#111 - Intel Chat: Magnet Goblin, StopCrypt ransomware, aiohttp & Midnight Blizzard
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.
- Threat actors have been actively targeting vulnerable Connect Secure VPN appliances after the disclosure of CVE-2023-46805 and CVE-2023-21887.
- Threat researchers recently observed an interesting variant of StopCrypt ransomware. The ransomware executes its malicious activities by utilizing multi-stage shellcodes before launching a final payload that contains the file encryption code.
- In the last week of January 2024, a patch was released to address a directory traversal vulnerability in the package that allows unauthenticated, remote attackers to access sensitive information from arbitrary files on the server if exploited.
- On March 8th, Microsoft said that it’s still trying to evict the elite Russian government hackers who broke into the email accounts of senior company executives in November and who it said have been trying to breach customer networks with stolen access data.