Author: Admin
November 13, 2024Ravi LakshmananCyber espionage / malware An Iranian threat actor known as TA455 has been spotted taking a leaf out of a North Korean hacking group’s playbook to set up its own version “Dream Job” company. targeting the aerospace industry, offering fake jobs from at least September 2023. “The company distributed the SnailResin malware, which activates the SlugResin backdoor,” Israeli cybersecurity firm ClearSky said. said in Tuesday’s analysis. TA455, also tracked by Mandiant as, owned by Google UNC1549 and Yellow Dev 13, rated as a subcluster within APT35which is known as CALANQUE, Charming Kitten, CharmingCypress, ITG18, Mint Sandstorm (formerly…
November 13, 2024Ravi LakshmananVulnerability / Patch Tuesday Microsoft revealed on Tuesday that two security flaws affect Windows NT LAN Manager (NTLM) and Task Scheduler are heavily exploited in the wild. Among the security vulnerabilities 90 security errors the tech giant addressed this as part of its November 2024 Patch Tuesday update. Of the 90 flaws, four were rated Critical, 85 were rated Important, and one was rated Moderate. Fifty-two of the patched vulnerabilities are remote code execution flaws. Corrections in addition to 31 vulnerability Microsoft fixed the issue in its Chromium-based Edge browser after releasing the October 2024 Patch Tuesday…
November 12, 2024Ravi LakshmananEmail Security / Threat Intelligence Cybersecurity researchers are turning their attention to a sophisticated new tool called GoIssue that can be used to send large-scale phishing emails targeting GitHub users. A program first marketed by a threat actor named Cyberdluffy (aka Cyber D’ Luffy) on Runion Forum earlier this August touted as a tool that allows criminals to extract email addresses from public GitHub profiles and send mass emails directly to users’ mailboxes. “Whether you’re looking to reach a specific audience or expand your reach, GoIssue offers the precision and power you need,” the threat actor claimed…
November 12, 2024Ravi LakshmananVirtualization / Vulnerability Cybersecurity researchers have discovered new security flaws affecting Citrix virtual applications and desktops that could be exploited for unauthenticated remote code execution (RCE). Release, according to the findings of observation towerrooted in Art Session recording a component that allows system administrators to capture user activity and record keyboard and mouse input along with a desktop video stream for auditing, compliance, and troubleshooting. Specifically, the vulnerability exploits “a combination of carelessly exposed MSMQ an instance with misconfigured permissions that uses BinaryFormatter can be accessed from any host over HTTP to perform RCE without authentication,” said…
November 12, 2024Ravi LakshmananMalware / Application Security Threat actors associated with the Democratic People’s Republic of Korea (DPRK, aka North Korea) were found to be embedding malware into Flutter apps, marking the first time an adversary has adopted this tactic to infect Apple macOS devices. Jamf Threat Labs, which made the discovery based on artifacts uploaded to the VirusTotal platform earlier this month, said the apps created by Flutter are part of a broader operation that includes malware written in Golang and Python. It is currently unknown how these samples are being distributed to victims, whether they have been used…
Behavioral analytics, long associated with threat detection (such as UEBA or UBA), are experiencing a renaissance. Once primarily used to detect suspicious activity, it is now being used reimagined as a powerful technology after discovery which improves incident response processes. By leveraging behavioral information during alert triage and investigations, SOCs can transform their workflows to become more accurate, efficient and effective. Fortunately, many new cyber security products like AI SOC Analysts are able to incorporate these techniques into their investigative capabilities, enabling the SOC to use them in their response processes. This post will provide a brief overview of behavior…
Criminals are using the FBI’s emergency data requests I’ve been writing about the problem with legitimate access backdoors in encryption for decades: Once you create a mechanism for law enforcement to bypass encryption, the bad guys will use it too. It turns out the same it is true for non-technical backdoors: The advisory says cybercriminals have successfully disguised themselves as law enforcement by using hacked police accounts to send emails to companies requesting user data. In some cases, the requests made false threats, such as claims of human trafficking and, in one case, that an individual would be “severely injured…
November 11, 2024Ravi LakshmananMalware poisoning / SEO In an unusually specific campaign, users looking for information about the legality of Bengal cats in Australia are being targeted GootLoader malware. “In this case, we found that GootLoader actors are using search results to obtain information about a specific cat and a specific geography used to deliver the payload: ‘Are Bengal cats legal in Australia?'” Sophos researchers Trang Tang, Hikaru Koike, Asha Castle and Sean Gallagher said in a report released last week. GootLoaderas the name suggests, is a malware downloader that is usually distributed using search engine optimization (SEO) poisoning tactics…
Cybersecurity researchers have identified a new ransomware family called Ymir that was deployed in an attack two days after systems were compromised by a malware called RustyStealer. “Ymir ransomware presents a unique combination of technical features and tactics that increase its effectiveness,” Russian cybersecurity vendor Kaspersky said. “Threat actors used an unconventional combination of memory management functions – malloc, memmove and memcmp – to execute malicious code directly in memory. This approach deviates from the typical sequential execution seen in widespread types of ransomware, improving its stealth capabilities.” Kaspersky said it discovered the ransomware used in a cyberattack targeting an…
November 11, 2024Ravi LakshmananVulnerability / Risk Reduction Hewlett Packard Enterprise (HPE) has released security updates to address multiple vulnerabilities affecting Aruba Networking Access Point products, including two critical bugs that could lead to unauthenticated command execution. The vulnerabilities affect access points running Instant AOS-8 and AOS-10 – AOS-10.4.xx: 10.4.1.4 and below Instant AOS-8.12.xx: 8.12.0.2 and below Instant AOS-8.10.xx: 8.10.0.13 and below The most serious of the six recently patched vulnerabilities are CVE-2024-42509 (CVSS score: 9.8) and CVE-2024-47460 (CVSS score: 9.0), two critical flaws in the unauthenticated command injection into the service CLI, which can lead to arbitrary code execution. “Command…