Security Flaw Discovered in TotalRecall Could Compromise User Data Recent findings by security researcher Alex Hagenah have exposed a critical vulnerability in Microsoft’s TotalRecall application, highlighting potential risks in user data protection. According to Hagenah, while the security surrounding the Recall database itself is robust, the process that handles data…
Date: September 2, 2025
Categories: Financial Fraud / Endpoint Protection
The threat actor known as Silver Fox has been linked to the exploitation of a previously undetected vulnerable driver associated with WatchDog Anti-malware. This attack, classified as a Bring Your Own Vulnerable Driver (BYOVD) incident, aims to neutralize security solutions on compromised systems.
The specific driver involved, “amsdk.sys” (version 1.0.600), is a 64-bit, validly signed Windows kernel device driver believed to be based on the Zemana Anti-Malware SDK. According to an analysis by Check Point, “This driver, created using the Zemana Anti-Malware SDK, was Microsoft-signed, not included in the Microsoft Vulnerable Driver Blocklist, and evaded detection by community initiatives such as LOLDrivers.”
The attack employs a dual-driver approach, utilizing a known vulnerable Zemana driver (“zam.exe”) for Windows 7 systems, while leveraging the undetected WatchDog driver for Windows 10 and 11 environments. The WatchDog Anti-malware driver has been identified as containing multiple vulnerabilities.
Silver Fox Exploits Microsoft-Signed WatchDog Driver for ValleyRAT Malware Deployment In a concerning development within the cybersecurity landscape, the threat actor operating under the alias Silver Fox has been linked to the exploitation of an undisclosed vulnerable driver associated with WatchDog Anti-malware. This activity represents a sophisticated Bring Your Own…
Date: September 2, 2025
Categories: Financial Fraud / Endpoint Protection
The threat actor known as Silver Fox has been linked to the exploitation of a previously undetected vulnerable driver associated with WatchDog Anti-malware. This attack, classified as a Bring Your Own Vulnerable Driver (BYOVD) incident, aims to neutralize security solutions on compromised systems.
The specific driver involved, “amsdk.sys” (version 1.0.600), is a 64-bit, validly signed Windows kernel device driver believed to be based on the Zemana Anti-Malware SDK. According to an analysis by Check Point, “This driver, created using the Zemana Anti-Malware SDK, was Microsoft-signed, not included in the Microsoft Vulnerable Driver Blocklist, and evaded detection by community initiatives such as LOLDrivers.”
The attack employs a dual-driver approach, utilizing a known vulnerable Zemana driver (“zam.exe”) for Windows 7 systems, while leveraging the undetected WatchDog driver for Windows 10 and 11 environments. The WatchDog Anti-malware driver has been identified as containing multiple vulnerabilities.
July 21, 2021
Recent findings have uncovered a local privilege escalation vulnerability in Microsoft’s Windows 10 and the soon-to-be-released Windows 11, enabling users with limited permissions to access critical system files. This loophole, referred to as “SeriousSAM,” allows unauthorized individuals to potentially reveal the operating system installation password and decrypt private keys.
According to a vulnerability note from the CERT Coordination Center (CERT/CC), since Windows 10 build 1809, non-administrative users have had access to the SAM, SYSTEM, and SECURITY registry hive files, which could lead to local privilege escalation (LPE). The affected operating system configuration files include:
c:\Windows\System32\config\samc:\Windows\System32\config\systemc:\Windows\System32\config\securityMicrosoft, which has assigned the identifier CVE-2021-36934 to this vulnerability, has acknowledged the issue but has not yet released a patch.
New Windows and Linux Vulnerabilities Grant Attackers Elevated System Privileges July 21, 2021 Recent discoveries have unveiled significant local privilege escalation vulnerabilities affecting Microsoft’s Windows 10 and the soon-to-be-released Windows 11. These flaws allow users with limited permissions to gain access to critical system files, creating avenues for attackers to…
July 21, 2021
Recent findings have uncovered a local privilege escalation vulnerability in Microsoft’s Windows 10 and the soon-to-be-released Windows 11, enabling users with limited permissions to access critical system files. This loophole, referred to as “SeriousSAM,” allows unauthorized individuals to potentially reveal the operating system installation password and decrypt private keys.
According to a vulnerability note from the CERT Coordination Center (CERT/CC), since Windows 10 build 1809, non-administrative users have had access to the SAM, SYSTEM, and SECURITY registry hive files, which could lead to local privilege escalation (LPE). The affected operating system configuration files include:
c:\Windows\System32\config\samc:\Windows\System32\config\systemc:\Windows\System32\config\securityMicrosoft, which has assigned the identifier CVE-2021-36934 to this vulnerability, has acknowledged the issue but has not yet released a patch.
Significant Cyber Espionage Campaign Targeting Pakistan Linked to India
May 20, 2013
Cybersecurity researchers have uncovered a series of information-stealing malware attacks aimed at Pakistan that are believed to originate from India. Norman Shark, a leader in malware analysis solutions for enterprises, service providers, and government agencies, has released a report detailing a complex cyber-attack infrastructure traced back to India.
This ongoing campaign, attributed to private threat actors over three years, shows no direct evidence of state involvement. The primary aim of the extensive command-and-control network appears to be intelligence gathering from both national security targets and private sector companies.
Attackers exploited vulnerabilities in Microsoft software, deploying malware known as HangOver onto their targets, the majority of which were located in Pakistan. A total of 511 infections related to this campaign have been identified. HangOver is capable of installing keyloggers and capturing screenshots, among other functionalities.
Significant Cyber Espionage Campaign Targeting Pakistan Linked to India May 20, 2013 Cybersecurity experts have uncovered a sophisticated family of malware designed for information theft, predominantly targeting Pakistan, and traced its origins to India. In a comprehensive report released by Norman Shark, a global leader in malware analysis for enterprises,…
Significant Cyber Espionage Campaign Targeting Pakistan Linked to India
May 20, 2013
Cybersecurity researchers have uncovered a series of information-stealing malware attacks aimed at Pakistan that are believed to originate from India. Norman Shark, a leader in malware analysis solutions for enterprises, service providers, and government agencies, has released a report detailing a complex cyber-attack infrastructure traced back to India.
This ongoing campaign, attributed to private threat actors over three years, shows no direct evidence of state involvement. The primary aim of the extensive command-and-control network appears to be intelligence gathering from both national security targets and private sector companies.
Attackers exploited vulnerabilities in Microsoft software, deploying malware known as HangOver onto their targets, the majority of which were located in Pakistan. A total of 511 infections related to this campaign have been identified. HangOver is capable of installing keyloggers and capturing screenshots, among other functionalities.
OpenAI Unveils Cybersecurity Strategy and GPT-5.4-Cyber Model Amid Industry Developments OpenAI announced an important development in its cybersecurity strategy on Tuesday with the introduction of GPT-5.4-Cyber, a model tailored for digital security professionals. This launch arrives shortly after competitor Anthropic disclosed the limited private release of its new Claude Mythos…
On July 26, 2021, a critical unpatched vulnerability affecting Microsoft Windows 10 and 11 was publicly disclosed. Known as SeriousSAM, this vulnerability enables attackers with low-level permissions to access sensitive system files, potentially leading to Pass-the-Hash and Silver Ticket attacks. Exploiting this flaw can allow attackers to access hashed passwords within the Security Account Manager (SAM) and the Registry, ultimately enabling them to execute arbitrary code with SYSTEM privileges.
The SeriousSAM vulnerability, identified as CVE-2021-36934, is present in the default settings of Windows 10 and 11 due to a configuration that grants ‘read’ permissions to the built-in users group, which includes all local users. Consequently, these users can access SAM files and the Registry, allowing them to view password hashes. With ‘User’ access, attackers can utilize tools like Mimikatz to further exploit the system.
Security Alert: Exposure of SeriousSAM Vulnerability in Windows 10 and 11 July 26, 2021 A newly disclosed vulnerability, dubbed SeriousSAM, poses significant risks to users of Microsoft Windows 10 and Windows 11. This unpatched flaw enables attackers with minimal privileges to gain access to critical Windows system files, potentially leading…
On July 26, 2021, a critical unpatched vulnerability affecting Microsoft Windows 10 and 11 was publicly disclosed. Known as SeriousSAM, this vulnerability enables attackers with low-level permissions to access sensitive system files, potentially leading to Pass-the-Hash and Silver Ticket attacks. Exploiting this flaw can allow attackers to access hashed passwords within the Security Account Manager (SAM) and the Registry, ultimately enabling them to execute arbitrary code with SYSTEM privileges.
The SeriousSAM vulnerability, identified as CVE-2021-36934, is present in the default settings of Windows 10 and 11 due to a configuration that grants ‘read’ permissions to the built-in users group, which includes all local users. Consequently, these users can access SAM files and the Registry, allowing them to view password hashes. With ‘User’ access, attackers can utilize tools like Mimikatz to further exploit the system.
LulzSec Hacker Jeremy Hammond Admits Guilt in Stratfor Cyberattack, Facing Up to 10 Years in Prison
May 28, 2013
A hacker associated with LulzSec and Anonymous, Jeremy Hammond, pled guilty on Tuesday to infiltrating Stratfor, a global intelligence firm. The 28-year-old was arrested last March for his part in the breach, which involved theft of sensitive data, website defacements, and temporary disruptions to operations, impacting over a million individuals. Hammond was charged under the controversial Computer Fraud and Abuse Act of 1984—the same legislation previously used against late cyber-activist Aaron Swartz. His plea deal could result in a decade-long prison sentence and significant restitution, with sentencing scheduled for September. In addition to the Stratfor incident, Hammond acknowledged responsibility for eight other cyberattacks targeting law enforcement, intelligence agencies, and defense contractors.
Jeremy Hammond Pleads Guilty in Stratfor Cyberattack Case: Potential Decade-Long Sentence Awaits On May 28, 2013, Jeremy Hammond, linked to the hacking collective LulzSec and the broader Anonymous movement, entered a guilty plea concerning his role in the cyberattack against Stratfor, a prominent global intelligence organization. At 28 years old,…
LulzSec Hacker Jeremy Hammond Admits Guilt in Stratfor Cyberattack, Facing Up to 10 Years in Prison
May 28, 2013
A hacker associated with LulzSec and Anonymous, Jeremy Hammond, pled guilty on Tuesday to infiltrating Stratfor, a global intelligence firm. The 28-year-old was arrested last March for his part in the breach, which involved theft of sensitive data, website defacements, and temporary disruptions to operations, impacting over a million individuals. Hammond was charged under the controversial Computer Fraud and Abuse Act of 1984—the same legislation previously used against late cyber-activist Aaron Swartz. His plea deal could result in a decade-long prison sentence and significant restitution, with sentencing scheduled for September. In addition to the Stratfor incident, Hammond acknowledged responsibility for eight other cyberattacks targeting law enforcement, intelligence agencies, and defense contractors.
A recent report from Qrator Labs discloses a staggering growth in the largest DDoS botnet, which has expanded to encompass 13.5 million devices, empowering hackers to execute attacks with peak capacities of 2 Tbps. The FinTech and betting sectors have emerged as the primary targets during the first quarter of…
Ukrainian Network FDN3 Conducts Widespread Brute-Force Attacks on SSL VPN and RDP Devices
Date: Sep 02, 2025
Category: Cyber Attack / Botnet
Cybersecurity experts have identified a Ukrainian IP network engaging in extensive brute-force and password spraying campaigns against SSL VPN and RDP devices between June and July 2025. The operations are traced back to the Ukraine-based autonomous system FDN3 (AS211736), according to French cybersecurity firm Intrinsec. “We have high confidence that FDN3 is part of a larger malicious infrastructure that includes two other Ukrainian networks, VAIZ-AS (AS61432) and ERISHENNYA-ASN (AS210950), as well as a Seychelles-based system, TK-NET (AS210848),” the report stated. “All of these were allocated in August 2021 and frequently exchange IPv4 prefixes to bypass blocklisting and sustain their abusive operations.” AS61432 currently announces a single prefix, 185.156.72[.]0/24, while AS210950 has two prefixes: 45.143.201[.]0/24 and 185.193.89[.]0/24. These autonomous systems were allocated in May…
Ukrainian Network FDN3 Targets SSL VPN and RDP Devices with Coordinated Brute-Force Attacks On September 2, 2025, cybersecurity experts reported significant brute-force and password spraying campaigns linked to a Ukrainian IP network known as FDN3 (AS211736). These attacks were specifically aimed at SSL VPN and Remote Desktop Protocol (RDP) devices…
Ukrainian Network FDN3 Conducts Widespread Brute-Force Attacks on SSL VPN and RDP Devices
Date: Sep 02, 2025
Category: Cyber Attack / Botnet
Cybersecurity experts have identified a Ukrainian IP network engaging in extensive brute-force and password spraying campaigns against SSL VPN and RDP devices between June and July 2025. The operations are traced back to the Ukraine-based autonomous system FDN3 (AS211736), according to French cybersecurity firm Intrinsec. “We have high confidence that FDN3 is part of a larger malicious infrastructure that includes two other Ukrainian networks, VAIZ-AS (AS61432) and ERISHENNYA-ASN (AS210950), as well as a Seychelles-based system, TK-NET (AS210848),” the report stated. “All of these were allocated in August 2021 and frequently exchange IPv4 prefixes to bypass blocklisting and sustain their abusive operations.” AS61432 currently announces a single prefix, 185.156.72[.]0/24, while AS210950 has two prefixes: 45.143.201[.]0/24 and 185.193.89[.]0/24. These autonomous systems were allocated in May…