deploy

  • Blog
    digitpatrox2 weeks ago
    28

    Russian military hackers deploy malicious Windows activators in Ukraine

    The Sandworm Russian military cyber-espionage group is targeting Windows users in Ukraine with trojanized Microsoft Key Management Service (KMS) activators and fake Windows updates. These attacks likely started in late 2023 and have now been linked by EclecticIQ threat analysts with Sandworm hackers based on overlapping infrastructure, consistent Tactics, Techniques and Procedures (TTPs), and frequently used ProtonMail accounts to register…

    Read More »
  • Blog
    digitpatrox2 weeks ago
    104

    Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware

    Hackers are targeting vulnerable SimpleHelp RMM clients to create administrator accounts, drop backdoors, and potentially lay the groundwork for ransomware attacks. The flaws are tracked as CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728 and were reported as potentially actively exploited by Arctic Wolf last week. However, the cybersecurity firm could not confirm for sure if the flaws were used. Cybersecurity firm Field Effect has confirmed…

    Read More »
  • Blog
    digitpatrox2 weeks ago
    30

    Microsoft says attackers use exposed ASP.NET keys to deploy malware

    Microsoft warns that attackers are deploying malware in ViewState code injection attacks using static ASP. NET machine keys found online. As Microsoft Threat Intelligence experts recently discovered, some developers use ASP.NET validationKey and decryptionKey keys (designed to protect ViewState from tampering and information disclosure) found on code documentation and repository platforms in their own software. However, threat actors also use…

    Read More »
  • Blog
    digitpatroxAugust 30, 2024
    132

    North Korean hackers exploit Chrome zero-day to deploy rootkit

    North Korean hackers have exploited a recently patched Google Chrome zero-day (CVE-2024-7971) to deploy the FudModule rootkit after gaining SYSTEM privileges using a Windows Kernel exploit. “We assess with high confidence that the observed exploitation of CVE-2024-7971 can be attributed to a North Korean threat actor targeting the cryptocurrency sector for financial gain,” Microsoft said on Friday, attributing the attacks…

    Read More »
  • Blog
    digitpatroxAugust 29, 2024
    214

    South Korean hackers exploited WPS Office zero-day to deploy malware

    The South Korea-aligned cyberespionage group APT-C-60 has been leveraging a zero-day code execution vulnerability in the Windows version of WPS Office to install the SpyGlace backdoor on East Asian targets. WPS Office is a productivity suite developed by the Chinese firm Kingsoft that is popular in Asia. Reportedly, it has over 500 million active users worldwide. The zero-day flaw, tracked…

    Read More »
Back to top button
close