Summary:
The Mandiant Red Team conducted an assessment to illustrate how advanced threat actors can exploit Microsoft Entra ID environments, particularly through Intune-managed Privileged Access Workstations (PAWs). By abusing specific…Tag: CREDENTIAL
Summary:
Venture Wolf is a cyber threat actor that employs sophisticated loaders to deliver the MetaStealer malware. These loaders utilize various decoy files and obfuscation techniques to inject malicious payloads…Summary:
A new keylogger attributed to the North Korean group Andariel has been identified, targeting U.S. organizations. This malware employs various anti-analysis techniques, including junk code and keystroke logging, while…Summary:
The discovery of the malicious npm package “jest-fet-mock” highlights a novel approach to supply chain attacks, utilizing Ethereum smart contracts for command-and-control operations. This cross-platform malware targets development environments…Summary: Researchers have demonstrated the potential for abusing OpenAI’s ChatGPT-4o voice API to conduct financial scams, revealing significant vulnerabilities in current safeguards. The study highlights various scam types and their …
Summary:
GootLoader has evolved into an initial access as a service platform, primarily used by cybercriminals to deliver GootKit, a sophisticated info stealer and remote access Trojan. Utilizing SEO poisoning…Summary:
In August 2024, a new crimeware bundle named “SteelFox” was identified, utilizing sophisticated execution chains to spread via forums and torrent sites. It masquerades as legitimate software, extracting sensitive…Summary:
This report provides an in-depth analysis of SpyNote, a sophisticated Android malware variant that disguises itself as a legitimate antivirus application. It details the malware’s techniques for gaining extensive…Summary:
The article outlines various phishing attempts through email, detailing the types of attachments used and the number of users targeted. The emails primarily involve financial documents and requests, indicating…Summary:
The U.S. Office of Public Affairs announced the seizure of 32 websites linked to the “Doppelganger” campaign, suspected to be a Russian-sponsored cyberpropaganda effort targeting the U.S. and other…Summary:
This report discusses the ClickFix social engineering tactic, which utilizes deceptive web pages to trick users into executing malicious PowerShell commands, leading to system infections. The analysis highlights various…Summary:
This article discusses the detection of DNS hijacking, a cyber threat where attackers manipulate DNS records to redirect users to malicious sites. It highlights the detection process, notable incidents…Summary:
The CERT-AGID has recently identified and mitigated a new malspam campaign aimed at spreading the Vidar malware. The emails, disguised as legitimate communications from an Italian company regarding unpaid…Summary:
A new phishing campaign targeting Keybank customers has been identified, utilizing Bing’s search engine to display malicious links as top search results. The attackers employ various techniques to evade…Summary:
Deepfakes pose significant risks, as demonstrated by a recent incident where a finance worker was scammed out of $25 million. Research by Palo Alto Networks Unit 42 revealed extensive…Summary:
APT36, also known as Transparent Tribe, is a Pakistan-based threat actor that has been persistently targeting Indian government organizations and military facilities. This report details the evolution of their…Summary:
The report analyzes the covert cyber reconnaissance activities of the state-backed APT37 group, which targets South Korean individuals and organizations related to North Korean human rights and security. It…Video Summary
Video SummaryThe video discusses two common approaches for handling authentication and authorization using sessions and JSON Web Tokens (JWTs).
Key Points: The server verifies user credentials and…Summary:
HUMAN’s Satori Threat Intelligence and Research team has disrupted a large-scale fraud operation known as Phish ‘n’ Ships, which involved fake web shops exploiting digital payment providers to steal…Summary:
Rapid7’s Incident Response team investigated a Microsoft Exchange service account breach that led to unauthorized access and lateral movement across the network, compromising the entire domain. The attacker exploited…Summary:
In October 2024, EclecticIQ analysts identified a malvertising campaign utilizing the Latrodectus JavaScript downloader to deliver Brute Ratel C4 malware, likely linked to the financially motivated Russian-speaking group LUNAR…Summary:
Tropic Trooper, also known as Pirate Panda and APT 23, is a Chinese state-sponsored cyber threat group that has been active since 2011. Specializing in espionage, the group targets…Use Cases of Linux Audit system:
Watching file access Monitoring system calls Recording commands run by a user Recording security events Searching for events Running summary reports Monitoring network access…Summary:
Cisco Talos has identified a phishing campaign targeting Facebook business and advertising account users in Taiwan, utilizing deceptive emails and malware delivery methods to compromise victims. The threat actor…Summary: The US and Israel have issued a warning regarding the Iranian state-sponsored threat actor Cotton Sandstorm, which is employing new tactics, including generative AI, to conduct cyber operations targeting …
Summary:
This article discusses an incident involving a threat actor’s unsuccessful attempt to bypass Cortex XDR, which inadvertently provided valuable insights into their operations. Through the investigation, Unit 42 uncovered…Summary:
In recent research, Bitdefender Labs has uncovered a sophisticated malvertising campaign leveraging Meta’s advertising platform to distribute SYS01 InfoStealer malware. This ongoing attack impersonates popular brands to trick users…Summary: Hikvision has issued firmware updates to fix a security vulnerability that could expose users’ Dynamic DNS credentials, affecting numerous network camera models. The flaw allowed sensitive information to be …
Summary: A recent Rapid7 report details a significant compromise of a Microsoft SharePoint server, attributed to the exploitation of CVE-2024-38094, which allowed attackers to gain domain access and impact critical …
Short Summary:
The Sysdig Threat Research Team uncovered a global operation named EMERALDWHALE, which targeted exposed Git configurations, resulting in the theft of over 15,000 cloud service credentials. The attackers …
Guardio Labs has revealed a critical vulnerability in the Opera browser that allows malicious extensions to exploit Private APIs, leading to severe security risks such as screen capturing …
Rapid7’s Incident Response team investigated a Microsoft Exchange service account breach that led to unauthorized access and lateral movement across the network. The attacker exploited a vulnerability in …
Short Summary:
This article discusses packers and crypters, which are tools used to complicate malware analysis. It explains the differences between the two, their detection methods, and various tools that …
Unit 42 has identified Jumpy Pisces, a North Korean state-sponsored threat group, as a key player in a recent ransomware incident involving collaboration with the Play ransomware group. …
This article discusses Netcraft’s research on the Xiū gǒu (修狗) phishing kit, which has been active since September 2024. The kit targets various countries, including the US, UK, …
Sophos has been actively combating multiple threat actors based in China who target perimeter devices, particularly Sophos firewalls. This article outlines a timeline of notable activities by these …
The Strela Stealer phishing campaign, identified by Cyble Research and Intelligence Labs, targets users in Central and Southwestern Europe by posing as invoice notifications. It employs obfuscated JavaScript …
Short Summary:
The CryptoAITools malware campaign targets cryptocurrency enthusiasts through a malicious Python package and deceptive GitHub repositories. This multi-stage malware aims to steal sensitive data and drain crypto wallets …
Short Summary:
Attackers are using a fake CAPTCHA as a method to distribute malware, primarily targeting gamers. This campaign, which has expanded to various online resources, delivers the Lumma stealer …
Summary: This blogpost provides a detailed technical analysis of CloudScout, a sophisticated post-compromise toolset employed by the Evasive Panda APT group to target a government entity and a religious organization …
Short Summary:
A critical vulnerability, CVE-2024-47575, known as “FortiJump,” was discovered in FortiManager, allowing remote, unauthenticated attackers to execute arbitrary commands. Fortinet released a patch on October 23, 2024, but …
Short Summary:
The Expiro malware, a persistent file infector, continues to evolve and pose significant threats to Windows systems, particularly highlighted by a recent surge in infections in Zimbabwe. Its …
Short Summary:
Rekoobe is a backdoor malware associated with APT31, known for its use in cyber espionage and data theft. Recent investigations revealed its deployment through open directories and potential …
Short Summary:
The article discusses various cloud services and domains associated with Ukraine’s governmental and military sectors, emphasizing the extensive use of AWS cloud infrastructure across different regions and agencies.…
Short Summary:
In September 2024, Google Threat Intelligence Group uncovered UNC5812, a suspected Russian espionage operation utilizing a Telegram persona named “Civil Defense” to distribute malware targeting Windows and Android …
Short Summary:
Proofpoint has reported a rise in cryptocurrency fraud involving job scams that impersonate reputable organizations. This new tactic, which is a shift from traditional Pig Butchering scams, targets …
Summary: A newly identified vulnerability in One Identity Safeguard for Privileged Sessions (SPS) allows attackers to bypass authentication and gain unauthorized access to privileged sessions via the RDP component. The …
Summary: Cisco has addressed multiple vulnerabilities in its security products, including an actively exploited Denial of Service (DoS) flaw tracked as CVE-2024-20481, which affects the Remote Access VPN service. The …