Malware & Threats Russian Cyberspies Deliver ‘GooseEgg’ Malware to Government Organizations Russia-linked APT28 deploys the GooseEgg post-exploitation tool against numerous US and European organizations. Ionut ArghireApril 23, 2024
Malware & Threats Thousands of Palo Alto Firewalls Potentially Impacted by Exploited Vulnerability Shadowserver has identified roughly 6,000 internet-accessible Palo Alto Networks firewalls potentially vulnerable to CVE-2024-3400. Ionut ArghireApril 22, 2024
Funding/M&A Threat-Intelligence Startup VulnCheck Closes $8M Seed Financing VulnCheck banks $8 million in early stage capital to build 'exploit intelligence' technologies and services. SecurityWeek NewsApril 19, 2024
Malware & Threats In Other News: OSS Backdooring Attempts, Botnet Operator Charged, Automotive Firm Attack Noteworthy stories that might have slipped under the radar: OpenSSF and OpenJS incidents similar to XZ backdoor, Moldovan botnet operator charged, US automotive company... SecurityWeek NewsApril 19, 2024
Malware & Threats OpenMetadata Vulnerabilities Exploited to Abuse Kubernetes Clusters for Cryptomining Microsoft warns that several OpenMetadata vulnerabilities are being exploited to deploy cryptomining malware to Kubernetes environments. Eduard KovacsApril 19, 2024
Malware & Threats Kapeka: A New Backdoor in Sandworm’s Arsenal of Aggression Kapeka is a new backdoor that may be a new addition to Russia-link Sandworm’s malware arsenal and possibly a successor to GreyEnergy. Kevin TownsendApril 17, 2024
Malware & Threats Cisco: Multiple VPN, SSH Services Targeted in Mass Brute-Force Attacks Cisco has observed an increase in brute-force attacks targeting web application authentication, VPNs, and SSH services. Ionut ArghireApril 17, 2024
Malware & Threats Exploitation of Palo Alto Firewall Vulnerability Picking Up After PoC Release Palo Alto Networks firewall vulnerability CVE-2024-3400 increasingly exploited after PoC code has been released. Eduard KovacsApril 17, 2024
Malware & Threats Palo Alto Networks Releases Fixes for Firewall Zero-Day as Attribution Attempts Emerge Palo Alto Networks has started releasing hotfixes for the firewall zero-day CVE-2024-3400, which some have linked to North Korea’s Lazarus. Eduard KovacsApril 15, 2024
Malware & Threats State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls A state-sponsored threat actor has been exploiting a zero-day in Palo Alto Networks firewalls for the past two weeks. Ionut ArghireApril 12, 2024
Malware & Threats Threat Actors Manipulate GitHub Search to Deliver Malware Checkmarx warns of a new attack relying on GitHub search manipulation to deliver malicious code. Ionut ArghireApril 12, 2024
Government CISA Releases Malware Next-Gen Analysis System for Public Use CISA's Malware Next-Gen system is now available for any organization to submit malware samples and other suspicious artifacts for analysis. Ryan NaraineApril 10, 2024