This document examines various tactics, techniques, and procedures (TTPs) employed by malware, such as disabling event logging, PowerShell exploitation, and registry modifications, to evade detection and maintain persistence within systems.
The CopyR(ight)hadamantys phishing campaign, tracked by Check Point, employs advanced copyright infringement themes to deceive victims into downloading the Rhadamanthys information stealer, posing significant security threats across multiple global regions.
Cisco and HPE Aruba have reported severe command injection vulnerabilities in their access points, allowing unauthorized remote code execution and potential system control by attackers.
Interlock ransomware, which surfaced in late September 2024, employs advanced techniques like big-game hunting and double extortion to target sectors such as healthcare, technology, and government, utilizing a sophisticated delivery chain and a data leak site to exploit vulnerabilities and demand ransoms.
The Androxgh0st botnet has enhanced its threat to web servers and IoT devices by adopting tactics and payloads from the Mozi botnet, exploiting various vulnerabilities including CVE-2017-9841 and CVE-2023-1389.
The increasing sophistication of cyberattacks, particularly DNS hijacking, poses significant risks to online infrastructure, necessitating robust security measures and collaboration among stakeholders to safeguard digital assets.
