In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- Eletrobras, Copel energy companies hit by ransomware attacks
February 5, 2021
Centrais Eletricas Brasileiras (Eletrobras) and Companhia Paranaense de Energia (Copel), two major electric utilities companies in Brazil have announced that they suffered ransomware attacks over the past week. State-controlled, both are key players in the country. Copel being the largest in the state of Paraná while Eletrobras is the largest power utility company in Latin America ...
- Cisco warns of critical remote code execution flaws in its small business VPN routers
February 5, 2021
Cisco is warning customers using its small business routers to upgrade the firmware to fix flaws that could give remote attackers root level access to the devices. The critical flaws affect the Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers. These were the models Cisco recommended customers using unsupported small business routers to ...
- Hacking group also used an IE zero-day against security researchers
February 4, 2021
An Internet Explorer zero-day vulnerability has been discovered used in recent North Korean attacks against security and vulnerability researchers. Last month, Google disclosed that the North Korean state-sponsored hacking group known as Lazarus was conducting social engineering attacks against security researchers. To perform their attacks, the threat actors created elaborate online ‘security researcher’ personas that would then ...
- Hackers steal StormShield firewall source code in data breach
February 4, 2021
Leading French cybersecurity company StormShield disclosed that their systems were hacked, allowing a threat actor to access the company’s support ticket system and steal source code for Stormshield Network Security firewall software. StormShield is a French cybersecurity firm that develops UTM (Unified Threat Management) firewall devices, endpoint protection solutions, and secure file management solutions. StormShield’s SNi40 is ...
- Google patches an actively exploited Chrome zero-day
February 4, 2021
Google has released today version 88.0.4324.150 of the Chrome browser for Windows, Mac, and Linux. Today’s release contains only one bugfix for a zero-day vulnerability that was exploited in the wild. The zero-day, which was assigned the identifier of CVE-2021-21148, was described as a “heap overflow” memory corruption bug in the V8 JavaScript engine. Google said the ...
- Understanding Cloud Misconfigurations – With Pizza and Lego
February 3, 2021
Now, more than ever, the cloud is a relevant topic. Pandemic or not, businesses, schools, and other organizations have moved online and, consequently, many IT departments have had to deal with a move to the cloud. And even if this change had been on the roadmap of affected organizations, such a fast adoption of cloud ...