Voice phishing (vishing) campaign leads to DarkGate malware deployment

Malware Developments

Vishing campaign leads to DarkGate malware deployment

A recent campaign highlights the evolving tactics of cyber attackers, leveraging voice phishing (vishing) techniques to gain initial access. In this case, attackers impersonated an employee of an external supplier during a Microsoft Teams call, ultimately leading to the deployment of the DarkGate malware. This campaign demonstrates the sophistication of attackers who combine social engineering with advanced malware distribution methods to compromise systems. READ MORE.

European enterprises targeted in sophisticated phishing campaign

A sophisticated phishing campaign has been identified targeting European companies, aiming to harvest Microsoft Azure credentials and take over cloud infrastructures. The campaign leveraged deceptive techniques such as urgent messaging and impersonation of trusted services, posing significant risks to sensitive corporate data and operational integrity. LEARN MORE.

Vulnerabilities & Exploitation Attempts

Sophos firewall update patching critical and high-risk vulnerabilities

Sophos has recently remediated multiple security vulnerabilities in its Sophos Firewall products, which could have allowed unauthenticated attackers to exploit SQL injection, remote code execution (RCE), and gain unauthorized SSH access. READ MORE.

Critical Apache Struts 2 vulnerability, exploited in the wild

Researchers have identified a critical vulnerability in Apache Struts 2, tracked as CVE-2024-53677 (CVSS score of 9.5), which is currently being exploited. This flaw, found within the file upload logic of the framework, enables path traversal and the uploading of malicious files, leading to remote code execution. READ MORE.

Critical flaw discovered in BeyondTrust PRA and Remote Support tools

BeyondTrust has disclosed a critical command injection vulnerability, tracked as CVE-2024-12356 with a CVSS score of 9.8, affecting its Privileged Remote Access (PRA) and Remote Support (RS) solutions. This vulnerability allows unauthenticated remote attackers to execute operating system commands within the context of the site user by leveraging specially crafted client requests. The flaw affects PRA and RS versions 24.3.1 and earlier, creating substantial security risks for organizations relying on these tools. LEARN MORE.

Gain deeper Cyber Threat Intelligence (CTI) insights!

CyberProof’s CTI service offers comprehensive threat intelligence coverage, ensuring that your organization stays ahead of active threats that pose the greatest risk to your assets.

Our advanced CTI team investigates the threat landscape, providing you with detailed reports, related Indicators of Compromise (IOCs), technical recommendations, and MITRE ATT&CK mapping.

LEARN MORE ABOUT OUR CTI SERVICES.