Hacking

ISC Stormcast For Friday, August 1st, 2025 https://isc.sans.edu/podcastdetail/9552, (Fri, Aug 1st) Source link

Check Point Research (CPR) conducted a focused analysis of Storm-2603, a threat actor associated with recent ToolShell exploitations, together with other Chinese APT groups. Storm-2603 utilizes a custom malware Command and Control (C2) framework dubbed internally by the attacker as “ak47c2”. This framework includes at least two different types of clients: HTTP-based (dubbed by us…

This week, CISA updated its advisory on Scattered Spider. Scattered Spider is a threat actor using social engineering tricks to access target networks. The techniques used by Scattered Spider replicate those used by other successful actors, such as Lapsus$. Social engineering does not require a lot of technical tools; creativity is key, and defenses have…

Disappearance of significant RaaS groups Several prominent RaaS groups, including RansomHub, Babuk-Bjorka, FunkSec, BianLIan, 8Base, Cactus, Hunters International, and Lockbit, stopped publishing new victims. Though the reasons for their disappearances vary, the net effect is a fragmented ransomware ecosystem no longer dominated by one or two major players. Decline in publicly posted victims Q2 2025…

ISC Stormcast For Thursday, July 31st, 2025 https://isc.sans.edu/podcastdetail/9550, (Thu, Jul 31st) Source link

Today we are trying something a bit different (again). Brandon Evans, senior instructor with SANS, contributed the video below, talking a bit about the breach of the Tea App, and how to prevent and detect this vulnerability. Firebase is a very popular database developed by Google. It easily ties in with modern web and mobile…

Tor Browser 15.0a1 is now available from the Tor Browser download page and also from our distribution directory. This version includes important security updates to Firefox. It’s ESR transition season again! Once again, it is the time of year where the Applications Team (mostly) de-prioritises feature-work and instead focuses on updating Tor Browser and Tor…

ISC Stormcast For Wednesday, July 30th, 2025 https://isc.sans.edu/podcastdetail/9548, (Wed, Jul 30th) Source link

CVE-2025-24119: An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges. Affects Finder       x x       CVE-2025-24188: Processing maliciously crafted web content may lead to an unexpected…

Key Points Check Point Research (CPR) is closely tracking the malicious execution of compiled Javascript files, which led to the discovery of JSCEAL, a campaign targeting crypto app users. The campaign leverages malicious advertisements to lure victims to install fake applications which impersonate almost 50 common cryptocurrency trading apps. During the first half of 2025,…