Mastodawn

Moonrise RAT: A New Low-Detection Threat with High-Cost Consequences

A new Go-based remote access trojan named Moonrise has been discovered, operating without early static detection and establishing active C2 communication before vendor alerts. The RAT supports credential theft, remote command execution, persistence, and user monitoring, enabling full remote control of infected endpoints. Its capabilities include stealing passwords, executing remote commands, uploading files, capturing screens, and accessing webcams and microphones. The malware's silent operation increases business exposure, extending dwell time and raising risks of data loss and operational disruption. The attack chain involves session registration, host environment visibility, direct system interaction, credential access, active user monitoring, and privilege manipulation. Early detection strategies involve monitoring for weak signals, rapid triage with behavior confirmation, and threat hunting to prevent repeat incidents.

Pulse ID: 699dd912a5b53c853ec6c4c4
Pulse Link: https://otx.alienvault.com/pulse/699dd912a5b53c853ec6c4c4
Pulse Author: AlienVault
Created: 2026-02-24 17:00:02

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #Endpoint #InfoSec #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #RemoteAccessTrojan #RemoteCommandExecution #Trojan #Word #bot #AlienVault

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange

SnoopGod Linux Jul 4, 2024

Hackers attack HFS servers to drop malware and Monero miners
#ACTIVELYEXPLOITED #REJETTOHFS #REMOTECOMMANDEXECUTION #malware https://www.bleepingcomputer.com/news/security/hackers-attack-hfs-servers-to-drop-malware-and-monero-miners/

Hackers attack HFS servers to drop malware and Monero miners

Hackers are targeting older versions of the HTTP File Server (HFS) from Rejetto to drop malware and cryptocurrency mining software.

BleepingComputer

Antonio Francesco Sardella Sep 5, 2023

The advisory of the authenticated command injection I found on Cacti 1.2.24 has been published (CVE-2023-39362).

https://github.com/Cacti/cacti/security/advisories/GHSA-g6ff-58cj-x3cp

#security #cybersecurity #websecurity #appsec #applicationsecurity #hacking #responsibledisclosure #exploit #cacti #rce #commandinjection #remotecommandexecution #cve202339362

Authenticated command injection when using SNMP options

### Summary In Cacti 1.2.24, under certain conditions, an authenticated privileged user, can use a malicious string in the SNMP options of a Device, performing command injection and obtaining remo...

GitHub

🛡 [email protected]/:~#

Jul 26, 2023

"⚠️ OpenSSH Flaw: Potential for Remote Command Execution ⚠️"

A now-patched flaw in OpenSSH could be potentially exploited to run arbitrary commands remotely on compromised hosts. Stay informed!

Source: [The Hacker News](https://thehackernews.com/)

Tags: #OpenSSH #Flaw #RemoteCommandExecution #CyberSecurity #PatchUp 💻🔐

The Hacker News | #1 Trusted Source for Cybersecurity News

The Hacker News is the top cybersecurity news platform, delivering real-time updates, threat intelligence, data breach reports, expert analysis, and actionable insights for infosec professionals and decision-makers.

The Hacker News

ITSEC News Dec 9, 2020

D-Link Routers at Risk for Remote Takeover from Zero-Day Flaws - Critical vulnerabilities discovered by Digital Defense can allow attackers to gain root access and... https://threatpost.com/d-link-routers-zero-day-flaws/162064/ #remotecommandexecution #vulnerabilities #digitaldefense #remoteworkers #securityflaws #zero-dayflaws #homerouters #networking #covid-19 #firmware #internet #pandemic #wireless #routers #d-link

D-Link Routers at Risk for Remote Takeover from Zero-Day Flaw

Critical vulnerabilities discovered by Digital Defense can allow attackers to gain root access and take over devices running same firmware.

Threatpost - English - Global - threatpost.com