Author: Admin
Shadow apps, a segment of Shadow IT, are SaaS apps purchased without the knowledge of the security team. Although these programs may be legitimate, they operate in the blind spots of the corporate security team and expose the company to attackers. Shadow programs can include instances of software that the company already uses. For example, a development team can create their own GitHub instance to keep their work separate from other developers. They can justify the purchase by pointing out that GitHub is an approved add-on because it is already being used by other teams. However, because the new instance…
September 10, 2024Ravi LakshmananCyber attack / malware The threat actor is tracked as Mustang Panda refined its malware arsenal to include new tools to facilitate data theft and deployment of next-stage payloads, according to new findings from Trend Micro. A cyber security firm that tracks a cluster of activity called Earth Preta said it observed “the distribution of PUBLOAD via a variant of the HIUPAN worm.” PUBLOAD is a known bootloader malware associated with Mustang Panda since early 2022, deployed as part of cyberattacks targeting government organizations in the Asia Pacific (APAC) region to deliver PlugX malware. “PUBLOAD was also…
September 9, 2024Ravi LakshmananVulnerability / hardware security A new side-channel attack has been found to use radio signals emanating from a device’s random access memory (RAM) as a data-stealing mechanism, posing a threat to air-gapped networks. The equipment received a code name RAMBO Dr. Mordechai Guri, Head of the Offensive Cyber Research Laboratory, Department of Software Engineering and Information Systems, Ben-Gurion University of the Negev in Israel. “Using radio signals generated by the software, malware can encode sensitive information such as files, images, keylogs, biometric information and encryption keys,” said Dr. Guri. said in a recently published research paper. “Using…
September 9, 2024Ravi LakshmananCyber espionage / malware The China-linked Advanced Persistent Threat Group (APT), known as Mustang Panda was seen using Visual Studio Code software as a weapon in espionage operations targeting government entities in Southeast Asia. “This threat actor used the built-in reverse shell functionality of Visual Studio Code to gain a foothold in the target networks,” said Tom Factorman, a researcher at Division 42 of Palo Alto Networks. said in the report, describing it as a “relatively new technique” that was demonstrated for the first time in September 2023 by Truvis Thornton. The company is valued as a…
September 9, 2024Ravi LakshmananFinancial Security / Malware Colombia’s insurance sector has become the target of a threat that is being tracked Blind eagle with the ultimate goal of delivering a customized version of a known commercial remote access trojan (RAT) known as the Quasar RAT from June 2024. “The attacks came from phishing emails impersonating the Colombian tax authority,” Gaetano Pellegrino, researcher at Zscaler ThreatLabz said in a new analysis published last week. Also Advanced Persistent Threat (APT). of course as AguilaCiega, APT-C-36 and APT-Q-98, has a track record of targeting organizations and individuals in South America, particularly related to…
September 9, 2024Hacker newsData protection / threat detection The proliferation of cyber security tools has created the illusion of security. Organizations often believe that by deploying firewalls, anti-virus software, intrusion detection systems, identity threat detection and responseand other tools, they are properly protected. However, this approach not only does not solve the main problem of the attack surface, but also creates a dangerous risk for third parties. The world of cybersecurity is constantly changing, and cybercriminals are becoming more sophisticated in their tactics. In response, organizations are investing heavily in cybersecurity tools, hoping to build an impregnable fortress around their…
September 9, 2024Hacker newsData Security / GenAI Security With increased productivity and innovative capabilities, GenAI has become the desktop betting tool for employees. Developers use it to write code, finance teams use it to analyze reports, and sales teams use it to create customer emails and assets. However, it is these capabilities that pose serious security risks. Register for our upcoming webinar to learn how to prevent GenAI data leaks When employees enter data into GenAI tools like ChatGPT, they often don’t distinguish between sensitive and non-sensitive data. Research on LayerX shows that one in three employees who use GenAI…
September 9, 2024Ravi LakshmananVulnerability / Enterprise Security Progress Software has released security updates for a maximum severity flaw in the LoadMaster and Multi-Tenant (MT) hypervisors that could lead to the execution of arbitrary operating system commands. Tracked as CVE-2024-7591 (CVSS score: 10.0), the vulnerability was described as a typo validation error that leads to the execution of an OS command. “Unauthenticated remote attackers with access to the LoadMaster management interface could issue a carefully crafted http request that would allow the execution of arbitrary system commands,” the company said in a statement. said in a consultation last week. “This vulnerability…
September 9, 2024Hacker newsSaaS Security / Risk Management Designed to be more than a one-time assessment – Wing Security SaaS Pulse provides organizations with actionable insights and continuous oversight of SaaS security health—and it’s free! Introducing SaaS Pulse: Free continuous SaaS risk management Just like waiting until a medical problem becomes critical before seeing a doctor, organizations cannot afford to ignore the ever-evolving risks in their SaaS ecosystems. New SaaS programs, changing permissions and new threats mean risks are always in motion. SaaS Pulse makes it easy to view SaaS risk management as an ongoing practice rather than an occasional…
September 9, 2024Ravi LakshmananMobile Security / Cryptocurrency Android device users in South Korea have been targeted by a new mobile malware campaign that introduces a new type of threat called SpyAgent. The malware “targets mnemonic keys by scanning images on your device that may contain them,” said McAfee Labs researcher SangRyol Ryu said in the analysis, the addition of the target footprint expanded the scope to include the UK The company uses fake Android apps that masquerade as seemingly legitimate banking, government, streaming apps, and utilities to trick users into installing them. Since the beginning of the year, 280 fake…