The Breach News

Internet Explorer 8 Zero-Day Attack Expands to Nine Additional Websites

May 08, 2013

A recent zero-day attack targeting Internet Explorer 8 on the U.S. Department of Labor’s website has now affected nine more global sites, including those operated by a major European aerospace, defense, and security company, alongside various non-profit organizations and institutions.

The attacks leverage a previously unknown and unpatched vulnerability in Microsoft’s Internet Explorer browser. Researchers have linked this campaign to a China-based hacking group known as “DeepPanda.” Security firm CrowdStrike reports that their investigations indicate the attack commenced in mid-March. Analysis of malicious infrastructure logs revealed visitor IP addresses from 37 different countries, with 71% based in the U.S., 11% in South/Southeast Asia, and 10% in Europe.

Internet Explorer 8 Zero-Day Exploit Expands to Nine Additional Websites May 8, 2013 A zero-day exploit targeting Internet Explorer 8 has spread beyond its initial attack, impacting nine more websites over the weekend. This includes a significant European corporation in the aerospace, defense, and security sectors, along with various non-profit…

Read More

Internet Explorer 8 Zero-Day Attack Expands to Nine Additional Websites

May 08, 2013

A recent zero-day attack targeting Internet Explorer 8 on the U.S. Department of Labor’s website has now affected nine more global sites, including those operated by a major European aerospace, defense, and security company, alongside various non-profit organizations and institutions.

The attacks leverage a previously unknown and unpatched vulnerability in Microsoft’s Internet Explorer browser. Researchers have linked this campaign to a China-based hacking group known as “DeepPanda.” Security firm CrowdStrike reports that their investigations indicate the attack commenced in mid-March. Analysis of malicious infrastructure logs revealed visitor IP addresses from 37 different countries, with 71% based in the U.S., 11% in South/Southeast Asia, and 10% in Europe.

Malicious Actors Exploit Velociraptor Forensic Tool to Launch Visual Studio Code for C2 Tunneling

Cybersecurity experts have highlighted a recent cyber attack involving the misuse of Velociraptor, an open-source endpoint monitoring and digital forensic tool. This incident showcases the ongoing trend of leveraging legitimate software for nefarious purposes. According to a report from the Sophos Counter Threat Unit Research Team, the attackers employed Velociraptor to download and execute Visual Studio Code, likely aimed at establishing a tunnel to a command-and-control (C2) server they controlled. While the use of legitimate remote monitoring and management (RMM) tools is not new in cyber threats, the adoption of Velociraptor represents a significant shift, allowing attackers to gain a foothold without deploying their own malware. Further investigation into the attack has revealed that the perpetrators exploited Wind…

Attackers Exploit Velociraptor Forensic Tool to Deploy Visual Studio Code for Command-and-Control Tunneling On August 30, 2025, cybersecurity experts unveiled a concerning cyber attack involving the exploitation of Velociraptor, an open-source endpoint monitoring and digital forensic tool. This incident highlights a troubling trend where legitimate software is misused for nefarious…

Read More

Malicious Actors Exploit Velociraptor Forensic Tool to Launch Visual Studio Code for C2 Tunneling

Cybersecurity experts have highlighted a recent cyber attack involving the misuse of Velociraptor, an open-source endpoint monitoring and digital forensic tool. This incident showcases the ongoing trend of leveraging legitimate software for nefarious purposes. According to a report from the Sophos Counter Threat Unit Research Team, the attackers employed Velociraptor to download and execute Visual Studio Code, likely aimed at establishing a tunnel to a command-and-control (C2) server they controlled. While the use of legitimate remote monitoring and management (RMM) tools is not new in cyber threats, the adoption of Velociraptor represents a significant shift, allowing attackers to gain a foothold without deploying their own malware. Further investigation into the attack has revealed that the perpetrators exploited Wind…

China Enacts New Law Mandating Vendors to Report Zero-Day Vulnerabilities to Authorities

On July 17, 2021, the Cyberspace Administration of China (CAC) introduced stricter regulations regarding vulnerability disclosure. Under the new “Regulations on the Management of Network Product Security Vulnerability,” software and networking vendors are required to report critical flaws directly to government authorities within two days of identification. Set to take effect on September 1, 2021, these regulations aim to standardize the processes of discovering, reporting, and addressing security vulnerabilities while mitigating associated risks. Article 4 of the regulation prohibits any organization or individual from exploiting network security vulnerabilities for malicious activities and bans the illegal sale, collection, or publication of such information. The new rules also prevent the public disclosure of previously unknown security weaknesses.

China Enacts New Law Mandating Prompt Disclosure of Zero-Day Vulnerabilities On July 17, 2021, the Cyberspace Administration of China (CAC) introduced stringent regulations regarding the disclosure of cybersecurity vulnerabilities. Under the newly established “Regulations on the Management of Network Product Security Vulnerability,” software and networking vendors are now required to…

Read More

China Enacts New Law Mandating Vendors to Report Zero-Day Vulnerabilities to Authorities

On July 17, 2021, the Cyberspace Administration of China (CAC) introduced stricter regulations regarding vulnerability disclosure. Under the new “Regulations on the Management of Network Product Security Vulnerability,” software and networking vendors are required to report critical flaws directly to government authorities within two days of identification. Set to take effect on September 1, 2021, these regulations aim to standardize the processes of discovering, reporting, and addressing security vulnerabilities while mitigating associated risks. Article 4 of the regulation prohibits any organization or individual from exploiting network security vulnerabilities for malicious activities and bans the illegal sale, collection, or publication of such information. The new rules also prevent the public disclosure of previously unknown security weaknesses.

Researchers Discover New Malware Used by Chinese Cybercriminals

May 10, 2013

Trend Micro experts have identified a new piece of backdoor malware from the Winnti family, primarily utilized by a Chinese cybercriminal group targeting Southeast Asian organizations in the gaming sector. This Winnti malware enables hackers to take control of users’ systems via a backdoor hidden within the legitimate Aheadlib analysis tool. Named “Bkdr_Tengo.A,” it masquerades as a genuine system DLL file known as winmm.dll. “We believe this was executed using the legitimate Aheadlib analysis tool,” stated Eduardo Altares from Trend Micro. “The file is not encrypted and is relatively straightforward to analyze. Its primary function involves stealing Microsoft Office, .PDF, and .TIFF files from USB drives connected to the system. These extracted files are stored in the $NtUninstallKB080515$ folder within Windows, alongside a log file named Usblog_DXM.log that tracks the activity.”

New Malware Uncovered Linked to Chinese Cybercriminals Targeting Southeast Asian Gaming Sector May 10, 2013 Recent findings by researchers at Trend Micro reveal a sophisticated form of malware associated with the Winnti group, a well-known Chinese cybercriminal organization. This backdoor malware primarily targets organizations within the Southeast Asian video gaming…

Read More

Researchers Discover New Malware Used by Chinese Cybercriminals

May 10, 2013

Trend Micro experts have identified a new piece of backdoor malware from the Winnti family, primarily utilized by a Chinese cybercriminal group targeting Southeast Asian organizations in the gaming sector. This Winnti malware enables hackers to take control of users’ systems via a backdoor hidden within the legitimate Aheadlib analysis tool. Named “Bkdr_Tengo.A,” it masquerades as a genuine system DLL file known as winmm.dll. “We believe this was executed using the legitimate Aheadlib analysis tool,” stated Eduardo Altares from Trend Micro. “The file is not encrypted and is relatively straightforward to analyze. Its primary function involves stealing Microsoft Office, .PDF, and .TIFF files from USB drives connected to the system. These extracted files are stored in the $NtUninstallKB080515$ folder within Windows, alongside a log file named Usblog_DXM.log that tracks the activity.”

Rethinking Browser Security: Addressing the Threats Posed by Scattered Spider

As businesses increasingly rely on browser-based operations, security teams are confronted with escalating cyber threats. Today, over 80% of security incidents stem from web applications accessed through browsers like Chrome, Edge, and Firefox. A particularly agile adversary known as Scattered Spider (also identified as UNC3944, Octo Tempest, or Muddled Libra) has emerged, targeting sensitive data within these browsers. Unlike infamous cybercriminal groups such as Lazarus Group, Fancy Bear, and REvil, Scattered Spider has honed its methods over the past two years, focusing on the human element and browser environments. If critical information—like your calendar, login credentials, or security tokens—resides in your browser tabs, Scattered Spider is poised to seize it. This article will delve into the attack techniques employed by Scattered Spider and outline strategies to defend against them.

When Browsers Become the Attack Surface: Rethinking Security for Scattered Spider As businesses increasingly rely on web-based operations, security professionals are confronted with a mounting array of cyber threats. A startling statistic reveals that over 80% of security incidents now stem from web applications accessed through popular browsers such as…

Read More

Rethinking Browser Security: Addressing the Threats Posed by Scattered Spider

As businesses increasingly rely on browser-based operations, security teams are confronted with escalating cyber threats. Today, over 80% of security incidents stem from web applications accessed through browsers like Chrome, Edge, and Firefox. A particularly agile adversary known as Scattered Spider (also identified as UNC3944, Octo Tempest, or Muddled Libra) has emerged, targeting sensitive data within these browsers. Unlike infamous cybercriminal groups such as Lazarus Group, Fancy Bear, and REvil, Scattered Spider has honed its methods over the past two years, focusing on the human element and browser environments. If critical information—like your calendar, login credentials, or security tokens—resides in your browser tabs, Scattered Spider is poised to seize it. This article will delve into the attack techniques employed by Scattered Spider and outline strategies to defend against them.

Researcher Reveals Yet Another Unpatched Vulnerability in Windows Printer Spooler

Date: July 19, 2021

Just days after Microsoft raised alarms about an unpatched security flaw in the Windows Print Spooler service, yet another potential zero-day vulnerability has surfaced, marking the fourth printer-related issue identified in recent weeks. Will Dormann from the CERT Coordination Center noted in an advisory on Sunday that “Microsoft Windows allows non-admin users to install printer drivers through Point and Print.” He highlighted that printers installed this way can load arbitrary libraries by the privileged Windows Print Spooler process. Security researcher Benjamin Delpy, known for creating Mimikatz, has disclosed an exploit for this vulnerability. #printnightmare – Episode 4

New Unpatched Vulnerability Found in Windows Print Spooler Service On July 19, 2021, researchers revealed yet another unaddressed security flaw within Microsoft’s Windows Print Spooler service. This recent discovery surfaces only days after Microsoft issued a warning regarding a previously identified vulnerability in the same service, marking the fourth significant…

Read More

Researcher Reveals Yet Another Unpatched Vulnerability in Windows Printer Spooler

Date: July 19, 2021

Just days after Microsoft raised alarms about an unpatched security flaw in the Windows Print Spooler service, yet another potential zero-day vulnerability has surfaced, marking the fourth printer-related issue identified in recent weeks. Will Dormann from the CERT Coordination Center noted in an advisory on Sunday that “Microsoft Windows allows non-admin users to install printer drivers through Point and Print.” He highlighted that printers installed this way can load arbitrary libraries by the privileged Windows Print Spooler process. Security researcher Benjamin Delpy, known for creating Mimikatz, has disclosed an exploit for this vulnerability. #printnightmare – Episode 4

LulzSec Hackers Facing Sentencing for Cyber Attacks on CIA and Pentagon

Four individuals linked to the hacking group LulzSec appeared in a London court for sentencing on Wednesday. Ryan Ackroyd, Jake Davis, Mustafa al-Bassam, and Ryan Cleary have all pleaded guilty to various hacking offenses. The name LulzSec combines “lulz,” meaning to laugh out loud, and “security,” signaling a mockery of online security measures. Emerging from their bedrooms in 2011, they orchestrated attacks that inflicted millions of pounds in damages on entities like the NHS, CIA, and U.S. military websites, resulting in the theft of sensitive data, including emails, passwords, and credit card details of hundreds of thousands of individuals. Southwark Crown Court heard that they also executed distributed denial of service (DDoS) attacks that crashed numerous websites. Ackroyd, 26, from Mexborough, South Yorkshire, admitted to stealing data from Sony.

LulzSec Hackers Face Sentencing for Cyber Attacks against US Government Entities May 15, 2013 In a significant legal proceeding in London, four individuals tied to the hacking group LulzSec were sentenced on charges of orchestrating high-profile cyber attacks against multiple targets, including the CIA and the Pentagon. The defendants, Ryan…

Read More

LulzSec Hackers Facing Sentencing for Cyber Attacks on CIA and Pentagon

Four individuals linked to the hacking group LulzSec appeared in a London court for sentencing on Wednesday. Ryan Ackroyd, Jake Davis, Mustafa al-Bassam, and Ryan Cleary have all pleaded guilty to various hacking offenses. The name LulzSec combines “lulz,” meaning to laugh out loud, and “security,” signaling a mockery of online security measures. Emerging from their bedrooms in 2011, they orchestrated attacks that inflicted millions of pounds in damages on entities like the NHS, CIA, and U.S. military websites, resulting in the theft of sensitive data, including emails, passwords, and credit card details of hundreds of thousands of individuals. Southwark Crown Court heard that they also executed distributed denial of service (DDoS) attacks that crashed numerous websites. Ackroyd, 26, from Mexborough, South Yorkshire, admitted to stealing data from Sony.