IBM and VU Amsterdam University researchers have published a study on the new GhostRace attack, which exploits Speculative Race Conditions (SRCs) and is tracked as CVE-2024-2193.

Cloudflare has been found to have vulnerabilities in its Firewall and DDoS prevention system. Hackers can exploit these flaws by creating a free Cloudflare account and knowing the IP address of a targeted web server.

The phishing attack involves sending an email with a cryptic message and a PDF attachment that claims to detail the recipient's involvement in illegal internet activity related to child pornography, in an attempt to coerce them into responding.

The Dark Power ransomware exploits vulnerabilities in kernel-related APIs to quickly propagate through the cyber-kill chain. It also leverages DLLs such as kernel32.dll, bcrypt.dll, and ole32.dll to carry out its malicious activities.

EarlyRAT is a straightforward program that immediately starts gathering system data and sending it via a POST request to the C2 server. The execution of commands on the infected system is EarlyRAT’s second main purpose.

Dark Power is a highly advanced ransomware strain that uses advanced encryption techniques and targets various industries globally. It stops critical system services and processes, encrypts files, and drops a ransom note with payment instructions.

According to a tip sent to Heimdal by an anonymous reader, the APT’s choice in phishing is an email in which the victim is informed about the status of an unclaimed postal package.

The preliminary analysis of all of the evidence has indicated that the threat actor(s) involved in this operation exhibit the same modus operandi observed by Heimdal in mid-February while investigating the Romanian National Post smishing campaign.

To trick unsuspecting users into downloading malware onto their systems, threat actors often used the Google advertisements platform to promote fake websites on legit software and application updates.

The data analyzed so far suggests that the threat actor takes advantage of the MitID authentication mechanism in order to redirect the customer to a fake webpage for various malicious actions on target.