![]() ![]() This score is dynamic and may continue to rise – especially given the existence of a publicly available proof-of-concept (PoC) for the CVE published by a threat hunter on GitHub. ![]() Ultimately, threat actors could leverage CVE-2023-20887 to access networks and inject malicious commands into Aria Operations for Networks, which could lead to data theft, data corruption, or even complete system compromise.Īs of July 3, 2023, Cybersixgill's DVE module assigned CVE-2023-20887 a severe score (9.23), indicating the threat posed by the flaw to unpatched systems. While an update was released to address the command injection vulnerability, two unpatched instances of VMware's Aria Operations for Networks3 remain highly vulnerable. VMware recently released an advisory related to a critical remote code execution (RCE) vulnerability (CVE-2023-20877), warning that threat actors are already exploiting the flaw in attacks. With powerful user-friendly stealers readily available on the underground, what should organizations do to protect against such threats?Ĭlick here to read more New VMware critical vulnerability exploited in the wild Such tools extract sensitive information, including credentials and other valuable data. The malware can be rented for $150/month or $390 for four months, with advertisements posted on popular cybercrime forums that Cybersixgill collects.Īs the emergence of new stealer malware illustrates, data theft tools remain popular on the underground. The stealer then targets specific information stored in various applications, including web browsers. Once executed, the stealer collects data related to the operating system and hardware, sending a screenshot to attackers' command-and-control3 (C2) servers. Our threat research team observed the malware's developers touting its features on the underground, in addition to threat actors questioning the stealer's capabilities. ![]() The malware allegedly targets close to 200 browsers, extensions, and password managers, among other applications. While the stealer debuted in April 2023, sales reportedly spiked in June, which could indicate an increase in attacks using the malware. With these risks in mind, what should organizations do to prepare for more DDoS campaigns launched by pro-Russian gangs, and the possibility of accompanying blackmail demands?Ĭlick here to read more New malware steals data from browsers and password managersĪdvertisements for a new type of information stealer are showing up on Russian-language cybercrime forums. While DDoS attacks have intensified since Russia invaded Ukraine in February 2022, hacktivists' recent shift to blackmail indicates an emerging financial dimension of politically motivated incidents. Our threat experts observed the group boasting about the Microsoft attack on the underground, in addition to an ally announcing a new pro-Russian coalition that plans to attack the European banking system. While Microsoft initially provided evasive explanations for the outages, it later confirmed that Azure, Outlook, and OneDrive web portals were inaccessible due to Layer 72 DDoS attacks attributed to the hacktivist group. What should companies do to protect employees and critical assets from the unintended risks posed by ChatGPT?Ĭlick here to read more Pro-Russian hacktivists attack Microsoft platforms, threaten European banking systemĪ highly active pro-Russian hacktivist group knocked offline multiple Microsoft platforms, demanding US$1M dollars to halt the attacks, echoing the collective's strategy in a recent Distributed-Denial-of-Service (DDoS) incident targeting Scandinavian Airlines. ![]() Cybersixgill's threat analysts detected advertisements for stolen ChatGPT credentials on popular dark web marketplaces, in addition to an advertisement for an AI chatbot allegedly capable of generating malicious content. Specifically, companies increasingly incorporate ChatGPT into daily workflows, which means employees may disclose classified content, including proprietary code. This is problematic because ChatGPT accounts may store sensitive information from queries, including confidential data and intellectual property. Stolen ChatGPT credentials include usernames, passwords, and other personal information associated with accounts. Over the past year, 100,000 stolen credentials for ChatGPT were advertised on underground sites, being sold for as little as $5 on dark web marketplaces in addition to being offered for free. Stolen ChatGPT credentials flood dark web markets Learn about the top vulnerabilities and review the latest ransomware and malware trends from the deep and dark web. Each story brings you details on emerging underground threats, the threat actors involved, and how you can take action to mitigate risks. Discover stories about threat actors' latest tactics, techniques, and procedures from Cybersixgill's threat experts each month. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |