Topic: command execution
-
D-Link DIR-878 routers have critical RCE flaws
D-Link has issued a critical alert for its unsupported DIR-878 router, revealing three severe vulnerabilities that allow unauthenticated remote command execution, with exploit code already public. The router, discontinued in 2021 but still sold, will not receive patches, and D-Link advises users ...
Read More » -
Beware: Fake Windows Update Screens Spread ClickFix Malware
A deceptive malware campaign uses a fake Windows Update screen to trick users into manually executing malicious commands, leading to the installation of information-stealing software. The attack employs advanced techniques like steganography to hide malicious code in PNG images and operates in me...
Read More » -
Fake Windows BSOD Screens Deliver ClickFix Malware
A sophisticated phishing campaign targets the European hospitality industry by impersonating Booking.com, using a fake website and a fabricated Windows Blue Screen of Death error to trick users into manually installing malware. The attack deploys the DCRAT remote access trojan, which gains persis...
Read More » -
Russian APT28 Deploys 'NotDoor' Backdoor to Target Microsoft Outlook
A new sophisticated backdoor called NotDoor, attributed to Russian state-aligned group APT28, targets Microsoft Outlook to exfiltrate data and execute remote commands. The malware uses obfuscated VBA code and triggers from specific email phrases to deploy malicious actions, while employing evasio...
Read More » -
Qilin Ransomware Exploits WSL to Deploy Linux Encryptors
The Qilin ransomware group uses the Windows Subsystem for Linux (WSL) to deploy Linux encryptors on Windows machines, evading detection by security tools designed for Windows threats. They have targeted over 700 organizations across 62 countries, employing remote access tools and BYOVD attacks to...
Read More » -
sqlmap: Master SQL Injection & Database Takeover
sqlmap automates the detection and exploitation of SQL injection vulnerabilities, saving time by identifying injection points, determining database types, and executing various exploitation techniques. It supports numerous database management systems, including MySQL, Oracle, and PostgreSQL, allo...
Read More » -
Legit Tools Turned Malicious: Velociraptor and Nezha Weaponized
Legitimate open-source tools Velociraptor and Nezha are being weaponized by threat actors to maintain access, evade detection, and deploy ransomware or malware on enterprise systems. A China-linked ransomware group exploited an outdated Velociraptor version with a privilege escalation flaw to dep...
Read More » -
PhantomCaptcha Cyberattack Hits Ukraine Aid Groups
The PhantomCaptcha phishing campaign targeted humanitarian and government aid organizations for Ukraine by impersonating the Ukrainian President's Office and distributing malware via deceptive PDF attachments. Attackers used a multi-stage malware process involving a downloader script, reconnaissa...
Read More »