IoCs – Page 2 – Experimental News Clipping Site

Cisco Talos Blog: New PXA Stealer targets government and education sectors for sensitive information

Nov 14, 2024

—

by

Source URL: https://blog.talosintelligence.com/new-pxa-stealer/ Source: Cisco Talos Blog Title: New PXA Stealer targets government and education sectors for sensitive information Feedly Summary: Cisco Talos discovered a new information stealing campaign operated by a Vietnamese-speaking threat actor targeting government and education entities in Europe and Asia. AI Summary and Description: Yes Summary: The text discusses a threat…

Microsoft Security Blog: Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files

Nov 1, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.microsoft.com/en-us/security/blog/2024/10/29/midnight-blizzard-conducts-large-scale-spear-phishing-campaign-using-rdp-files/ Source: Microsoft Security Blog Title: Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files Feedly Summary: Since October 22, 2024, Microsoft Threat Intelligence has observed Russian threat actor Midnight Blizzard sending a series of highly targeted spear-phishing emails to individuals in government, academia, defense, non-governmental organizations, and other sectors. This activity is…

Cisco Talos Blog: Threat actors use copyright infringement phishing lure to deploy infostealers

Oct 31, 2024

—

by

system automation

in Uncategorized

Source URL: https://blog.talosintelligence.com/threat-actors-use-copyright-infringement-phishing-lure-to-deploy-infostealers/ Source: Cisco Talos Blog Title: Threat actors use copyright infringement phishing lure to deploy infostealers Feedly Summary: Cisco Talos has observed an unknown threat actor conducting a phishing campaign targeting Facebook business and advertising account users in Taiwan. The decoy email and fake PDF filenames are designed to impersonate a company’s legal department,…

Alerts: Fortinet Updates Guidance and Indicators of Compromise following FortiManager Vulnerability Exploitation

Oct 30, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.cisa.gov/news-events/alerts/2024/10/30/fortinet-updates-guidance-and-indicators-compromise-following-fortimanager-vulnerability Source: Alerts Title: Fortinet Updates Guidance and Indicators of Compromise following FortiManager Vulnerability Exploitation Feedly Summary: Fortinet has updated their security advisory addressing a critical FortiManager vulnerability (CVE-2024-47575) to include additional workarounds and indicators of compromise (IOCs). A remote, unauthenticated cyber threat actor could exploit this vulnerability to gain access to sensitive…

Cloud Blog: Investigating FortiManager Zero-Day Exploitation (CVE-2024-47575)

Oct 24, 2024

—

by

system automation

in Uncategorized

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/fortimanager-zero-day-exploitation-cve-2024-47575/ Source: Cloud Blog Title: Investigating FortiManager Zero-Day Exploitation (CVE-2024-47575) Feedly Summary: Written by: Foti Castelan, Max Thauer, JP Glab, Gabby Roncone, Tufail Ahmed, Jared Wilson Summary In October 2024, Mandiant collaborated with Fortinet to investigate the mass exploitation of FortiManager appliances across 50+ potentially compromised FortiManager devices in various industries. The vulnerability,…

Cisco Talos Blog: Highlighting TA866/Asylum Ambuscade Activity Since 2021

Oct 23, 2024

—

by

system automation

in Uncategorized

Source URL: https://blog.talosintelligence.com/highlighting-ta866-asylum-ambuscade/ Source: Cisco Talos Blog Title: Highlighting TA866/Asylum Ambuscade Activity Since 2021 Feedly Summary: TA866 (also known as Asylum Ambuscade) is a threat actor that has been conducting intrusion operations since at least 2020. AI Summary and Description: Yes Summary: The text provides an extensive analysis of the threat actor TA866 (Asylum Ambuscade),…

Cisco Talos Blog: UAT-5647 targets Ukrainian and Polish entities with RomCom malware variants

Oct 17, 2024

—

by

system automation

in Uncategorized

Source URL: https://blog.talosintelligence.com/uat-5647-romcom/ Source: Cisco Talos Blog Title: UAT-5647 targets Ukrainian and Polish entities with RomCom malware variants Feedly Summary: By Dmytro Korzhevin, Asheer Malhotra, Vanja Svajcer and Vitor Ventura. Cisco Talos has observed a new wave of attacks active since at least late 2023, from a Russian speaking group we track as “UAT-5647”, against Ukrainian…

Alerts: CISA, FBI, NSA, and International Partners Release Advisory on Iranian Cyber Actors Targeting Critical Infrastructure Organizations Using Brute Force

Oct 16, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.cisa.gov/news-events/alerts/2024/10/16/cisa-fbi-nsa-and-international-partners-release-advisory-iranian-cyber-actors-targeting-critical Source: Alerts Title: CISA, FBI, NSA, and International Partners Release Advisory on Iranian Cyber Actors Targeting Critical Infrastructure Organizations Using Brute Force Feedly Summary: Today, CISA—with the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and international partners—released joint Cybersecurity Advisory Iranian Cyber Actors Brute Force and Credential Access Activity…

Hacker News: European govt air-gapped systems breached using custom malware

Oct 8, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.welivesecurity.com/en/eset-research/mind-air-gap-goldenjackal-gooses-government-guardrails/ Source: Hacker News Title: European govt air-gapped systems breached using custom malware Feedly Summary: Comments AI Summary and Description: Yes Summary: This text presents an extensive analysis of the GoldenJackal APT group’s cyberespionage activities, notably their attacks on air-gapped systems within governmental organizations in Europe. It introduces previously undocumented malware tools employed…

Cloud Blog: UNC1860 and the Temple of Oats: Iran’s Hidden Hand in Middle Eastern Networks

Sep 19, 2024

—

by

system automation

in Uncategorized

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/unc1860-iran-middle-eastern-networks/ Source: Cloud Blog Title: UNC1860 and the Temple of Oats: Iran’s Hidden Hand in Middle Eastern Networks Feedly Summary: Written by: Stav Shulman, Matan Mimran, Sarah Bock, Mark Lechtik Executive Summary UNC1860 is a persistent and opportunistic Iranian state-sponsored threat actor that is likely affiliated with Iran’s Ministry of Intelligence and Security…

Tag: IoCs