Author: Admin
August 19, 2024Ravi LakshmananThreat Intelligence / Cryptocurrency A new type of malware called UULoader is used by threat actors to deliver next-stage payloads such as Gh0st RAT and Mimiket. Cyberint, the research group that discovered the malware, said it was distributed as malicious installers for legitimate apps targeting Korean and Chinese speakers. There is evidence that UULoader is the work of a Chinese native speaker due to the presence of Chinese lines in the program database (PDB) files embedded in the DLL file. “UULoader’s ‘core’ files are contained in a Microsoft Cabinet archive (.cab) file that contains two core executables…
According to the latest research on employee exit70% of IT professionals say they’ve experienced the negative impact of an incomplete IT shutdown, whether it’s a security incident involving an account that wasn’t shut down, an unexpected bill for resources that are no longer in use, or a missed handover of a critical resource or account. This is despite the fact that each departing employee spends an average of five hours on activities such as locating and disabling SaaS accounts. As the number of SaaS in most organizations continues to expand, it becomes increasingly difficult (and time-consuming) to ensure that all…
August 19, 2024Ravi LakshmananCloud Security / Threat Intelligence Attackers use a cloud-based attack tool called Xeon Sender to conduct large-scale SMS phishing and spam campaigns, abusing legitimate services. “Attackers can use Xeon to send messages through multiple software-as-a-service (SaaS) providers using valid credentials for the service providers,” SentinelOne security researcher Alex Delamotte. said in a report shared with The Hacker News. Examples of services used to facilitate bulk SMS messaging include Amazon Simple Notification Service (SNS), Nexmo, Plivo, Proovl, Send99, Telesign, Telnyx, TextBelt, Twilio. It is important to note here that this activity does not exploit the weaknesses inherent in…
August 19, 2024Ravi LakshmananVulnerability / Zero-Day A recently patched security flaw in Microsoft Windows was exploited as a zero-day Lazar’s groupa prolific state-funded actor with ties to North Korea. A security vulnerability tracked as CVE-2024-38193 (CVSS score: 7.8) was described as an elevation of privilege error in the Windows Auxiliary Functions Driver (AFD.sys) for WinSock. “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges” – Microsoft said in a deficiency advisory last week. It was addressed by the tech giant as part of its monthly Patch Tuesday update. Gen Digital researchers Luigino Camastro and Milanek are credited with…
August 19, 2024Ravi LakshmananCyber Crime / Network Security Cybersecurity researchers have discovered new infrastructure associated with a financially motivated threat known as FIN7. Two clusters of potential FIN7 activity “show traffic coming into the FIN7 infrastructure from IP addresses assigned respectively to Post Ltd (Russia) and SmartApe (Estonia),” Team Cymru said in a report released this week as part of a joint investigation with Silent Push and Stark Industries Solutions. Conclusions are based on a a recent report from Silent Push, which found several Stark Industries IP addresses dedicated exclusively to hosting FIN7 infrastructure. Recent analysis indicates that the hosts…
On Friday, OpenAI said it had banned a set of accounts linked to what it called a covert Iranian influence operation that used ChatGPT to create content that focused on, among other things, the upcoming US presidential election. “This week we identified and took down a cluster of ChatGPT accounts that were creating content for a covert Iranian influence operation codenamed Storm-2035,” OpenAI. said. “The operation used ChatGPT to create content focused on a range of topics — including commentary on candidates from both sides of the US presidential election — which was then shared via social media accounts and…
August 16, 2024Ravi LakshmananCloud Security / Application Security A large-scale ransomware campaign compromised various organizations by exploiting publicly available environment variable (.env) files containing credentials related to cloud and social networking applications. “Several security errors were made during this campaign, including the following: exposing environment variables, using long-lived credentials, and not having a least-privilege architecture,” Palo Alto Networks Division 42. said in a report on Thursday. The company is notable for installing its attack infrastructure in infected organizations’ Amazon Web Services (AWS) environments and using them as a launch pad to scan more than 230 million unique targets for sensitive…
August 16, 2024Ravi LakshmananDark Web / Data Leakage A 27-year-old Russian national has been sentenced to more than three years in prison for trading financial information, login credentials and other personally identifiable information (PII) on a defunct dark web marketplace called Slizpp. Giorgii Kauzharade, 27 years old, Moscow, Russia, pleaded guilty on one count of conspiracy to commit bank fraud and wire fraud in early February of this year. In addition to the 40-month prison term, Kaujarade is ordered to pay $1,233,521.47 in restitution. The defendant, who used the online aliases TeRorPP, Torqovec and PlutuSS, is alleged to have put…
SaaS applications have become indispensable for organizations seeking to improve productivity and streamline operations. However, the convenience and efficiency these applications offer come with inherent security risks, often leaving hidden gaps that can be exploited. Conducting thorough audits of SaaS applications is critical to identifying and mitigating these risks while ensuring yours is protected Source link
August 16, 2024Ravi LakshmananMalware / data theft Cyber security researchers have shed light on a sophisticated phishing campaign that impersonates legitimate brands to distribute malware such as DanaBot and StealC. Organized by Russian-speaking cybercriminals and codenamed Tusk, the cluster of activities is said to involve several sub-companies, using the platforms’ reputations to trick users into downloading malware using bogus websites and social media accounts. “All active subcompanies host the initial bootloader on Dropbox,” Kaspersky researchers Elsayed Elrefai and AbdulRman Alfaifi said. “This bootloader is responsible for delivering additional malware samples to the victim’s machine, which are mainly information stealers (DanaBot…