The article discusses a phishing campaign utilizing the Mamba 2FA phishing kit, which mimics Microsoft 365 login pages and employs advanced techniques to capture user credentials and multi-factor …
Tag: SSO
Summary: The UK’s National Cyber Security Centre (NCSC) has issued a warning about Iranian cyber threats, specifically a spear phishing campaign attributed to Iran’s Islamic Revolutionary Guard Corps (IRGC). This …
Summary: GitLab has released a critical security update to address a severe vulnerability (CVE-2024-45409) affecting its Community and Enterprise Editions, which could allow unauthorized access through SAML authentication flaws. Administrators …
Short Summary:
This article discusses a sophisticated phishing attack that impersonates a company’s human resources department. It highlights the tactics used by threat actors to deceive employees into clicking malicious …
Summary: Scattered Spider, a notorious ransomware group, has been executing sophisticated phishing attacks targeting financial and insurance companies to steal credentials and launch ransomware attacks on cloud environments. Their tactics …
Short Summary:
EclecticIQ analysts have researched ransomware operations, particularly focusing on SCATTERED SPIDER, a group targeting cloud infrastructures in the insurance and financial sectors. They employ social engineering tactics, including …
Summary: Lowe’s employees are being targeted by phishing attacks through malicious Google ads that mimic the company’s employee portal, MyLowesLife. These typosquatting websites are designed to steal employee credentials by …
Summary: A recent report by AppOmni reveals that 31% of global organizations experienced data breaches in their SaaS applications last year, highlighting significant gaps in cybersecurity awareness and accountability. The …
Summary: SolarWinds has released a hotfix for a critical vulnerability (CVE-2024-28987) in its Web Help Desk software, which involves hardcoded credentials that can be exploited by remote attackers. This follows …
Short Summary:
Recently, an employee received a phishing email attempting to steal AWS login credentials. The email contained a link that redirected to a credential harvesting page mimicking the legitimate …
Threat Actor: Unknown | Unknown Victim: Major Casino Software Provider | Major Casino Software Provider Price: $80,000 Exfiltrated Data Type: Unauthorized access to casino software
Key Points :
The threat…Threat Actor: Unknown | unknown Victim: US Gambling Company | US Gambling Company Price: $40,000 Exfiltrated Data Type: SSH, API, SafePay, SSO, CI/CD, Slack, Gitlab & Docker
Key Points : …
“`html Short Summary:
The article discusses the rise of Account-in-the-Middle (AiTM) phishing attacks, particularly focusing on the NakedPages phishing toolkit. It outlines various techniques used by attackers to evade detection, …
Published On : 2024-07-26
EXECUTIVE SUMMARYA recent update from CrowdStrike caused the Blue Screen of Death (BSOD) on many Windows computers globally, leading to widespread disruption. Cybercriminals quickly exploited …
Published On : 2024-07-21
EXECUTIVE SUMMARYA recent update from cybersecurity firm CrowdStrike caused the Blue Screen of Death (BSOD) on many Windows computers due to a faulty update to …
Summary: This blog post discusses a recent phishing attempt that impersonates a company’s HR department and provides insights to help recognize and avoid falling victim to such scams.
Threat Actor: …
IntelBroker, a notorious figure known for orchestrating high-profile cyberattacks, operates within BreachForums. Specializing in identifying and selling access to compromised systems, sensitive data leaks, and possibly extortion, IntelBroker facilitates various …
Summary: This article discusses a cybercrime incident where a terminated worker unlawfully accessed patient information at Geisinger, a healthcare organization.
Threat Actor: Former employee of Nuance Communications Inc. | Nuance …
Threat Actor: Unknown | Unknown Victim: Atlassian Jira | Atlassian Jira Price: 800,000 XMR (Monero) Exfiltrated Data Type: Not specified
Additional Information:
The threat actor is selling a zero-day Remote…Summary: The Scattered Spider gang has shifted their focus to stealing data from software-as-a-service (SaaS) applications and creating new virtual machines for persistence.
Threat Actor: Scattered Spider | Scattered Spider …
UNC3944 is a financially motivated threat group that carries significant overlap with public reporting of “0ktapus,” “Octo Tempest,” “Scatter Swine,” and “Scattered Spider,” and has been observed adapting its …
Summary: A proof-of-concept exploit for a Veeam Backup Enterprise Manager authentication bypass flaw has been publicly released, highlighting the need for immediate security updates.
Threat Actor: Remote unauthenticated attackers
Victim: …
Summary: Microsoft has officially deprecated NTLM authentication on Windows and Windows servers, urging developers to transition to more secure alternatives like Kerberos or Negotiation authentication.
Threat Actor: N/A
Victim: N/A…
Summary: The content discusses the prevalence of account takeover attacks and their impact on organizations, based on a survey conducted by Abnormal Security.
Threat Actor: Account takeover attacks
Victim: Organizations…
Summary: Cloudflare acquires a zero trust infrastructure access startup to enhance remote access security for critical infrastructure.
Threat Actor: Cloudflare | Cloudflare Victim: N/A
Key Point :
Cloudflare has purchased…In so many penetration tests or assessments, the client gives you a set of subnets and says “go for it”. This all seems reasonable, until you realize that if you …
Huntress uncovered the infrastructure of a mass phishing campaign including potentially novel tradecraft that combines HTML smuggling, injected iframes, and session theft via transparent proxy. This technique allows an …
Summary: This content discusses an authentication bypass vulnerability (CVE-2024-4985) recently fixed by GitHub, which impacts GitHub Enterprise Server instances using SAML single sign-on authentication.
Threat Actor: N/A Victim: GitHub Enterprise …
Summary: This content discusses the features and functionality of Authelia, an open-source authentication and authorization server that offers 2FA and SSO for applications through a web portal.
Threat Actor: N/A…
Summary: This content discusses the importance of having adequate identity access management (IAM) policies in place, specifically focusing on authentication and authorization, in order to ensure the security of applications …
Threat Actor: Unknown | Unknown Victim: Department of International Trade Promotion (DITP) | Department of International Trade Promotion Price: Not specified Exfiltrated Data Type: Personally Identifiable Information (PII)
Additional Information …
Summary: This content discusses the risks associated with authentication tokens and their importance in cybersecurity.
Threat Actor: N/A
Victim: N/A
Key Point :
Authentication tokens, also known as session tokens,…Summary: Scattered Spider, a threat actor group, is targeting companies in the finance and insurance industries using convincing lookalike domains and login pages, as well as sim swapping attacks to …
Summary: This article discusses the FIDO2 authentication method, its purpose, and how it protects against various attacks. It also explores the vulnerability of FIDO2 to man-in-the-middle attacks and provides mitigation …
This post is also available in: 日本語 (Japanese)
Executive SummaryUnit 42 researchers have discovered that the Muddled Libra group now actively targets software-as-a-service (SaaS) applications and cloud service provider …
Summary: This article discusses LSA Whisperer, an open-source tool designed to interact with authentication packages and recover credentials from the Local Security Authority Subsystem Service (LSASS) without accessing its memory.…
Organizations are increasingly turning to cloud computing for IT agility, resilience and scalability. Amazon Web Services (AWS) stands at the forefront of this digital transformation, offering a robust, flexible and …
Summary: LastPass users are being targeted by a malicious campaign using the CryptoChameleon phishing kit, which is associated with cryptocurrency theft.
Threat Actor: CryptoChameleon | CryptoChameleon Victim: LastPass users | …
Summary: The threat actor known as Muddled Libra is actively targeting software-as-a-service (SaaS) applications and cloud service provider (CSP) environments to exfiltrate sensitive data, using sophisticated social engineering techniques and …
A proxy server is an intermediary system that sits between end users and the websites or services they access online. It provides functions like web filtering, enhanced security, and data …
Key Point : – Phishing attacks targeting login credentials for IAM, cloud resources, and SSO-enabled systems are on the rise. – SMS phishing (smishing) has seen a significant surge in …
This document will help and guide you to start your first threat hunting based on MITRE ATT&CK Tactics.
Reconnaissance Objective:Identify potential reconnaissance activity on the network
Description:Reconnaissance …
This educational session introduces the concept of Privileged Access Management (PAM), focusing on why securing privileged accounts is crucial in today’s cybersecurity landscape. The session covers the challenges associated with …
JPCERT/CC held JSAC2024 on January 25 and 26, 2024. The purpose of this conference is to raise the knowledge and technical level of security analysts, and we aimed to bring …
To enhance our threat intelligence, improve detection and identify new threats, Sekoia analysts engage in continuous hunting to address the main threats affecting our customers. For this, we proactively …
Cisco Talos is providing an update on its two recent reports on a new and ongoing campaign where Turla, a Russian espionage group, deployed their TinyTurla-NG (TTNG) implant. We now have new information on …
Tenable Research discovered a one-click account takeover vulnerability in the AWS Managed Workflows Apache Airflow service that could have allowed full takeover of a victim’s web management panel of the …
Key Points
ReliaQuest has observed 246% more business email compromise (BEC) attempts over the past year; this highlights the growing risk of fraud or other damage caused by cyber attacks,…A new Denial-of-Service (DoS) attack targets application-layer protocols that draw on the User Datagram Protocol (UDP) for end-to-end communication. ‘Application-layer Loop DoS Attacks’ pair servers of these protocols in such …