READ ARTICLE A China-linked threat cluster leveraged security flaws in Connectwise ScreenConnect and F5 BIG-IP software to deliver custom malware capable of delivering additional backdoors on compromised Linux hosts as part of an “aggressive” campaign. Google-owned Mandiant is tracking the activity under its uncategorized moniker UNC5174 (aka Uteus or Uetus), describing it as a “former member of Chinese hacktivist…
Read Article foreign government’s response to a U.S. strategy document rarely earns front page coverage, but in the case of the Chinese Communist Party’s (CCP) recent reaction to the U.S. government’s new cyber strategy, we should all be paying attention. Tensions continue to escalate in the cyber domain, given the recent Chinese-backed intrusions into U.S….
Read Article Executive summary AT&T Alien Labs has identified a campaign to deliver AsyncRAT onto unsuspecting victim systems. During at least 11 months, this threat actor has been working on delivering the RAT through an initial JavaScript file, embedded in a phishing page. After more than 300 samples and over 100 domains later, the threat…
https://www.csoonline.com/article/1285861/highly-exploited-chromium-bug-traced-to-a-google-oauth-endpoint.html An undocumented Google OAuth endpoint has been identified to be the root of the notorious info stealing exploit that is being widely implemented by various threat actors in their codes since it appeared in October 2023. The critical exploit, which allows the generation of persistent Google cookies through token manipulation and enables continuous access…
https://www.securityjoes.com/post/hide-and-seek-in-windows-closet-unmasking-the-winsxs-hijacking-hideout
