Author: Admin
October 13, 2024Ravi Lakshmanan The Iranian threat actor known as Oil rig A patched privilege escalation flaw affecting the Windows kernel was seen being used in a cyber espionage campaign targeting the UAE and the wider Gulf region. “The group uses sophisticated tactics that include deploying a backdoor that uses Microsoft Exchange servers to steal credentials and exploiting vulnerabilities such as CVE-2024-30088 for elevation of privilege,” Trend Micro researchers Mohamed Fahmi, Bahaa Yamani, Ahmed Kamal and Nick Dye said in an analysis published on Friday. A cyber security company tracks down a pseudonymous threat actor The land of Simnavazwhich is…
October 12, 2024Ravi LakshmananCryptocurrency / Cybercrime The US Department of Justice (DoJ) has announced the arrests and indictments of several individuals and entities in connection with the alleged manipulation of digital asset markets as part of a widespread fraud operation. The action of law enforcement officers is a code name Operation Token Mirrors – is the result of the US Federal Bureau of Investigation (FBI) taking the “unprecedented step” of creating its own cryptocurrency token and company called NexFundAI. According to information on the website, NexFundAI was touted as redefining “the intersection between finance and artificial intelligence” and that its…
A new tax-themed malware campaign targeting the insurance and financial sectors has been spotted using GitHub links in phishing emails as a way to bypass security measures and deliver the Remcos RAT, suggesting that this method is gaining popularity among threat actors. “This campaign used legitimate repositories such as open tax filing software, UsTaxes, HMRC and InlandRevenue, instead of unknown, low-star repositories,” said Cofense researcher Jacob Malimban. said. “The use of trusted repositories to deliver malware is relatively new compared to threat actors creating their own GitHub malware repositories. These malicious GitHub links can be linked to any repository that…
Threat actors are constantly changing tactics to bypass cybersecurity measures, developing innovative methods to steal user credentials. Hybrid password attacks combine multiple cracking techniques to increase their effectiveness. These combined approaches take advantage of the strengths of different methods, speeding up the process of cracking passwords. In this post, we’ll explore hybrid attacks—what they are and the most common types. We’ll also discuss how your organization can protect itself against them. A mixed approach of hybrid attacks Threat actors are always looking for better, more successful ways to crack passwords – and hybrid attacks allow them to combine two different…
October 11, 2024Ravi LakshmananVulnerability / Network Security The US Cybersecurity and Infrastructure Security Agency (CISA) warns that threat actors have been observed using unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager (LTM) module to conduct intelligence on target networks. It says that the module is used to list other devices on the network that do not have access to the Internet. The agency, however, does not reveal who is behind this activity and what the ultimate goals of the campaign are. “An attacker could use information collected from unencrypted cookies to infer or identify additional network resources…
October 11, 2024Ravi LakshmananDevOps / Vulnerability GitLab has released security updates for Community Edition (CE) and Enterprise Edition (EE) to address eight security vulnerabilities, including a critical bug that could allow continuous integration and continuous delivery (CI/CD) pipelines to run on arbitrary branches. Tracked as CVE-2024-9164, the vulnerability has a CVSS score of 9.6 out of 10. “An issue has been discovered in GitLab EE that affects all versions from 12.5 to 17.2.9, from 17.3 to 17.3.5, and from 17.4 to 17.4.2, which allows pipelines to run on arbitrary branches,” – GitLab said in the consulting room. Of the remaining…
October 11, 2024Ravi LakshmananCybercrime / Dark Web Police in the Netherlands have announced the takedown of Bohemia and Cannabia, which has been described as the world’s largest and longest-running dark web marketplace for illegal goods, drugs and cybercriminal services. The liquidation was the result of a joint investigation with Ireland, Great Britain and the United States that began in late 2022, Politie reported. The market ceased operations at the end of 2023 following reports of service outages and exit fraud after one of the developers was allegedly duped into what was characterized by one of the administrators as a “shameful…
October 10, 2024Ravi LakshmananCybercrime / Misinformation OpenAI said on Wednesday that since the beginning of the year, it has disrupted more than 20 operations and fraud networks around the world that tried to use its platform for malicious purposes. These activities included debugging malware, writing articles for websites, creating bios for social media accounts, and creating AI-generated profile images for fake X accounts. “Threat actors continue to evolve and experiment with our models, but we have seen no evidence that this has led to significant breakthroughs in their ability to create significantly new malware or build viral audiences,” the artificial…
October 10, 2024Ravi LakshmananVulnerability / Enterprise Security Cybersecurity security researchers have warned of an unpatched vulnerability in Nice Linear eMerge E3 access controller systems that could allow the execution of arbitrary operating system (OS) commands. The vulnerability has been assigned a CVE ID CVE-2024-9441has a CVSS score of 9.8 out of a maximum of 10.0, according to VulnCheck. “Vulnerability in the Nortek Linear eMerge E3 allows remote, unauthenticated attackers to cause the device to execute an arbitrary command,” SSD disclosed. said a flaw advisory issued late last month says the vendor has yet to provide a fix or workaround. The…
The current SOC model relies on a scarce resource: human analysts. These professionals are expensive, in high demand, and increasingly difficult to retain. Their work is not only very technical and high-risk, but also soul-crushingly repetitive, dealing with a constant stream of alerts and incidents. As a result, SOC analysts often leave in search of better pay, opportunities to move outside of the SOC into more rewarding roles, or simply to take much-needed breaks. This high attrition rate puts the SOC in a vulnerable position, jeopardizing the overall effectiveness of cybersecurity operations. In order to keep your team resilient and…