Top News

• Hackers Abuse Legitimate Inno Setup Installer to Deliver Malware

"Cybercriminals are increasingly weaponizing legitimate software installer frameworks like Inno Setup to distribute malware, turning user-friendly tools into covert vehicles for malicious payloads."

Link

TLP¹ : Green

• Alert: Exposed JDWP Interfaces Lead to Crypto Mining, Hpingbot Targets SSH for DDoS

"Threat actors are weaponizing exposed Java Debug Wire Protocol (JDWP) interfaces to obtain code execution capabilities and deploy cryptocurrency miners on compromised hosts."

Link

TLP¹ : Green

• Massive spike in use of .es domains for phishing abuse

"¡Cuidado! Time to double-check before entering your Microsoft creds"

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• China-linked attacker hit France’s critical infrastructure via trio of Ivanti zero-days last year

"French authorities said government agencies and businesses spanning telecom, media, finance and transportation were impacted by the widely exploited Ivanti vulnerabilities."

Link

TLP¹ : Green

• TAG-140 Deploys DRAT V2 RAT, Targeting Indian Government, Defense, and Rail Sectors

"A hacking group with ties other than Pakistan has been found targeting Indian government organizations with a modified variant of a remote access trojan (RAT) called DRAT."

Link

TLP¹ : Green

• Hunters International ransomware gang shuts down and offers free decryption keys to all victims

"Hunters International ransomware gang announced its shutdown, citing unspecified “recent developments” and acknowledging its impact."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• Hacker leaks Telefónica data allegedly stolen in a new breach

"A hacker is threatening to leak 106GB of data allegedly stolen from Spanish telecommunications company Telefónica in a breach that the company did not acknowledge."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

• ScriptCase Vulnerabilities Allow Remote Code Execution and Full Server Compromise

"Two critical vulnerabilities have been discovered in ScriptCase, a popular low-code PHP web application generator, which puts thousands of servers at risk of remote code execution and complete compromise."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• Manufacturing Security: Why Default Passwords Must Go

"If you didn't hear about Iranian hackers breaching US water facilities, it's because they only managed to control a single pressure station serving 7,000 people. What made this attack noteworthy wasn't its scale, but how easily the hackers gained access — by simply using the manufacturer's default password "1111.""

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• XWorm's Shape-Shifting Arsenal: Loader and Stager Variants in the Wild

"XWorm, a popular and actively distributed remote access trojan (RAT), has steadily evolved into a versatile tool in the cybercriminal toolkit. Known for its robust feature set, ranging from keylogging and remote desktop access to data exfiltration and command execution, XWorm continues to attract threat actors due to its ease of use, modularity, and frequent updates by its developers."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp