Author: Admin
October 17, 2024Ravi LakshmananThreat Intelligence / Malware The Russian threat known as RomCom has been linked to a new wave of cyberattacks targeting Ukrainian government agencies and unidentified Polish organizations since at least late 2023. Intrusions are characterized by the use of a variety of Art RAT RomCom called SingleCamper (aka SnipBot or RomCom 5.0), reported Cisco Talos, which monitors a cluster of activity under the alias UAT-5647. “This version loads directly from the registry into memory and uses a loopback address to communicate with its loader,” security researchers Dmitry Karzhevin, Ashir Malhotra, Vanya Sveitzer, and Vitor Ventura noted. Also…
October 17, 2024Ravi LakshmananRansomware / Network Security Cybersecurity researchers have gathered more information about a nascent ransomware-as-a-service (RaaS) called Cicada3301 after successfully gaining access to the group’s affiliate panel on the dark web. Singapore-headquartered Group-IB said it contacted the threat actor behind the persona Cicada3301 on the RAMP cybercrime forum via the Tox messaging service after the latter posted an ad calling for new partners in its affiliate program. “The Cicada3301 ransomware group’s affiliate panel dashboard had sections like Control Panel, News, Campaigns, Chat Campaigns, Chat Support, Account, FAQ section questions and “Exit” – researchers Mikalai Kichatov and Sharmin Lowe.…
An Advanced Persistent Threat Entity (APT), believed to have links to India, has carried out a flurry of attacks against prominent organizations and strategic infrastructure in the Middle East and Africa. The activity was assigned to a group tracked as SideWinderwhich is also known as APT-C-17, Baby Elephant, Hardcore Nationalist, Leafperforator, Rattlesnake, Razor Tiger and T-APT-04. “The group may be perceived as a low-level actor due to the use of public exploits, malware and LNK scripts as infection vectors, as well as the use of public RATs, but their true capabilities only become apparent when you closely examine the details…
As technology implementation has become employee-led, on-time, from any location and device, IT and security departments have found themselves competing with an ever-expanding SaaS attack surface, much of which is often unknown or unmanaged. This greatly increases the risk of identity-based threats, and according to a recent CrowdStrike report, 80% of breaches today use compromised credentials, including cloud and SaaS credentials. Given this reality, IT security managers need practical and effective SaaS security solutions designed to identify and manage their expanding SaaS footprint. Here are 5 key ways Nudge Security can help. Close the visibility gap Knowledge of the full…
Federal prosecutors in the US have charged two Sudanese brothers with running a distributed denial-of-service (DDoS) botnet for hire that carried out a record 35,000 DDoS attacks in one year, including those that focused on Microsoft services in June 2023. Attacks facilitated by Anonymous Sudan’s “powerful DDoS tool” have targeted critical infrastructure, corporate networks and government agencies in the United States and around the world, the US Department of Justice (DoJ) said. Ahmed Salah Yusuf Omer, 22, and Alaa Salah Yusuf Omer, 27, were charged with conspiracy to damage protected computers. Ahmed Salah is also charged with three counts of…
October 17, 2024Ravi LakshmananVulnerability / Kubernetes A critical security flaw has been discovered in Kubernetes Image Builder that, if successfully exploited, could be used to gain root access under certain circumstances. Vulnerability, tracked as CVE-2024-9486 (CVSS score: 9.8), considered in version 0.1.38. The project maintainers thanked Mykola Rybnikar for discovering and reporting the vulnerability. “A security issue has been identified in Kubernetes Image Builder where default credentials are enabled during the image build process,” Joel Smith of Red Hat said in the notice. “Additionally, virtual machine images created using the Proxmox provider do not disable these default credentials, and nodes…
October 16, 2024Ravi LakshmananEndpoint Security / Malware Threat actors are attempting to abuse the open source EDRSilencer tool in an effort to spoof Endpoint Detection and Response (EDR) solutions and conceal malicious activity. Trend Micro said it discovered that “threat actors are attempting to integrate EDRSilencer into their attacks by repurposing it as a means of evading detection.” EDRS silencerinspired NightHawk FireBlock the tool from MDSec is designed to block the outbound traffic of running EDR processes using the Windows Filtering Framework (MPP). It supports termination of various processes related to EDR products from Microsoft, Elastic, Trellix, Qualys, SentinelOne, Cybereason,…
October 16, 2024Ravi LakshmananData privacy / no password The FIDO Alliance said it is working to create one access keys and other credentials are easier to export between different providers and improve interoperability between credential providers as more than 12 billion online accounts become accessible with a passwordless login method. To this end, the alliance said it has published a project for a a new set of specifications for the secure exchange of credentials according to commitments between members of a credential provider’s special interest group (SIG). This includes 1Password, Apple, Bitwarden, Dashlane, Enpass, Google, Microsoft, NordPass, Okta, Samsung and…
October 16, 2024Ravi LakshmananZero-Day / Windows Security The North Korean threat actor known as ScarCruft was linked to exploiting a Windows zero-day patched security flaw to infect devices with malware known as RockRAT. The vulnerability in question CVE-2024-38178 (CVSS Score: 7.5), a memory corruption bug in the scripting engine that could lead to remote code execution when using the Edge browser in Internet Explorer mode. It was patched up from Microsoft as part of the August 2024 Patch Tuesday updates. However, for successful exploitation, an attacker must convince a user to click on a specially crafted URL to start executing…
October 16, 2024Hacker newsArtificial Intelligence / Cybercrime AI from an attacker’s perspective: See how cybercriminals are using AI and exploiting its vulnerabilities to hack systems, users, and even other AI programs Cybercriminals and Artificial Intelligence: Reality vs. Hype “Artificial intelligence will not replace humans in the near future. But people who know how to use artificial intelligence will replace people who don’t know how to use artificial intelligence,” says Etai Maor, the company’s chief security strategist Cato Networks and a founding member Cato CTRL. “Similarly, attackers are also turning to artificial intelligence to augment their own capabilities.” However, the role…