Top News

• Massive brute force attack uses 2.8 million IPs to target VPN devices

"A large-scale brute force password attack using almost 2.8 million IP addresses is underway, attempting to guess the credentials for a wide range of networking devices, including those from Palo Alto Networks, Ivanti, and SonicWall."

Link

TLP¹ : Green

• Brave now lets you inject custom JavaScript to tweak websites

"Brave Browser is getting a new feature called 'custom scriptlets' that lets advanced users inject their own JavaScript into websites, allowing deep customization and control over their browsing experience."

Link

TLP¹ : Green

• DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects

"Threat actors have been observed targeting Internet Information Services (IIS) servers in Asia as part of a search engine optimization (SEO) manipulation campaign designed to install BadIIS malware."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• Russia’s intelligence recruits Ukrainians for terror attacks via messaging apps

"Russia’s intelligence recruits Ukrainians for terror attacks via messaging apps and forums, offering quick pay, Ukraine’s law enforcement warns."

Link

TLP¹ : Green

• Kimsuky APT group used custom RDP Wrapper version and forceCopy stealer

"Researchers spotted North Korea’s Kimsuky APT group launching spear-phishing attacks to deliver forceCopy info-stealer malware."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• HPE notifies employees of data breach after Russian Office 365 hack

"Hewlett Packard Enterprise (HPE) is notifying employees whose data was stolen from the company's Office 365 email environment by Russian state-sponsored hackers in a May 2023 cyberattack."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

• Zimbra Releases Security Updates for SQL Injection, Stored XSS, and SSRF Vulnerabilities

"Zimbra has released software updates to address critical security flaws in its Collaboration software that, if successfully exploited, could result in information disclosure under certain conditions."

Link

TLP¹ : Green

• Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers

"Software vendor Trimble is warning that hackers are exploiting a Cityworks deserialization vulnerability to remotely execute commands on IIS servers and deploy Cobalt Strike beacons for initial network access."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• This $34.97 course deal provides a well-rounded cybersecurity education

"Ever wondered how hackers think? Curious about cybersecurity but don’t know where to start? Whether you're a total beginner or already have some tech skills, the All-in-One Super-Sized Ethical Hacking Bundle is your gateway to the world of cybersecurity."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Malicious ML models discovered on Hugging Face platform

"Software development teams working on machine learning take note: RL threat researchers have identified nullifAI, a novel attack technique used on Hugging Face. "

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp