Fortinet Product Security Update Advisory (CVE-2025-24470)
Overview We have released a security update that resolves a vulnerability in the following products....
March 05, 2025
March 05, 2025 Hash 11db96e553aef152ad9a2d232a39c2427 2ff28e2b1464230f25f88f0d5909c9710 352083483998f30f48cdb90d348d06489 URL 1https[:]//season-event[.]com[.]tr/^*Y/177/?id=5017087543 2https[:]//season-event[.]com[.]tr/%5E%2AY/177/?id=5017087543 3http[:]//spottifyapk[.]com/spotify-mod-apk IP 15[.]145[.]253[.]152 262[.]45[.]168[.]34 3186[.]13[.]24[.]117...
Weekly Detection Rule (YARA and Snort) Information – Week 1, March 2025
The following is the information on Yara and Snort rules (week 1, March 2025) collected and shared by the AhnLab TIP service. 1 YARA Rules Detection name Description Source sig_27244_metasploit_hta_stager file UsySLX1n.hta https://github.com/The-DFIR-Report/Yara-Rules 23 Snort Rules Detection name Source ET WEB_SPECIFIC_APPS Paessler PRTG Notification Command Injection Attempt (CVE-2018-9276) https://rules.emergingthreatspro.com/open/ ET
Analysis of Lazarus Group’s Attack on Windows Web Servers
AhnLab SEcurity intelligence Center (ASEC) has identified attack cases of the Lazarus group breaching a normal server and using it as a C2. Attacks that install a web shell and C2 script on South Korean web servers continue to occur. Additionally, there are cases where LazarLoader malware and privilege escalation
