CVE-2019-8561: A Hard-to-Banish PackageKit Framework Vulnerability in macOS

Credit to Author: Mickey Jin| Date: Fri, 11 Nov 2022 00:00:00 +0000

This blog entry details our investigation of CVE-2019-8561, a vulnerability that exists in the macOS PackageKit framework, a component used to install software installer packages (PKG files).

Read more

Hack the Real Box: APT41’s New Subgroup Earth Longzhi

Credit to Author: Hara Hiroaki| Date: Wed, 09 Nov 2022 00:00:00 +0000

We looked into the campaigns deployed by a new subgroup of advanced persistent threat (APT) group APT41, Earth Longzhi. This entry breaks down the technical details of the campaigns in full as presented at HITCON PEACE 2022 in August.

Read more

Threat Actors Target AWS EC2 Workloads to Steal Credentials

Credit to Author: Nitesh Surana| Date: Wed, 26 Oct 2022 00:00:00 +0000

We found malicious samples attempting to steal Amazon Elastic Compute Cloud (EC2) Workloads’ access keys and tokens via typosquatting and the abuse of legitimate tools.

Read more

How Underground Groups Use Stolen Identities and Deepfakes

Credit to Author: Vladimir Kropotov| Date: Tue, 27 Sep 2022 00:00:00 +0000

The growing appearance of deepfake attacks is significantly reshaping the threat landscape. These fakes brings attacks such as business email compromise (BEC) and identity verification bypassing to new levels.

Read more

Atlassian Confluence Vulnerability CVE-2022-26134 Abused For Cryptocurrency Mining, Other Malware

Credit to Author: Sunil Bharti| Date: Wed, 21 Sep 2022 00:00:00 +0000

Users are advised to patch immediately: We found exploit samples abusing the Atlassian Confluence vulnerability (CVE-2022-26134) in the wild for malicious cryptocurrency mining.

Read more