Author: Admin
August 23, 2024Ravi LakshmananMalware / Threat Intelligence Cybersecurity researchers have discovered a never-before-seen dropper that serves as a conduit to launch the next stage of malware, with the ultimate goal of infecting Windows systems with hijackers and bootloaders. “This memory-only dropper decrypts and runs a PowerShell-based bootloader” – Mandiant, owned by Google said. “This PowerShell-based bootloader is tracked as PEAKLIGHT.” Some of the strains of malware that are distributed using this technique Lumma Stealer, Hijack bootloader (aka DOILoader, IDAT Loader or SHADOWLADDER), and CryptBotall of which are advertised under the malware-as-a-service (SaaS) model. The starting point of the attack chain…
The threat actors behind the recently observed Qilin ransomware attack stole credentials stored in Google Chrome browsers on a small set of compromised endpoints. The use of credential harvesting in connection with ransomware infections marks an unusual twist that could have cascading effects, cybersecurity firm Sophos said in a report on Thursday. The attack, discovered in July 2024, involved infiltrating the target network via compromised credentials for a VPN portal that lacked multi-factor authentication (MFA), with threat actors conducting post-exploitation activities 18 days after initial access. “Once the attacker reached the domain controller in question, he edited the default domain…
August 23, 2024Hacker newsThreat detection / security automation Let’s be honest. The world of cyber security feels like a constant war zone. You’re bombarded with threats, trying to keep up with patches and drowning in an endless stream of notifications. It’s exhausting, isn’t it? But what if there was a better way? Imagine having all of your critical cybersecurity tools at your fingertips, all within a single, intuitive platform backed by 24/7 expert support. This is the game-changing power of an All-in-One solution. Get ready for a no frills live demonstration. Join us for a webinar”Step by Step: How to…
Read the full article for highlights from Intruder VP of Product Andy Hornegold’s recent impact management talk. If you’d like to hear Andy’s first-hand account, watch the Intruder webinar on demand. To learn more about reducing the attack surfacecontact their team today. Attack Surface Management vs. Impact Management Attack surface management (ASM) is the ongoing process of detecting and identifying assets that attackers can see on the Internet, showing where security gaps exist, where they can be exploited to launch an attack, and where defenses are strong enough to repel an attack. If there is something on the Internet that…
August 23, 2024Ravi LakshmananCybercrime / Ransomware A 33-year-old citizen of Latvia, who lives in Moscow, Russia, has been charged in the United States with alleged data theft, extortion of victims and money laundering since August 2021. Denis Zolotarov (aka Sforza_cesarini) was charged with conspiracy to launder money, fraud and extortion under the Hobbs Act. He was arrested in Georgia in December 2023 and was extradited to the United States this month. “Zolatarov is a member of a known cybercriminal organization that attacks victims’ computer systems around the world,” the US Department of Justice said in a statement. said in a…
August 23, 2024Ravi LakshmananEndpoint Security / Data Privacy Cyber security researchers have discovered a new information stealer that is designed to attack Apple macOS hosts and collect a wide range of information, highlighting the increasing focus of threat actors on the operating system. The malware, called Cthulhu Stealer, has been available under a malware-as-a-service (MaaS) model for $500 per month since late 2023. It is capable of targeting both x86_64 and Arm architectures. “Cthulhu Stealer is an Apple disk image (DMG) that comes bundled with two architecture-specific binaries,” Cato Security researcher Tara Gould. said. “The malware is written in Golang…
August 22, 2024Ravi LakshmananVulnerability / Network Security SolarWinds has released patches to address a new security flaw in its Web Help Desk (WHD) software that could allow remote, unauthenticated users to gain unauthorized access to sensitive instances. “SolarWinds Web Help Desk (WHD) software is subject to a hard-encrypted credentials vulnerability that could allow (a) a remote, unauthenticated user to access internal functions and modify data,” the company said in a statement. said in a new guideline published today. Issue tracked as CVE-2024-28987has a CVSS rating of 9.1, indicating critical severity. Horizon3.ai security researcher Zach Hanley is credited with discovering and…
August 22, 2024Ravi LakshmananEquipment Security / Supply Chain Attack Cybersecurity researchers have discovered a hardware backdoor in a certain model of MIFARE Classic contactless cards that can allow authentication with an unknown key and unlock hotel rooms and office doors. The attacks were demonstrated against the FM11RF08S, a new MIFARE Classic variant released by Shanghai Fudan Microelectronics in 2020. “The FM11RF08S backdoor allows any entity that knows about it to compromise all user-defined keys on these cards, even if they are fully diversified, simply by gaining access to the card within minutes,” Quarkslab researcher Philip Thewen. said. Not only is…
August 22, 2024Ravi LakshmananNetwork Security / Zero-Day Details have emerged of the China-nexus threat group using a recently disclosed, now patched, security flaw in Cisco switches as a zero-day to seize control of the device and evade detection. Activity attributed to the Velvet Ant was seen earlier this year and involved weapons CVE-2024-20399 (CVSS Score: 6.0) to deliver custom malware and gain extensive control over the compromised system, facilitating both data theft and permanent access. “The zero-day exploit allows an attacker with valid administrator credentials for the switch management console to bypass the NX-OS command-line interface (CLI) and execute arbitrary…
August 22, 2024Ravi LakshmananCloud Security / Application Security More than 15,000 applications that use the Amazon Web Services (AWS) Application Load Balancer (ALB) for authentication are potentially susceptible to configuration issues that could expose them to access control bypass and compromise applications. That’s it findings from Israeli cybersecurity company Miggo, which identified the problem ALBeast. “This vulnerability allows attackers to gain direct access to compromised programs, especially if they are exposed to Internet access,” security researcher Liad Eliyahu said. ALB is an Amazon service designed to route HTTP and HTTPS traffic to target applications based on the nature of requests.…