Author: Admin
A prolific Chinese nation-state actor known as APT41 (aka Brass Typhoon, Earth Baku, Wicked Panda or Winnti) has been attributed to a sophisticated cyber attack targeting the gambling industry. “For at least six months, the attackers secretly collected valuable information from the target company, including but not limited to network configurations, user passwords and LSASS process secrets,” said Ida Naor, the company’s co-founder and CEO. Israeli cyber security company Security Joes said in a statement general from The Hacker News. “During the intrusion, the attackers continuously updated their toolset based on the security team’s response. As defenders watched, they changed…
October 21, 2024Ravi LakshmananEncryption / Data Protection Cybersecurity researchers have discovered serious cryptographic issues in various end-to-end encryption (E2EE) cloud storage platforms that could be used to leak sensitive data. “Vulnerabilities vary in severity: in many cases, a malicious server can inject files, forge file data, and even gain direct access to plaintext,” ETH Zurich researchers Jonas Hofmann and Kien Tuong Truong said. “Notably, many of our attacks affect multiple providers in the same way, revealing common patterns of failure in independent cryptographic projects.” The identified vulnerabilities are the result of an analysis of five major vendors such as Sync,…
October 20, 2024Ravi LakshmananVulnerability / Email Security Unknown threat actors have been observed attempting to exploit a patched security flaw in the open-source Roundcube webmail software as part of a phishing attack designed to steal user credentials. Russian cyber security company Positive Technologies said it discovered last month that the email was sent to an unidentified government organization located in a Commonwealth of Independent States (CIS) country. However, it should be noted that the message was originally sent in June 2024. “The email appeared to be a plain text message containing only an attached document,” the report said said in…
In today’s enterprise, data security is often discussed using a complex vocabulary of acronyms – DLP, DDR, DSPM and many others. While these acronyms stand for important frameworks, architectures, and tools for protecting sensitive information, they can also be confusing to those trying to put together an effective security strategy. This article aims to demystify some of the most important acronyms in data security today and offer practical guidance to help businesses navigate data security and confidently protect their most valuable assets. What ensures data security? In today’s ever-evolving digital landscape, data security has become a top priority for businesses…
October 19, 2024Ravi LakshmananNetwork Security / Data Leakage A nascent threat actor is known as Crypt Ghouls was linked to a series of cyberattacks targeting Russian businesses and government agencies using ransomware with the dual purpose of disrupting business operations and financial gain. “The group in question has a set of tools that includes utilities such as Mimikatz, XenAllPasswordPro, PingCastle, Localtonet, resocks, AnyDesk, PsExec and others,” Kaspersky said. said. “The group used the well-known LockBit 3.0 and Babuk ransomware as their final payload.” Victims of malicious attacks were state institutions, as well as mining, energy, financial and retail companies located…
October 18, 2024Ravi LakshmananInsider Threat / Cyber Espionage North Korean information technology (IT) workers working for Western companies under false identities are not only stealing intellectual property, but demanding ransoms to keep it from leaking, marking a new twist in their financially motivated attacks. “In some cases, fraudulent workers demanded ransom from their former employers after gaining access to insider information, a tactic not seen in previous schemes,” Secureworks Threat Unit (CTU) said in an analysis published this week. “In one case, a contractor stole proprietary data almost immediately after work began in mid-2024.” The activity, the cybersecurity firm added,…
October 18, 2024Ravi LakshmananCyber Intelligence / Critical Infrastructure Cyber security and intelligence agencies in Australia, Canada and the US have warned of a year-long campaign by Iranian cyber actors to infiltrate organizations’ critical infrastructure through brute force attacks. “Since October 2023, Iranian actors have used brute force and password cracking to compromise user accounts and gain access to health and public health (HPH), government, information technology, engineering, and energy organizations,” the agencies noted. said in joint consultation. The attacks targeted healthcare, government, information technology, engineering and energy, according to the Australian Federal Police (AFP), the Australian Cyber Security Center (ACSC)…
October 18, 2024Hacker newsWebinar / Data protection Think of your company’s data as a huge, complex puzzle scattered across clouds, devices and networks. Some parts are hidden, some are irrelevant, and others may even be missing altogether. Keeping your data secure in today’s fast-paced landscape can seem like an impossible task. But there is a game-changing solution: Data Security Posture Management (DSPM). Think of it as a high-tech, high-powered lens that reveals your entire data puzzle, helping you find every piece, fix weak points, and protect everything with confidence. Join our webinar “Building a successful data security posture management program”…
October 18, 2024Ravi LakshmananThreat Intelligence / Phishing Attack Threat actors use fake Google Meet web pages as part of an ongoing malware campaign called Click Fix to deliver information theft targeting Windows and macOS systems. “This tactic involves displaying fake error messages in web browsers to trick users into copying and executing specified malicious PowerShell code, eventually infecting their systems,” French cybersecurity firm Sekoia said. said in a report shared with The Hacker News. There were variants of the company ClickFix (aka ClearFake and OneDrive Pastejacking). reported widely Art the last monthswhere threat actors use a variety of lures to…
October 18, 2024Ravi LakshmananThreat Intelligence / Browser Security Microsoft has revealed details about a patched security flaw in Apple’s Transparency, Consent, and Control (TCC) in macOS that was likely used to bypass privacy settings and access user data. The flaw, which the tech giant has codenamed HM Surf, is tracked as CVE-2024-44133. It was addressed by Apple as part of macOS Sequoia 15 by removing the vulnerable code. HM Surf “involves removing TCC protection for the Safari browser directory and modifying a configuration file in said directory to access user data, including pages viewed, device camera, microphone, and location, without…