Author: Admin
Incident response is a structured approach to managing and resolving security breaches or cyber attacks. Security teams must overcome challenges such as timely detection, comprehensive data collection, and coordinated action to improve preparedness. Improving these areas ensures a quick and effective response, minimizing damage and speeding up recovery. Problems in responding to incidents Incident response presents several challenges that must be addressed to ensure rapid and effective recovery from cyber attacks. The following section lists some of these issues. Timeliness: One of the main challenges in incident response is resolving incidents quickly enough to minimize damage. Delays in response can…
August 5, 2024Ravi LakshmananBrowser Security / Windows Security A China-related threat known as The elusive panda in mid-2023, an unnamed Internet Service Provider (ISP) that pushed malware updates to targeted companies was compromised, highlighting a new level of sophistication associated with the group. Evasive Panda, also known as Bronze Highland, Daggerfly, and StormBamboo, is a cyberespionage group that has been active since at least 2012, using backdoors such as MgBot (aka POCOSTICK) and Nightdoor (aka NetMM and Suzafk) to collect sensitive information. . Most recently, there was a threat to the actor formally attributed to the use of a malicious…
August 5, 2024Ravi LakshmananNetwork Security / Vulnerability A high security bypass vulnerability has been discovered in Rockwell Automation ControlLogix 1756 devices that could be used to execute a common industrial protocol (CIP) programming and configuration commands. A vulnerability that is assigned a CVE identifier CVE-2024-6242has a CVSS v3.1 score of 8.4. “A vulnerability exists in the affected products that could allow a threat actor to bypass the Trusted Slot feature in a ControlLogix controller,” the US Cybersecurity and Infrastructure Security Agency (CISA) said. said in the consulting room. “When using any compromised module in a 1756 chassis, a threat actor…
August 5, 2024Ravi LakshmananMobile Security / Financial Security Cybersecurity researchers have discovered a new Android banking trojan called BlankBot targeting Turkish users to steal financial information. “BlankBot has a number of malicious capabilities that include client injection, keylogging, screen recording, and communication with a management server via a WebSocket connection,” Intel 471 said in an analysis published last week. Discovered on July 24, 2024, BlankBot is said to be in active development, with the malware abusing Android Accessibility Services permissions to gain full control over infected devices. The names of some of the malicious APK files containing BlankBot are listed…
August 3, 2024Ravi LakshmananPrivacy / Data Protection The US Department of Justice (DoJ) along with the Federal Trade Commission (FTC) have filed a lawsuit against popular video-sharing platform TikTok for “gross violation” of the country’s child privacy laws. The agencies alleged that the company knowingly allowed children to create TikTok accounts and view and share short videos and messages with adults and other users of the service. They also accused him of illegally collecting and retaining a wide range of personal information about those children without notifying or obtaining their parents’ consent, in violation of the Children’s Online Privacy Protection…
August 3, 2024Ravi LakshmananDDoS attack / Server security Cybersecurity researchers have revealed details of a new distributed denial-of-service (DDoS) attack campaign targeting misconfigured Jupyter notebooks. Codenamed activity Panomorphic from cloud security company Aqua uses a Java-based tool called mining to launch a TCP flood DDoS attack. Mineping is a DDoS package designed for Minecraft game servers. The attack chains involve using Jupyter Notebook instances exposed on the Internet to execute wget commands to retrieve a ZIP archive hosted on a file sharing site called Filebin. The ZIP file contains two Java archive (JAR) files, conn.jar and mineping.jar, the former being…
August 2, 2024Ravi LakshmananCyber espionage / malware A Russian-linked threat actor has been linked to a new company that used a car for sale as phishing bait to deliver a Windows modular backdoor called HeadLace. “The campaign likely targeted diplomats and began as early as March 2024,” Unit 42 Palo Alto Networks. said in a report published today, attributing it with a medium to high level of confidence APT28also called BlueDelta, Fancy Bear, Fighting Ursa, Forest Blizzard, FROZENLAKE, Iron Twilight, ITG05, Pawn Storm, Sednit, Sofacy and TA422. It should be noted that the car for sale phishing themes were attractive…
August 2, 2024Ravi LakshmananCyber espionage / malware Cisco Talos, a Taiwanese government research institute specializing in computing and related technologies, was hacked by China-linked national threat actors, according to new findings. As early as mid-July 2023, an unnamed entity was targeted to provide various backdoors and post-compromise tools such as ShadowPad and Cobalt Strike. It is attributed with moderate confidence to a prolific hacking group tracked as APT41. “The ShadowPad malware used in the current campaign used an outdated, vulnerable version of the Microsoft Office IME binary as a bootloader to download a customized second-stage bootloader to launch the payload,”…
August 2, 2024Ravi LakshmananCyber Attack / Windows Security Cybersecurity researchers have discovered a previously undocumented Windows backdoor that uses the built-in Background Intelligent Transfer Service (BITS) as a command and control (C2) mechanism. A recently discovered strain of malware has been given a codename BITZLEN Elastic Security Labs, which made the discovery on June 25, 2024, in connection with a cyber attack targeting an unspecified Ministry of Foreign Affairs of the South American government. The activity cluster is tracked under the alias REF8747. “The most recent iteration of the backdoor at the time of publication has 35 handler functions, including…
August 2, 2024Hacker news In today’s digital battlefield, small and medium-sized businesses (SMEs) face the same cyber threats as large corporations, but with fewer resources. Managed service providers (MSPs) are struggling to keep up with the demand for protection. If your current cybersecurity strategy looks like a house of cards—a complex, expensive jumble of different vendors and tools—it’s time to make a change. Introducing the All-in-One Cyber Security Platform. Imagine having all the protection you need in one place with one easy-to-use interface. That’s the power of the All-in-One platform. Join our upcoming webinar to learn how MSPs and SMBs…