Chapter 1: Threat Overview The Lazarus Group uploaded six malicious npm packages intended to infiltrate developer environments, initiating a targeted supply chain attack. These programs, which have been downloaded approximately 330 times, are designed to install backdoors for long-term access, steal cryptocurrency wallets, and steal credentials. Using the typo squatting technique, this attack creates package …
Chapter 1: Key Trends and Outlook Black Basta Ransomware is one of the popular ransomware that began its campaign in April 2022. The first variant of Black Basta was first identified by SentinelOne, and later revealed that Black Basta operates as a ransomware-as-a-service (RaaS). Black Basta is often compared to Conti, and was suspected of …
Description The vulnerability lies in the recursive_unserialized_replace function of the UpdraftPlus plugin. Improper handling of deserialization allows attackers to inject a PHP object if additional plugins or themes containing a Property-Oriented Programming (POP) chain are installed. While no POP chain exists within UpdraftPlus itself, the exploitability depends on the presence of other vulnerable components. Key …
CVE-2024-10957 Vulnerability in UpdraftPlus Plugin Read More »
Chapter 1: Brain Cipher Ransomware: Key Trends and Outlook Brain Cipher Ransomware is known to be a variant of the infamous Lockbit 3.0 ransomware which actors had been previously arrested in Ukraine back in May 2024. Due to the leaked data source of the Lockbit 3.0 ransomware, it was speculated that the threat actors of …
Chapter 1: XZ Backdoor: Key Trends and Outlook Red Hat Information Risk and Security and Red Hat Product Security learned that the latestversions of the “xz” tools and libraries contain malicious code that appears to be intended toallow unauthorized access. The xz compression library, a widely-used tool for compressing files,found across Linux distributions, community projects, …
Copyright © 2025 PT PROTERGO SIBER SEKURITI
