− Experts Uncover 70,000 Hijacked Domains in Widespread 'Sitting Ducks' Attack Scheme

Multiple threat actors have been found taking advantage of an attack technique called Sitting Ducks to hijack legitimate domains for using them in phishing attacks and investment fraud schemes for years. The findings come from Infoblox, which said it identified nearly 800,000 vulnerable registered domains over the past three months, of which approximately 9% (70,000) have been subsequently
		
		https://blogs.infoblox.com/threat-intelligence/dns-predators-hijack-domains-to-supply-their-attack-infrastructure/
   

− ESET APT Activity Report Q2 2024–Q3 2024: Key findings

An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q2 2024 and Q3 2024
		
		https://www.welivesecurity.com/en/eset-research/eset-apt-activity-report-q2-2024-q3-2024/
   

Vulnerabilities

Multiple Critical Vulnerabilities in Ivanti EPM

Ivanti have announced multiple Critical Vulnerabilities in Ivanti EPM.
                
                https://www.ncsc.gov.ie/pdfs/2411140370_UPDATE_Crit_Vuln_in_Ivanti_EPM.pdf

− Fortinet VPN Zero-Day Exploited in Malware Attacks Remains Unpatched: Report

The DeepData malware framework was seen exploiting a Fortinet VPN client for Windows zero-day that remains unpatched.
		
		https://www.volexity.com/blog/2024/11/15/brazenbamboo-weaponizes-forticlient-vulnerability-to-steal-vpn-credentials-via-deepdata/
   

− Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails

A newly patched security flaw impacting Windows NT LAN Manager (NTLM) was exploited as a zero-day by a suspected Russia-linked actor as part of cyber attacks targeting Ukraine.
		
		https://www.clearskysec.com/0d-vulnerability-exploited-in-the_wild/
   

 

--- TLP:CLEAR ---