Author: Admin
August 24, 2024Ravi LakshmananElection Security / Threat Intelligence Meta Platforms on Friday became the latest company to follow Microsoft, Google and OpenAI to expose the activities of an Iranian state threat actor it said was using a set of WhatsApp accounts that attempted to attack individuals in Israel, Palestine, Iran, the UK and the US The cluster of activity that originated in Iran “appears to have focused on political and diplomatic officials and other public figures, including some associated with the administrations of President Biden and former President Trump,” Meta said. The social media giant attributed it to a nation-state…
August 24, 2024Ravi LakshmananVulnerability / National Security The US Cybersecurity and Infrastructure Security Agency (CISA) has placed security flaw that affects Versa Director before its known exploited vulnerabilities (KEV) catalog based on evidence of active operation. A medium-severity vulnerability that is tracked as CVE-2024-39717 (CVSS Score: 6.6), is a case of a file upload bug that affects the “Change Favicon Icon” feature, which could allow a threat actor to download a malicious file by masquerading as a seemingly harmless PNG image file. “The Versa Director GUI contains an unlimited download of a file with an unsafe type of vulnerability that…
August 23, 2024Ravi LakshmananMalware / Threat Intelligence Cybersecurity researchers have discovered a never-before-seen dropper that serves as a conduit to launch the next stage of malware, with the ultimate goal of infecting Windows systems with hijackers and bootloaders. “This memory-only dropper decrypts and runs a PowerShell-based bootloader” – Mandiant, owned by Google said. “This PowerShell-based bootloader is tracked as PEAKLIGHT.” Some of the strains of malware that are distributed using this technique Lumma Stealer, Hijack bootloader (aka DOILoader, IDAT Loader or SHADOWLADDER), and CryptBotall of which are advertised under the malware-as-a-service (SaaS) model. The starting point of the attack chain…
The threat actors behind the recently observed Qilin ransomware attack stole credentials stored in Google Chrome browsers on a small set of compromised endpoints. The use of credential harvesting in connection with ransomware infections marks an unusual twist that could have cascading effects, cybersecurity firm Sophos said in a report on Thursday. The attack, discovered in July 2024, involved infiltrating the target network via compromised credentials for a VPN portal that lacked multi-factor authentication (MFA), with threat actors conducting post-exploitation activities 18 days after initial access. “Once the attacker reached the domain controller in question, he edited the default domain…
August 23, 2024Hacker newsThreat detection / security automation Let’s be honest. The world of cyber security feels like a constant war zone. You’re bombarded with threats, trying to keep up with patches and drowning in an endless stream of notifications. It’s exhausting, isn’t it? But what if there was a better way? Imagine having all of your critical cybersecurity tools at your fingertips, all within a single, intuitive platform backed by 24/7 expert support. This is the game-changing power of an All-in-One solution. Get ready for a no frills live demonstration. Join us for a webinar”Step by Step: How to…
Read the full article for highlights from Intruder VP of Product Andy Hornegold’s recent impact management talk. If you’d like to hear Andy’s first-hand account, watch the Intruder webinar on demand. To learn more about reducing the attack surfacecontact their team today. Attack Surface Management vs. Impact Management Attack surface management (ASM) is the ongoing process of detecting and identifying assets that attackers can see on the Internet, showing where security gaps exist, where they can be exploited to launch an attack, and where defenses are strong enough to repel an attack. If there is something on the Internet that…
August 23, 2024Ravi LakshmananCybercrime / Ransomware A 33-year-old citizen of Latvia, who lives in Moscow, Russia, has been charged in the United States with alleged data theft, extortion of victims and money laundering since August 2021. Denis Zolotarov (aka Sforza_cesarini) was charged with conspiracy to launder money, fraud and extortion under the Hobbs Act. He was arrested in Georgia in December 2023 and was extradited to the United States this month. “Zolatarov is a member of a known cybercriminal organization that attacks victims’ computer systems around the world,” the US Department of Justice said in a statement. said in a…
August 23, 2024Ravi LakshmananEndpoint Security / Data Privacy Cyber security researchers have discovered a new information stealer that is designed to attack Apple macOS hosts and collect a wide range of information, highlighting the increasing focus of threat actors on the operating system. The malware, called Cthulhu Stealer, has been available under a malware-as-a-service (MaaS) model for $500 per month since late 2023. It is capable of targeting both x86_64 and Arm architectures. “Cthulhu Stealer is an Apple disk image (DMG) that comes bundled with two architecture-specific binaries,” Cato Security researcher Tara Gould. said. “The malware is written in Golang…
August 22, 2024Ravi LakshmananVulnerability / Network Security SolarWinds has released patches to address a new security flaw in its Web Help Desk (WHD) software that could allow remote, unauthenticated users to gain unauthorized access to sensitive instances. “SolarWinds Web Help Desk (WHD) software is subject to a hard-encrypted credentials vulnerability that could allow (a) a remote, unauthenticated user to access internal functions and modify data,” the company said in a statement. said in a new guideline published today. Issue tracked as CVE-2024-28987has a CVSS rating of 9.1, indicating critical severity. Horizon3.ai security researcher Zach Hanley is credited with discovering and…
August 22, 2024Ravi LakshmananEquipment Security / Supply Chain Attack Cybersecurity researchers have discovered a hardware backdoor in a certain model of MIFARE Classic contactless cards that can allow authentication with an unknown key and unlock hotel rooms and office doors. The attacks were demonstrated against the FM11RF08S, a new MIFARE Classic variant released by Shanghai Fudan Microelectronics in 2020. “The FM11RF08S backdoor allows any entity that knows about it to compromise all user-defined keys on these cards, even if they are fully diversified, simply by gaining access to the card within minutes,” Quarkslab researcher Philip Thewen. said. Not only is…