Author: Admin
To protect your organization from cyber threats, you need a clear picture of the current threat landscape. This means constantly expanding your knowledge of new and current threats. There are many methods that analysts can use to gather critical information about cyber threats. Let’s take a look at five that can significantly improve your threat investigation. Turn on C2 IP addresses for accurate malware detection Valuable indicators are the IP addresses used by the malware to communicate with its command and control (C2) servers. They can help not only update your defenses, but also identify relevant infrastructure and tools owned…
October 16, 2024Ravi LakshmananVulnerability / Data Protection The US Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added critical security flaw affecting SolarWinds Web Help Desk (WHD) software for its known vulnerabilities (KEV) catalog with reference to evidence of active operation. Tracked as CVE-2024-28987 (CVSS Score: 9.1), the vulnerability involves hard-coded credentials that can be abused to gain unauthorized access and make changes. “SolarWinds Web Help contains a hard-coded credentials vulnerability that could allow a remote, unauthenticated user to access internal functionality and modify data,” the CISA advisory said. Details were lacking disclosed for the first time SolarWinds in late…
October 16, 2024Ravi LakshmananCyber attack / Banking Trojan A new phishing campaign targeting Brazil has been discovered to be delivering banking malware called Astaroth (aka Guildma) using obfuscated JavaScript to slip past security fences. “The impact of the phishing campaign affected a variety of industries, with manufacturing companies, retail firms, and government agencies the most affected,” Trend Micro said in a new analysis. “Malicious emails often mimic official tax documents, using the urgency of personal income tax returns to trick users into downloading malware.” A cyber security company tracks a cluster of threat activity called Water Makara. It should be…
October 16, 2024Ravi LakshmananEnterprise Security / Vulnerability GitHub has released security updates for Enterprise Server (GHES) to address multiple issues, including a critical bug that could allow unauthorized access to an instance. The vulnerability, tracked as CVE-2024-9487, has a CVS score of 9.5 out of a maximum of 10.0 “An attacker could bypass SAML single sign-on (SSO) authentication with the optional encrypted claims feature, allowing unauthorized user provisioning and instance access by exploiting an improperly verified cryptographic signature vulnerability in GitHub Enterprise Server,” GitHub said in the notice. The Microsoft-owned company described the flaw as a regression that was introduced…
October 15, 2024Ravi LakshmananFinancial Fraud / Linux North Korean threat actors have been observed using a Linux variant of a well-known malware family called FASTCash for stealing funds as part of a financially motivated campaign. The malware “is installed on payment switches in compromised networks that process card transactions to facilitate unauthorized cash withdrawals from ATMs,” according to security researcher HaxRob. said. FASTCash was documented for the first time by the US government in October 2018, used by adversaries linked to North Korea in connection with an ATM-withdrawal scheme targeting banks in Africa and Asia since at least late 2016.…
October 15, 2024Ravi LakshmananMobile Security / Financial Fraud New variants of an Android banking trojan called TrickMo have been found to contain previously undocumented features to steal a device’s unlock pattern or PIN. “This new addition allows a threat actor to act on a device even if it’s locked,” said Zimperium security researcher Aazim Yaswant said in an analysis published last week. First spotted in the wild in 2019, TrickMo is named for its association with cybercriminal group TrickBot and is capable of providing remote control of infected devices, as well as stealing SMS-based one-time passwords (OTPs) and displaying overlays…
October 15, 2024Ravi LakshmananMalware / cybercrime Cybersecurity researchers have uncovered a new malware campaign that uses a malware downloader called PureCrypter to deliver a remote access trojan (RAT) called DarkVision RAT. The activity observed by ThreatLabz’s Zscaler in July 2024 involves a multi-step process to deliver the RAT payload. “DarkVision RAT communicates with its command and control server (C2) using a custom network protocol over sockets,” security researcher Muhammad Irfan VA. said in the analysis. “DarkVision RAT supports a wide range of commands and plugins that provide additional capabilities such as keyboard, remote access, password theft, audio recording, and screen…
In recent years, the number and complexity of zero-day vulnerabilities has increased, posing a critical threat to organizations of all sizes. A zero-day vulnerability is a security flaw in software that is unknown to the vendor and remains unpatched at the time of discovery. Attackers exploit these flaws before any defensive measures can be taken, making zero-days a powerful weapon for cybercriminals. A recent example is, for example, CVE-2024-0519 in Google Chrome: This high-severity vulnerability was heavily exploited in the wild and involved an out-of-bounds memory access problem in the V8 JavaScript engine. This allowed remote attackers to gain access…
China’s National Computer Virus Response Center (CVERC) doubled down on claims that the threat, known as Volt Typhoon this is an invention of the USA and its allies. The agency, in cooperation with the National Computer Virus Prevention Technology Laboratory, accused the US federal government, intelligence agencies and the “Five Eyes” countries of cyber espionage against China, France, Germany, Japan and Internet users worldwide. . It also said there was “ironclad evidence” that the US was conducting false flag operations to try to hide its malicious cyber attacks, adding that it was inventing the “so-called danger of Chinese cyber attacks”…
October 15, 2024Ravi LakshmananDetection of threats / malware Cybersecurity researchers have uncovered a new malware campaign that delivers Hijack Loader artifacts signed with legitimate code signing certificates. French cybersecurity firm HarfangLab, which discovered the activity earlier this month, said chain attacks aimed at deploying an information stealer known as Lumma. Hijack bootloaderalso known as DOILoader, IDAT Loader and SHADOWLADDER, first appeared in September 2023. Malware loader attack chains usually involve forcing users to download a binary file disguised as pirated software or movies. Recent variations of these companies have been found to direct users to fake CAPTCHA pages that prompt…