Author: Admin
August 15, 2024Hacker newsIdentity Security / Threat Detection The emergence of threat detection identification and response Identity Threat Detection and Response (ITDR) has become a critical component to effectively detect and respond to identity-based attacks. Threat actors have demonstrated their ability to compromise identity infrastructure and move into IaaS, Saas, PaaS and CI/CD environments. Threat identification and response solutions help organizations better detect suspicious or malicious activity in their environment. ITDR solutions empower security teams to help teams answer the question “What is happening in my environment right now – what are my individuals doing in my environment.” Human and…
August 15, 2024Ravi LakshmananCyber espionage / data theft A previously unknown threat actor was attributed to a series of attacks on Azerbaijan and Israel to steal sensitive data. The attack campaign, discovered by NSFOCUS on July 1, 2024, used phishing emails to target Azerbaijani and Israeli diplomats. Activity is tracked under a pseudonym Actor 240524. “Actor240524 has the ability to steal secrets and modify file data using various countermeasures to avoid over-disclosure of attack tactics and methods,” the cybersecurity company said. said in an analysis published last week. Attack chains begin by using phishing emails containing Microsoft Word documents that,…
August 15, 2024Ravi LakshmananCloud Security / DevOps Duplicated newly discovered attack vector in GitHub Actions artifacts ArtiPACKED can be used to capture storage and gain access to organizations’ cloud environments. “A combination of misconfigurations and security flaws can lead to token artifacts leaking from both third-party cloud services and GitHub tokens, making them available for use by anyone with read access to the repository,” Yaran Avital, Division 42 Researcher at Palo Alto Networks . said in a report released this week. “This allows attackers with access to these artifacts to potentially compromise the services these secrets provide access to.” The…
August 15, 2024Ravi LakshmananNetwork Security / Cybercrime Cyber security researchers have discovered a new variant Gaffit botnet targeting machines with weak SSH passwords for ultimate cryptocurrency mining on compromised instances using GPU processing power. This suggests that “the IoT botnet is targeting more reliable servers running in native cloud environments,” said Aqua Security researcher Assaf Morag said in the analysis on Wednesday. Gafgit (aka BASHLIT, Lizkebab, and Torlus), known as active in the wild since 2014, has a history exploiting weak or standard credentials to gain control over devices such as routers, cameras, and digital video recorders (DVRs). It is…
August 14, 2024Ravi LakshmananMalware / Network Security An an ongoing campaign of social engineering with alleged ties to the Black Basta ransomware group, has been linked to “several attempted intrusions” to steal credentials and deploy malware called SystemBC. “The initial bait used by threat actors remains the same: an email bomb followed by an attempt to call affected users and offer a fake solution,” Rapid7. saidadding that “external calls were typically made to affected users through Microsoft Teams.” The attack chain then convinces the user to download and install a legitimate remote access software called AnyDesk, which acts as a…
August 14, 2024Hacker newsPassword Security / Cyber Security Simply relying on traditional password security measures is no longer enough. When it comes to protecting your organization from credential-based attacks, it’s critical to lock down the basics first. Keeping your Active Directory secure is like making sure your front door is locked before investing in a high-end alarm system. Once the basics are covered, look at how to integrate external attack surface management (EASM) can significantly increase the security of your password, offering robust protection against potential cyber threats and hacks. First, secure your Active Directory IT administrators must not only…
A coalition of law enforcement agencies coordinated by the UK’s National Crime Agency (NCA) has led to the arrest and extradition of a Belarusian and a Ukrainian dual national believed to be linked to Russian-speaking cybercriminal groups. 38-year-old Maksim Silnikov (aka Maksim Silnikov) went by the pseudonyms JP Morgan, xxx and lansky on the Internet. He was extradited to the United States from Poland on August 9, 2024 to face charges related to international computer hacking and fraud schemes. “J. Mr Morgan and his associates are elite cybercriminals who practice extreme operational and online security to avoid detection by law…
August 14, 2024Ravi LakshmananThreat Intelligence / Cyber Attack The China-backed threat actor is known as Baku land has diversified its target footprint beyond the Indo-Pacific to include Europe, the Middle East and Africa from late 2022. New countries targeted by the operation include Italy, Germany, the UAE and Qatar, with suspected attacks also detected in Georgia and Romania. Governments, media and communications, telecommunications, technology, healthcare and education are some of the sectors singled out as part of a suite of intrusions. “The group has updated its tools, tactics and procedures (TTP) in recent campaigns by using public applications such as…
August 14, 2024Ravi LakshmananVulnerability / Network Security Ivanti has released security updates for a critical flaw in Virtual Traffic Manager (vTM) that can be used to bypass authentication and create fake administrative users. The vulnerability, tracked as CVE-2024-7593, has a CVSS score of 9.8 out of a maximum of 10.0. “An incorrect implementation of the authentication algorithm in Ivanti vTM, other than versions 22.2R1 or 22.7R2, allows a remote, unauthenticated attacker to bypass admin panel authentication,” the company said in a statement. said in the consulting room. This affects the following versions of vTM − 22.2 (fixed in version 22.2R1)…
Monitoring changing DDoS trends is essential for anticipating threats and adapting defensive strategies. The full Gcore Radar report for the first half of 2024 provides detailed information on DDoS attack data, showing changes in attack patterns and the broader cyber threat landscape. Here we share a selection of findings from the full report. Key conclusions The number of DDoS attacks in the first half of 2024 increased by 46% compared to the same period last year and reached 445 thousand in the second quarter of 2024. Compared to data for the previous six months (3-4 quarters of 2023), it increased…