Author: Admin
August 16, 2024Ravi LakshmananCloud Security / Application Security A large-scale ransomware campaign compromised various organizations by exploiting publicly available environment variable (.env) files containing credentials related to cloud and social networking applications. “Several security errors were made during this campaign, including the following: exposing environment variables, using long-lived credentials, and not having a least-privilege architecture,” Palo Alto Networks Division 42. said in a report on Thursday. The company is notable for installing its attack infrastructure in infected organizations’ Amazon Web Services (AWS) environments and using them as a launch pad to scan more than 230 million unique targets for sensitive…
August 16, 2024Ravi LakshmananDark Web / Data Leakage A 27-year-old Russian national has been sentenced to more than three years in prison for trading financial information, login credentials and other personally identifiable information (PII) on a defunct dark web marketplace called Slizpp. Giorgii Kauzharade, 27 years old, Moscow, Russia, pleaded guilty on one count of conspiracy to commit bank fraud and wire fraud in early February of this year. In addition to the 40-month prison term, Kaujarade is ordered to pay $1,233,521.47 in restitution. The defendant, who used the online aliases TeRorPP, Torqovec and PlutuSS, is alleged to have put…
SaaS applications have become indispensable for organizations seeking to improve productivity and streamline operations. However, the convenience and efficiency these applications offer come with inherent security risks, often leaving hidden gaps that can be exploited. Conducting thorough audits of SaaS applications is critical to identifying and mitigating these risks while ensuring yours is protected Source link
August 16, 2024Ravi LakshmananMalware / data theft Cyber security researchers have shed light on a sophisticated phishing campaign that impersonates legitimate brands to distribute malware such as DanaBot and StealC. Organized by Russian-speaking cybercriminals and codenamed Tusk, the cluster of activities is said to involve several sub-companies, using the platforms’ reputations to trick users into downloading malware using bogus websites and social media accounts. “All active subcompanies host the initial bootloader on Dropbox,” Kaspersky researchers Elsayed Elrefai and AbdulRman Alfaifi said. “This bootloader is responsible for delivering additional malware samples to the victim’s machine, which are mainly information stealers (DanaBot…
August 16, 2024Ravi LakshmananCyber attack / malware Chinese-speaking users are being targeted by a malware distribution campaign known as ValleyRAT. “ValleyRAT is a multi-stage malware that uses various techniques to monitor and control its victims and deploy arbitrary plugins to cause additional damage,” Fortinet FortiGuard Labs researchers Eduardo Altarez and Joey Salvio said. “Another noteworthy characteristic of this malware is its heavy use of shellcode to execute many components directly in memory, which significantly reduces its file footprint on the victim’s system.” Details about the promotion appeared for the first time in June 2024, when Zscaler ThreatLabz detailed attacks using…
August 16, 2024Ravi LakshmananMalware / Browser Security Cybersecurity researchers have discovered a new malware-stealing malware specifically designed for Apple’s macOS systems. Under the name Banshee Stealer, it is offered for sale in the cybercriminal underground for a hefty price of $3,000 per month and runs on both x86_64 and ARM64 architectures. “Banshee Stealer targets a wide range of browsers, cryptocurrency wallets and around 100 browser extensions, making it a very versatile and dangerous threat” – Elastic Security Labs said in a report on Thursday. Web browsers and crypto wallets targeted by the malware include Google Chrome, Mozilla Firefox, Brave, Microsoft…
August 16, 2024Ravi LakshmananMobile Security / Software Security A large percentage of proprietary Google Pixel devices shipped worldwide since September 2017 included broken software that could be used to orchestrate malicious attacks and spread various types of malware. The problem appears as a pre-installed Android app called “Showcase.apk” that has excessive system privileges, including the ability to remotely execute code and install arbitrary packages on the device, according to mobile security company iVerify. “The application downloads a configuration file over an unsecured connection and can be manipulated to execute system-level code,” it said. said in an analysis published jointly with…
August 15, 2024Ravi LakshmananEnterprise Security / Vulnerability SolarWinds has released patches to address a critical security vulnerability in its web help software that could be used to execute arbitrary code on sensitive instances. The flaw, tracked as CVE-2024-28986 (CVSS score: 9.8), was described as a deserialization bug. “SolarWinds Web Help Desk has been found to be vulnerable to a remote Java deserialization code execution vulnerability that, if exploited, would allow an attacker to execute commands on a host machine,” the company said in a statement. said in the consulting room. “Although this was reported as an unauthenticated vulnerability, SolarWinds was…
August 15, 2024Ravi LakshmananRansomware / Cybercrime A cybercriminal group linked to RansomHub ransomware has been spotted using a new tool designed to shut down endpoint detection and response (EDR) software on compromised hosts, joining other similar programs such as AuKill (aka AvNeutralizer) and Terminator. The EDR kill utility was named EDRKillShifter by cybersecurity firm Sophos, which discovered the tool in connection with a botched ransomware attack in May 2024. “The EDRKillShifter tool is a ‘bootloader’ executable – a delivery mechanism for a legitimate exploitable driver (also known as a ‘bring your own vulnerable driver’ or BEUDtool),” security researcher Andreas Klopsch…
August 15, 2024Ravi LakshmananCyber Attack / Social Engineering Russian and Belarusian non-profit organizations, Russian independent media and international NGOs operating in Eastern Europe have been targeted by two separate phishing campaigns organized by threat actors whose interests align with those of the Russian government. While one of the companies – named Fish River – was credited COLDRIVERby a controversial group linked to Russia’s Federal Security Service (FSB), a second series of attacks was recognized as the work of a previously undocumented threat cluster codenamed COLDWASTREL. According to a joint investigation by Access Now and Citizen Lab, the campaigns also targeted…