Author: Admin
A new tax-themed malware campaign targeting the insurance and financial sectors has been spotted using GitHub links in phishing emails as a way to bypass security measures and deliver the Remcos RAT, suggesting that this method is gaining popularity among threat actors. “This campaign used legitimate repositories such as open tax filing software, UsTaxes, HMRC and InlandRevenue, instead of unknown, low-star repositories,” said Cofense researcher Jacob Malimban. said. “The use of trusted repositories to deliver malware is relatively new compared to threat actors creating their own GitHub malware repositories. These malicious GitHub links can be linked to any repository that…
Threat actors are constantly changing tactics to bypass cybersecurity measures, developing innovative methods to steal user credentials. Hybrid password attacks combine multiple cracking techniques to increase their effectiveness. These combined approaches take advantage of the strengths of different methods, speeding up the process of cracking passwords. In this post, we’ll explore hybrid attacks—what they are and the most common types. We’ll also discuss how your organization can protect itself against them. A mixed approach of hybrid attacks Threat actors are always looking for better, more successful ways to crack passwords – and hybrid attacks allow them to combine two different…
October 11, 2024Ravi LakshmananVulnerability / Network Security The US Cybersecurity and Infrastructure Security Agency (CISA) warns that threat actors have been observed using unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager (LTM) module to conduct intelligence on target networks. It says that the module is used to list other devices on the network that do not have access to the Internet. The agency, however, does not reveal who is behind this activity and what the ultimate goals of the campaign are. “An attacker could use information collected from unencrypted cookies to infer or identify additional network resources…
October 11, 2024Ravi LakshmananDevOps / Vulnerability GitLab has released security updates for Community Edition (CE) and Enterprise Edition (EE) to address eight security vulnerabilities, including a critical bug that could allow continuous integration and continuous delivery (CI/CD) pipelines to run on arbitrary branches. Tracked as CVE-2024-9164, the vulnerability has a CVSS score of 9.6 out of 10. “An issue has been discovered in GitLab EE that affects all versions from 12.5 to 17.2.9, from 17.3 to 17.3.5, and from 17.4 to 17.4.2, which allows pipelines to run on arbitrary branches,” – GitLab said in the consulting room. Of the remaining…
October 11, 2024Ravi LakshmananCybercrime / Dark Web Police in the Netherlands have announced the takedown of Bohemia and Cannabia, which has been described as the world’s largest and longest-running dark web marketplace for illegal goods, drugs and cybercriminal services. The liquidation was the result of a joint investigation with Ireland, Great Britain and the United States that began in late 2022, Politie reported. The market ceased operations at the end of 2023 following reports of service outages and exit fraud after one of the developers was allegedly duped into what was characterized by one of the administrators as a “shameful…
October 10, 2024Ravi LakshmananCybercrime / Misinformation OpenAI said on Wednesday that since the beginning of the year, it has disrupted more than 20 operations and fraud networks around the world that tried to use its platform for malicious purposes. These activities included debugging malware, writing articles for websites, creating bios for social media accounts, and creating AI-generated profile images for fake X accounts. “Threat actors continue to evolve and experiment with our models, but we have seen no evidence that this has led to significant breakthroughs in their ability to create significantly new malware or build viral audiences,” the artificial…
October 10, 2024Ravi LakshmananVulnerability / Enterprise Security Cybersecurity security researchers have warned of an unpatched vulnerability in Nice Linear eMerge E3 access controller systems that could allow the execution of arbitrary operating system (OS) commands. The vulnerability has been assigned a CVE ID CVE-2024-9441has a CVSS score of 9.8 out of a maximum of 10.0, according to VulnCheck. “Vulnerability in the Nortek Linear eMerge E3 allows remote, unauthenticated attackers to cause the device to execute an arbitrary command,” SSD disclosed. said a flaw advisory issued late last month says the vendor has yet to provide a fix or workaround. The…
The current SOC model relies on a scarce resource: human analysts. These professionals are expensive, in high demand, and increasingly difficult to retain. Their work is not only very technical and high-risk, but also soul-crushingly repetitive, dealing with a constant stream of alerts and incidents. As a result, SOC analysts often leave in search of better pay, opportunities to move outside of the SOC into more rewarding roles, or simply to take much-needed breaks. This high attrition rate puts the SOC in a vulnerable position, jeopardizing the overall effectiveness of cybersecurity operations. In order to keep your team resilient and…
October 10, 2024Ravi LakshmananCybercrime / Malware Cybersecurity researchers have shed light on a new digital skimmer campaign that uses Unicode obfuscation techniques to hide a skimmer called the Mongolian Skimmer. “At first glance, what caught my eye was the obfuscation of the script, which seemed a bit odd because of all the accented characters,” Jscrambler researchers said in the analysis. “The heavy use of Unicode characters, many of them invisible, makes the code very difficult for humans to read.” The script, at its core, was set to leverage JavaScript enabled use any Unicode character in the identifier to hide the…
October 10, 2024Ravi LakshmananVulnerability / Network Security The US Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added critical security flaw affecting Fortinet products prior to their known vulnerabilities (KEV) catalog with reference to evidence of active operation. Vulnerability, tracked as CVE-2024-23113 (CVSS Score: 9.8), refers to cases of remote code execution affecting FortiOS, FortiPAM, FortiProxy, and FortiWeb. “Exploitation of an externally controlled format string vulnerability (CWE-134) in the FortiOS fgfmd daemon could allow a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests,” Fortinet. noted in a deficiency advisory as early as February 2024. As…