AhnLab and NCSC Release Joint Report on Microsoft Zero-Day Browser Vulnerability (CVE-2024-38178)
AhnLab SEcurity intelligence Center (ASEC) and the National Cyber Security Center (NCSC) have discovered a new zero-day vulnerability in the Microsoft Internet Explorer (IE) browser and have conducted a detailed analysis on attacks that exploit this vulnerability. This post shares the joint analysis report “Operation Code on Toast by TA-RedAnt”
Jenkins Servers in Korea With Exposed Vulnerabilities (CVE-2024-23897, CVE-2024-43044)
Multiple vulnerabilities were announced for Jenkins, a widely used development tool, and some of them are being exploited in actual attacks. It was also found that most Jenkins servers in Korea were exposed to these vulnerabilities. The CVE-2024-23897 vulnerability disclosed earlier this year allows unauthenticated users to read arbitrary files
Distribution of Godzilla WebShell Abusing ViewState (Targeting Financial Sector)
Overview AhnLab SEcurity intelligence Center (ASEC) has recently detected an attack targeting financial sector companies. The threat actor primarily targeted ASP.NET environments with vulnerable configurations, abusing the ViewState feature supported by ASP.NET. ViewState is a fundamental feature of ASP.NET that allows the handling of user input or other data
Attack Cases Against HTTP File Server (HFS) (CVE-2024-23692)
HTTP File Server (HFS) is a program that provides a simple type of web service. Because it can provide web services with just an executable file without having to build a web server, it is often used for sharing files, allowing users to connect to the address through web browsers
Keylogger Installed Using MS Office Equation Editor Vulnerability (Kimsuky)
AhnLab SEcurity intelligence Center (ASEC) has identified the details of the Kimsuky threat group recently exploiting a vulnerability (CVE-2017-11882) in the equation editor included in MS Office (EQNEDT32.EXE) to distribute a keylogger. The threat actor distributed the keylogger by exploiting the vulnerability to run a page with an embedded malicious
Microsoft Windows Security Update Advisory (CVE-2024-21338)
Overview On February 13th, 2024, Microsoft announced a Windows Kernel Elevation of Privilege Vulnerability CVE-2024-21338 patch. The vulnerability occurs at certain IOCTL of “appid.sys” known as AppLocker‘s driver, one of the Windows feature. The threat actor can read and write on a random kernel memory by exploiting the vulnerability, and
Mimo CoinMiner and Mimus Ransomware Installed via Vulnerability Attacks
AhnLab SEcurity intelligence Center (ASEC) recently observed circumstances of a CoinMiner threat actor called Mimo exploiting various vulnerabilities to install malware. Mimo, also dubbed Hezb, was first found when they installed CoinMiners through a Log4Shell vulnerability exploitation in March 2022. Up until now, all of the attack cases involved the
Apache ActiveMQ Vulnerability (CVE-2023-46604) Continuously Being Exploited in Attacks
In November 2023, AhnLab Security Emergency response Center (ASEC) published a blog post titled “Circumstances of the Andariel Group Exploiting an Apache ActiveMQ Vulnerability (CVE-2023-46604)” [1] which covered cases of the Andariel threat group exploiting the CVE-2023-46604 vulnerability to install malware. This post not only covered attack cases of the
Circumstances of the Andariel Group Exploiting an Apache ActiveMQ Vulnerability (CVE-2023-46604)
While monitoring recent attacks by the Andariel threat group, AhnLab Security Emergency response Center (ASEC) has discovered the attack case in which the group is assumed to be exploiting Apache ActiveMQ remote code execution vulnerability (CVE-2023-46604) to install malware. The Andariel threat group usually targets South Korean companies and institutions,
Warning Against Cisco IOS XE Software Web UI Vulnerabilities (CVE-2023-20198, CVE-2023-20273)
Overview This month, Cisco released a security advisory regarding two vulnerabilities currently being actively exploited in actual attacks: CVE-2023-20198 and CVE-2023-20273. These vulnerabilities are present in the web UI feature of Cisco IOS XE Software. The CVE-2023-20198 vulnerability allows an unauthorized threat actor to create an arbitrary account with level
