July 2024

, ,

Ducks Now Sitting (DNS): Internet Infrastructure Insecurity

Was it DNS? It’s always DNS. In this case, DNS (Domain Name System) is filled with sitting ducks (Ducks Now Sitting) for domain name hijacki...

Sp123 31 Jul, 2024
, ,

Dark Web Profile: APT40

Dark Web Profile: APT40 APT40, also known as TEMP.Periscope , Leviathan , and many other aliases, is a Chinese cyber-espionage group attrib...

Sp123 31 Jul, 2024
, ,

Brief Overview of the DeerStealer Distribution Campaign

Our team recently uncovered a malware distribution campaign for a threat we’ve named DeerStealer.  The malware was spread through fake Goog...

Sp123 31 Jul, 2024
, ,

What are TTPs: Tactics, Techniques and Procedures

TTPs stands for Tactics, Techniques, and Procedures, a concept commonly used in cybersecurity to describe the behavior patterns of threat ac...

Sp123 30 Jul, 2024
, ,

Monthly Threat Actor Group Intelligence Report, June 2024 (KOR)

Monthly Threat Actor Group Intelligence Report, June 2024 (KOR) 2024년 5월 21일에서 2024년 6월 20일까지 NSHC 위협분석 연구소(Threat Research Lab)에서 수집한 데...

Sp123 30 Jul, 2024
, ,

ISC Stormcast For Monday, July 29th, 2024 https://ift.tt/mdZSkq8, (Mon, Jul 29th)

Article Link: ISC Stormcast For Monday, July 29th, 2024 https://isc.sans.edu/podcastdetail/9072 - SANS Internet Storm Center 1 post - 1 par...

Sp123 29 Jul, 2024
, ,

CrowdStrike Outage Themed Maldoc, (Mon, Jul 29th)

I found a malicious Word document with VBA code using the CrowdStrike outage for social engineering purposes. It’s an .ASD file (AutoRecover...

Sp123 29 Jul, 2024
, ,

Quickie: Password Cracking & Energy, (Sun, Jul 28th)

When Johannes talked about my diary entry “Protected OOXML Spreadsheets” on his StormCast podcast, he mentioned that I privately shared data...

Sp123 29 Jul, 2024
, ,

JupyterLab Templates Security Update Advisory (CVE-2024-39700)

Overview   JupyterLab has released an update to address a vulnerability in their templates. Users of affected versions are advised to upda...

Sp123 26 Jul, 2024
, ,

BIND Product Security Update Advisory

Overview   BIND has released an update to address a vulnerability in their product. Users of affected versions are advised to update to th...

Sp123 26 Jul, 2024
, ,

FBI, Mandiant designate advanced North Korean hackers stealing US defense secrets

The group — now known as APT45 — has targeted information stored in U.S. government nuclear facilities and research institutions, as well as...

Sp123 25 Jul, 2024
, ,

XWorm Hidden With Process Hollowing, (Thu, Jul 25th)

XWorm is not a brand-new malware family[1]. It’s a common RAT (Remote Access Tool) re-use regularly in new campaigns. Yesterday, I found a s...

Sp123 25 Jul, 2024
, ,

British politicians show exactly what NOT to do online

Proving that politicians are human after all. A new report reveals they experience the same cybersecurity risks as the citizens they repre...

Sp123 24 Jul, 2024