked as CVE-2024-48841, CVE-2024-48849, and CVE-2024-48852, impact FLXeon firmware versions 9.3.4 and older, with the potential for remote code execution, authentication issues, and information disclosure."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• The Advantages of Cloud-Based Remote Desktop versus RDP over VPN

"Remote work is now an essential part of many businesses, requiring organizations to rethink how they provide secure, scalable, and efficient access to corporate resources."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Recent Jailbreaks Demonstrate Emerging Threat to DeepSeek

"Unit 42 researchers recently revealed two novel and effective jailbreaking techniques we call Deceptive Delight and Bad Likert Judge. Given their success against other large language models (LLMs), we tested these two jailbreaks and another multi-turn jailbreaking technique called Crescendo against DeepSeek models."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp