Sekoia Publicly Releases New Tycoon 2FA Phishing Kit Analysis with AiTM Techniques

Executive Summary Researchers from Sekoia have released a report  detailing an October 2023 discovery and subsequent analysis of a new Adversary-in-The-Middle (AiTM) phishing kit linked to the Tycoon 2FA Phishing-as-a-Service (PhaaS) platform, which had been active since at least August 2023. The latest version of Tycoon 2FA features enhanced stealth capabilities, potentially lowering detection rates by security products. Sekoia’s…

Read More

Checkmarx Researchers Detail Novel Python GitHub Attack Affecting Over 170K Users

Executive Summary The Checkmarx Research team has reported a sophisticated campaign which is targeting software supply chains and resulting in successful exploitation of multiple GitHub users. Key targets included the Top.gg GitHub organization, which claims to have over 170,000 users, and individual developers on the code publishing platform. The attackers employed various novel tactics, including account takeover via…

Read More

Chinese Threat Group UNC5274 Reportedly Exploiting F5 BIG-IP and ScreenConnect CVEs for Active Exploitation

On March 21, 2023, Mandiant researchers reported their latest technical details detailing a campaign exploiting critical vulnerabilities in F5 BIG-IP and ScreenConnect, which they attribute to the Chinese state-sponsored actor known as UNC5174. Community Impact Assessment Due to the widespread use of F5 BIG-IP and ScreenConnect across global regions and industries, the RH-ISAC intelligence team…

Read More

TeamT5 Releases Latest Developments on Active Exploitation of Adobe ColdFusion Vulnerability

Executive Summary Security researchers from TeamT5 have released their latest findings detailing CVE-2023-29300, a JAVA deserialization vulnerability resulting in arbitrary code execution. At least 66 devices in Japan have already been compromised via CVE-2023-29300, affecting various sectors such as healthcare, education, and manufacturing. Threat actors, including cyber-criminals and state-sponsored groups such as China-nexus APT group SLIME13 (known as Flax…

Read More

Phishing Campaign Leveraging Microsoft Office Templates to Deliver NetSupportRAT to US-Based Organizations

On March 18, 2024, Perception Point researchers published the technical details of a phishing campaign leveraging Microsoft Office document templates for execution and obfuscation to deliver NetSupportRAT to corporate targets based in the United States. Community Impact According to the most recent RH-ISAC Intelligence Trends Summary, Microsoft-related phishing reporting fell slightly, remains a top threat…

Read More