Author: Admin
The current SOC model relies on a scarce resource: human analysts. These professionals are expensive, in high demand, and increasingly difficult to retain. Their work is not only very technical and high-risk, but also soul-crushingly repetitive, dealing with a constant stream of alerts and incidents. As a result, SOC analysts often leave in search of better pay, opportunities to move outside of the SOC into more rewarding roles, or simply to take much-needed breaks. This high attrition rate puts the SOC in a vulnerable position, jeopardizing the overall effectiveness of cybersecurity operations. In order to keep your team resilient and…
October 10, 2024Ravi LakshmananCybercrime / Malware Cybersecurity researchers have shed light on a new digital skimmer campaign that uses Unicode obfuscation techniques to hide a skimmer called the Mongolian Skimmer. “At first glance, what caught my eye was the obfuscation of the script, which seemed a bit odd because of all the accented characters,” Jscrambler researchers said in the analysis. “The heavy use of Unicode characters, many of them invisible, makes the code very difficult for humans to read.” The script, at its core, was set to leverage JavaScript enabled use any Unicode character in the identifier to hide the…
October 10, 2024Ravi LakshmananVulnerability / Network Security The US Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added critical security flaw affecting Fortinet products prior to their known vulnerabilities (KEV) catalog with reference to evidence of active operation. Vulnerability, tracked as CVE-2024-23113 (CVSS Score: 9.8), refers to cases of remote code execution affecting FortiOS, FortiPAM, FortiProxy, and FortiWeb. “Exploitation of an externally controlled format string vulnerability (CWE-134) in the FortiOS fgfmd daemon could allow a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests,” Fortinet. noted in a deficiency advisory as early as February 2024. As…
October 10, 2024Ravi LakshmananBrowser Vulnerability / Security Mozilla has discovered that a critical security flaw affecting Firefox and Firefox Extended Support Release (ESR) is being actively exploited in the wild. The vulnerability, tracked as CVE-2024-9680, was described as a use-after-free bug in the animation timeline component. “An attacker was able to cause code execution in the content process by exploiting ‘use-after-free’ in animation timelines”, Mozilla said in consultation on Wednesday. “We have had reports of this vulnerability being exploited in the wild.” Security researcher Damien Schaeffer of Slovakian company ESET is credited with discovering and reporting the vulnerability. The issue…
October 9, 2024Ravi LakshmananCybercrime / Threat Detection Google on Wednesday announced a new partnership with the Global Anti-Scam Alliance (COMPETITION) and the DNS Research Federation (DNS of the Russian Federation) to fight online fraud. The initiative, codenamed Global Signal Exchange (GSE), is designed to generate real-time insights into fraud, fraud and other forms of cybercrime by combining threat signals from multiple data sources to create greater visibility into cybercriminals. “By joining forces and creating a centralized platform, the GSE aims to improve the sharing of abuse alerts, enabling faster identification and stopping of fraudulent activities across sectors, platforms and services,”…
October 9, 2024Ravi LakshmananIndustrial Security / Critical Infrastructure Details have emerged of multiple security vulnerabilities in two implementations of the Production Notification Specification (MMS) a protocol that, if successfully used, can have serious consequences in an industrial setting. “These vulnerabilities could allow an attacker to disable an industrial device or, in some cases, allow remote code execution,” Claroty researchers Mashaev Sapir and Vera Mens said in a new analysis. MMS is OSI application layer messaging protocol which provides remote control and monitoring of industrial devices by exchanging dispatch control information in an application-independent manner. In particular, it allows communication between…
October 9, 2024Ravi LakshmananPhishing attack / malware Attackers linked to North Korea have been seen targeting job seekers in the tech industry to deliver updated versions of popular malware families tracked as BeaverTail and InvisibleFerret. The cluster of activity tracked as CL-STA-0240 is part of a duplicate campaign Contagious interview that Palo Alto Networks Unit 42 disclosed for the first time in November 2023. “The threat actor behind CL-STA-0240 is contacting software developers through job search platforms, posing as potential employers,” – Unit 42 said in a new report. “The attackers invite the victim to participate in an online interview…
October 9, 2024Hacker newsSaaS Security / Identity Security Social media accounts help shape a brand’s identity and reputation. These public forums interact directly with customers as they are a hub for communication, sharing content and answering questions. However, despite the high role of these accounts, many organizations do not pay attention to the security of social media accounts. Many lack safeguards to prevent unauthorized access, a situation that no organization wants, as it can quickly lead to reputational damage and financial loss. With such high exposure, the need to have a deep understanding of social media risks, as well as…
October 9, 2024Ravi LakshmananVulnerability / Zero-Day Microsoft released security updates to fix everything 118 vulnerabilities through its software portfolio, two of which are actively used in the wild. Of the 118 deficiencies, three are rated critical, 113 are important, and two are of moderate severity. The Patch Tuesday update does not include 25 additional disadvantages which the tech giant has been considering in its Chromium-based Edge browser for the past month. Five vulnerabilities are listed as public knowledge at the time of release, with two of them being actively exploited as zero-day – CVE-2024-43572 (CVSS Score: 7.8) – Microsoft Management…
October 9, 2024Ravi LakshmananEnterprise Security / Identity Theft Microsoft is a warning cyberattack campaigns that abuse legitimate file hosting services such as SharePoint, OneDrive, and Dropbox, which are widely used in enterprise environments as a defense evasion tactic. The companies’ end goals are wide and varied, allowing threat actors to compromise identities and devices and compromise business email (BEC) attacks that ultimately lead to financial fraud, data theft, and lateral movement to other endpoints. Veanization of legitimate Internet services (LIS) is an increasingly popular risk vector adopted by adversaries to connect to legitimate network traffic in ways that often bypass…