In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- Cisco won’t fix authentication bypass zero-day in EoL routers
September 7, 2022
Cisco says that a new authentication bypass flaw affecting multiple small business VPN routers will not be patched because the devices have reached end-of-life (EoL). This zero-day bug (CVE-2022-20923) is caused by a faulty password validation algorithm that attackers could exploit to log into the VPN on vulnerable devices using what the company describes as “crafted ...
- #StopRansomware: Vice Society
September 6, 2022
This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see ...
- CISA Releases Five Industrial Control Systems Advisories
September 6, 2022
CISA has released five Industrial Control Systems (ICS) advisories on September 06, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-249-01 Triangle Microworks Library ICSA-22-249-02 AVEVA Edge 2020 R2 SP12020 R2 ICSA-22-249-03 Cognex 3D-A1000 Dimensioning ...
- Mirai Variant MooBot Targeting D-Link Devices
September 6, 2022
In early August, Unit 42 researchers discovered attacks leveraging several vulnerabilities in devices made by D-Link, a company that specializes in network and connectivity products. The vulnerabilities exploited include: CVE-2015-2051: D-Link HNAP SOAPAction Header Command Execution Vulnerability CVE-2018-6530: D-Link SOAP Interface Remote Code Execution Vulnerability CVE-2022-26258: D-Link Remote Command Execution Vulnerability CVE-2022-28958: D-Link Remote Command Execution Vulnerability If the devices ...
- Holiday Inn-owner IHG hit by ‘unauthorised activity’ in tech systems
September 6, 2022
Holiday Inn owner IHG said on Tuesday that bookings on its websites and apps were facing disruptions after its technology systems were hit by “unauthorised activity”. IHG said it was assessing the nature, extent and impact of the incident and had implemented its response plans. The company, which has appointed external specialists to investigate the incident and ...
- Newly discovered cyberspy crew targets Asian governments and corporations
September 6, 2022
A cyberespionage group has targeted government agencies and big-name corporations throughout Asia since at least 2020, using the notorious ProxyShell vulnerabilities in Microsoft Exchange to gain initial access. According to ESET, the crew it has dubbed as Worok may be associated with TA428, a similar group thought to be backed by China, that has been around ...