Operation Morpheus took down 593 Cobalt Strike servers used by threat actors

Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769.
Experts released PoC exploit code for a critical bug in Progress Telerik Report Servers.
Threat actors may have exploited a zero-day in older iPhones, Apple warns.
Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks.
Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw.
Threat actors exploited Palo Alto Pan-OS issue to deploy a Python Backdoor.
Threat actors actively exploit JetBrains TeamCity flaws to deliver malware.
A ransomware attack took 100 Romanian hospitals down.
Multiple malware used in attacks exploiting Ivanti VPN flaws.
Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware.
Threat actors exploit Apache ActiveMQ flaw to deliver the Godzilla Web Shell.
Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware.
Threat actors breached US govt systems by exploiting Adobe ColdFusion flaw.
Threat actors started exploiting critical ownCloud flaw CVE-2023-49103.
Kinsing threat actors probed the Looney Tunables flaws in recent attacks.
Threat actors actively exploit F5 BIG-IP flaws CVE-2023-46747 and CVE-2023-46748.
Threat actors have been exploiting CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices since August.
Government of Bermuda blames Russian threat actors for the cyber attack.
A massive DDoS attack took down the site of the German financial agency BaFin.
UNC4841 threat actors hacked US government email servers exploiting Barracuda ESG flaw.

This Cyber News was published on securityaffairs.com. Publication date: Wed, 03 Jul 2024 19:13:05 +0000

Cyber News related to Operation Morpheus took down 593 Cobalt Strike servers used by threat actors

International Operation Takes Down 593 Malicious Cobalt Strike Servers - Law enforcement agencies from around the world have successfully shut down 593 rogue servers running unauthorized versions of Cobalt Strike, a tool often misused by cybercriminals. Cobalt Strike, developed in 2012 by Raphael Mudge and now owned by ...
3 days ago Cybersecuritynews.com

Operation Morpheus took down 593 Cobalt Strike servers used by threat actors - Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. Experts released PoC exploit code for a critical bug in Progress Telerik Report Servers. Threat actors may have exploited a zero-day in older iPhones, Apple warns. Nation-state ...
4 days ago Securityaffairs.com

Staying ahead of threat actors in the age of AI - At the same time, it is also important for us to understand how AI can be potentially misused in the hands of threat actors. In collaboration with OpenAI, today we are publishing research on emerging threats in the age of AI, focusing on identified ...
4 months ago Microsoft.com

Europol Announces Crackdown on Cobalt Strike Servers Used by Cybercriminals - European law enforcement agency Europol on Wednesday announced a global crackdown against the use of legitimate security tools by cybercriminals, including the takedown of nearly 600 Cobalt Strike servers linked to criminal activity. The agency said ...
4 days ago Securityweek.com

SQL Brute Force leads to Bluesky Ransomware - In December 2022, we observed an intrusion on a public-facing MSSQL Server, which resulted in BlueSky ransomware. First discovered in June 2022, BlueSky ransomware has code links to Conti and Babuk ransomware. While other reports point to malware ...
7 months ago Thedfirreport.com

Malware Takedowns Show Progress, But Fight Against Cybercrime Not Over - Takedown of malware infrastructure by law enforcement has proven to have an impact, albeit limited, on cybercriminal activity, according to threat intelligence provider Recorded Future. The Emotet takedown, led by Europol and Eurojust in 2021. The ...
5 months ago Infosecurity-magazine.com

Identifying Misuse of Cobalt Strike Systems - Google Cloud recently identified 34 cracked versions of Cobalt Strike and released YARA Rules to detect them. The goal is to make it harder for malicious actors to abuse the tool. IronNet believes that a proactive approach to Cobalt Strike server ...
1 year ago Ironnet.com

TeamCity Intrusion Saga: APT29 Suspected Among the Attackers Exploiting CVE-2023-42793 - As part of this analysis, we look at threat actor TTPs employed throughout the intrusion and how they were identified and pieced together by the FortiGuard IR team. The following section of this report focuses on the activities of one of these threat ...
6 months ago Feeds.fortinet.com

Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours - In late December 2022, we observed threat actors exploiting a publicly exposed Remote Desktop Protocol host, leading to data exfiltration and the deployment of Trigona ransomware. On Christmas Eve, within just three hours of gaining initial access, ...
5 months ago Thedfirreport.com

New Hacker Group Uses SQL Injection to Hack Companies - A new threat actor has been discovered to be using SQL injection attacks to gain unauthorized access to organizations in the APAC region. Among the 20, the threat actor successfully infiltrated six organizations with the legacy SQL injection attack. ...
6 months ago Cybersecuritynews.com

New 'GambleForce' Threat Actor Behind String of SQL Injection Attacks - Researchers have spotted a new threat actor targeting organizations in the Asia-Pacific region with SQL injection attacks using nothing more than publicly available, open source penetration-testing tools. The GambleForce Campaign In a report this ...
6 months ago Darkreading.com

Threat actors misuse OAuth applications to automate financially driven attacks - Threat actors are misusing OAuth applications as an automation tool in financially motivated attacks. Threat actors compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can misuse to hide malicious ...
6 months ago Microsoft.com

How to Overcome the Most Common Challenges with Threat Intelligence - Today's typical approach to threat intelligence isn't putting organizations in a place to do that. Instead, many threat intelligence tools are delivering too much uncurated and irrelevant information that arrives too late to act upon. Organizations ...
6 months ago Cyberdefensemagazine.com

IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities - SUMMARY. The Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency, National Security Agency, Environmental Protection Agency, and the Israel National Cyber Directorate-hereafter referred to as "The authoring agencies"-are ...
7 months ago Cisa.gov

Windows Incident Response: Human Behavior In Digital Forensics, pt III - Digital forensics can provide us insight into a threat actor's sophistication and situational awareness, which can, in turn, help us understand their intent. Observing the threat actor's actions helps us understand not just their intent, but what ...
5 months ago Windowsir.blogspot.com

New Tool Set Found Used Against Organizations in the Middle East, Africa and the US - Unit 42 researchers observed a series of apparently related attacks against organizations in the Middle East, Africa and the U.S. We will discuss a set of tools used in the course of the attacks that reveal clues about the threat actors' activity. We ...
7 months ago Unit42.paloaltonetworks.com

Turkish Hackers Target Microsoft SQL Servers in Americas, Europe - Financially motivated threat actors believed to be operating out of Turkey have been caught targeting Microsoft SQL Server databases in attacks leading to the deployment of ransomware, cybersecurity firm Securonix warns in a new report. The attack ...
5 months ago Packetstormsecurity.com

FBI disrupts Blackcat ransomware operation, creates decryption tool - The Department of Justice announced today that the FBI successfully breached the ALPHV ransomware operation's servers to monitor their activities and obtain decryption keys. On December 7th, BleepingComputer first reported that the ALPHV, aka ...
6 months ago Bleepingcomputer.com

What Is Threat Modeling? - Threat modeling emerges as a pivotal process in this landscape, offering a structured approach to identify, assess, and address potential security threats. Threat Modeling Adoption and Implementation The successful adoption of threat modeling within ...
5 months ago Feeds.dzone.com

What Is Cyber Threat Hunting? - Cyber threat hunting involves proactively searching for threats on an organization's network that are unknown to traditional cybersecurity solutions. A recent report from Armis found that cyber attack attempts increased by 104% in 2023, underscoring ...
5 months ago Techrepublic.com

Top 7 Cyber Threat Hunting Tools for 2024 - Cyber threat hunting is a proactive security measure taken to detect and neutralize potential threats on a network before they cause significant damage. To seek out this type of threat, security professionals use cyber threat-hunting tools. With ...
5 months ago Techrepublic.com

The law enforcement operations targeting cybercrime in 2023 - In 2023, we saw numerous law enforcement operations targeting cybercrime operations, including cryptocurrency scams, phishing attacks, credential theft, malware development, and ransomware attacks. While some of these operations were more successful ...
6 months ago Bleepingcomputer.com

Expired Redis Service Abused to Use Metasploit Meterpreter Maliciously - Attackers are using an 8-year-old version of the Redis open-source database server to maliciously use Metasploit's Meterpreter module to expose exploits within a system, potentially allowing for takeover and distribution of a host of other malware. ...
2 months ago Darkreading.com

Threat actors actively exploit D-Link DIR-859 router flaw - MUST READ. Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities ...
6 days ago Securityaffairs.com

Latest Cyber News

CVE-2024-6229 - 7 hours ago
CVE-2024-40614 - 8 hours ago
CVE-2024-40605 - 23 hours ago
CVE-2024-40604 - 23 hours ago
CVE-2024-40603 - 23 hours ago
CVE-2024-40602 - 23 hours ago
CVE-2024-40601 - 23 hours ago
CVE-2024-40600 - 23 hours ago
CVE-2024-40599 - 23 hours ago
CVE-2024-40598 - 23 hours ago
CVE-2024-40596 - 23 hours ago
CVE-2024-40597 - 23 hours ago
CVE-2024-6095 - 1 day ago
CVE-2024-37554 - 1 day ago
CVE-2024-37553 - 1 day ago
CVE-2024-37547 - 1 day ago
CVE-2024-37546 - 1 day ago
CVE-2024-37542 - 1 day ago
CVE-2024-37541 - 1 day ago
CVE-2024-37539 - 1 day ago

Cyber Trends (last 7 days)

Okta - 7 months ago
23andMe - 7 months ago
Kimsuky - 7 months ago
LogoFAIL - 7 months ago
Gh0st rat - 7 months ago

Trending Cyber News (last 7 days)

CVE-2024-6229 - 7 hours ago
CVE-2024-40614 - 8 hours ago
CVE-2024-40605 - 23 hours ago
CVE-2024-40604 - 23 hours ago
CVE-2024-40603 - 23 hours ago
CVE-2024-40602 - 23 hours ago
CVE-2024-40601 - 23 hours ago
CVE-2024-40600 - 23 hours ago
CVE-2024-40599 - 23 hours ago
CVE-2024-40598 - 23 hours ago
CVE-2024-40596 - 23 hours ago
CVE-2024-40597 - 23 hours ago
CVE-2024-6095 - 1 day ago
CVE-2024-37553 - 1 day ago
CVE-2024-37554 - 1 day ago
CVE-2024-37547 - 1 day ago
CVE-2024-37546 - 1 day ago
CVE-2024-37542 - 1 day ago
CVE-2024-37541 - 1 day ago
CVE-2024-37539 - 1 day ago