Chinese-language Phishing-as-a-Service platform ‘darcula’ targets organizations in 100+ countries with sophisticated techniques using more than 20,000 phishing domains. ‘Darcula’ [sic] is a new, sophisticated Phishing-as-a-Service (PhaaS) platform used on more than 20,000 phishing domains that provide cyber criminals with easy access to branded phishing campaigns. Rather than the more typical PHP, the platform uses many tools that high-tech startups employ, including JavaScript, React, Docker,
php (5)
An international law enforcement operation has led to the seizure of multiple darknet domains operated by LockBit, one of the most prolific ransomware groups, marking the latest in a long list of digital takedowns. While the full extent of the effort, codenamed Operation Cronos, is presently unknown, visiting the group's ‘.onion’ website displays a seizure banner containing the message "The site is now under the control of law enforcement." Authorities from 11 countries, Australia, Canada, Finl
The term “Looney Tunables” refers to a vulnerability that exists in the GNU C library, which is a core library in Linux-based systems. This library has a hand in many foundational operations like file opening and reading, threading, memory allocation, console printing, etc. The bug was introduced in April of 2021, but the CVE was not posted to NIST until October 3rd, 2023. The vulnerability was discovered by the Qualys Threat Research Unit in early September of this year.
A buffer overflow vu
There have been some developments in the Ducktail phishing campaign. To begin our report, it seems reasonable to go over a little bit of history on Ducktail for those who might be unfamiliar. The Ducktail phishing campaign was first discovered and reported on in late July of 2022. Researchers at the firm WithSecure are credited with the discovery of the campaign. In terms of who is responsible, WithSecure’s report on this campaign indicated a high level of confidence in their belief that the
From our Friends at the US Multi-State (MS)-ISAC:
OVERVIEW Multiple vulnerabilities have been discovered in PHP, the most severe of which could allow for arbitrary code execution. PHP is a programming language originally designed for use in web-based applications with HTML content. PHP supports a wide variety of platforms and is used by numerous web-based software applications. Successfully exploiting the most severe of these vulnerabilities could allow for arbitrary code execution in the con
