Author: Admin
November 25, 2024Ravi LakshmananMobile Security / Privacy Google has introduced a new feature called Recover credentials to help users safely regain access to their third-party app accounts after switching to a new Android device. Part of Android Credential Manager APIthis feature aims to reduce the hassle of re-entering login credentials for each app when switching phones. “With Restore Credentials, apps can seamlessly connect users to their accounts on a new device after they restore their apps and data from their previous device,” Neelansh Sahai of Google said. The tech giant said the process happens automatically in the background when a…
November 25, 2024Ravi LakshmananCloud Security / Supply Chain Attack Cybersecurity researchers have uncovered two new attack techniques against infrastructure-as-code (IaC) and policy-as-code (PaC) tools such as Terraform and HashiCorp’s Open Policy Agent (OPA) that use special domain-oriented languages (DSLs) to hack cloud platforms and extracted data. “Because they’re hard languages with limited capabilities, they should be more secure than standard programming languages, and they really are,” Tenable Senior Security Researcher Shelly Raban said in a technical report published last week. “However, safer does not mean bulletproof.” OPA is a popular open-source policy engine that allows organizations to enforce policies on…
Immerse yourself in the evolution of phishing and malware evasion techniques and understand how attackers are using increasingly sophisticated techniques to bypass security measures. The evolution of phishing attacks “I really like the saying ‘it’s out of bounds’ no hacker ever said. Whether it’s tricks, techniques or technology, hackers will do anything to avoid detection and ensure their attack is successful.” says Etai Maor, chief security strategist at Cato Networks and member Cato CTRL. Phishing attacks have changed a lot over the years. 15-20 years ago, simple phishing sites were enough to capture the valuable of the time – credit…
November 25, 2024Ravi LakshmananMalware / Windows Security Cybersecurity researchers have discovered a new malicious campaign that uses a technique called Bring Your Own Vulnerable Driver (BEUD) to remove the protection and eventually gain access to the infected system. “This malware takes a more sinister path: it removes the legitimate Avast Anti-Rootkit driver (aswArPot.sys) and manipulates it to execute its destructive program,” Trellix Security Researcher Trishaan Kalra said in an analysis published last week. “The malware uses the deep access provided by the driver to stop security processes, disable security software, and seize control of the infected system.” The starting point…
November 23, 2024Ravi LakshmananArtificial Intelligence / Cryptocurrency A North Korean-linked individual known as Sapphire Slit is estimated to have stolen more than $10 million worth of cryptocurrency in social engineering campaigns organized over a six-month period. These findings Microsoft said several threat clusters linked to the country were creating fake LinkedIn profiles posing as both recruiters and job seekers in order to generate illicit profits for the sanctioned country. Known to be active since at least 2020, Sapphire Sleet aligns with hacker groups tracked as APT38 and BlueNoroff. In November 2023 a technology giant revealed that the threat actor created…
November 23, 2024Ravi LakshmananCloud Security / Threat Intelligence Government agencies and non-governmental organizations in the United States have been targeted by a Chinese state threat known as Storm 2077. The adversary, which is believed to be active since at least January 2024, has also carried out cyber attacks against the Defense Industrial Base (DIB), aviation, telecommunications, and financial and legal services around the world, Microsoft said. The company added that the cluster of activity coincides with a group of threats that Recorded Future’s Insikt Group tracks as TEG-100. The cybersecurity firm noted back in July that the attack chains are…
November 22, 2024Ravi LakshmananCyber espionage / malware A Chinese-linked nation-state group called TAG-112 has compromised Tibetan media and university websites as part of a new cyberespionage campaign designed to facilitate the delivery of post-exploitation Cobalt Strike toolkits for later intelligence gathering. “The attackers embedded malicious JavaScript into these sites that falsified a TLS certificate error to force visitors to download a disguised security certificate,” Recorded Future’s Insikt Group said. “This malware, which is often used by threat actors for remote access and post-exploitation, highlights the continued focus of cyber espionage on Tibetan organizations.” The compromises were attributed to a state-sponsored…
November 22, 2024Ravi LakshmananCyber attack / malware A threat actor known as The mysterious elephant observed the use of an advanced version of the malware called Asynshell. The attack campaign is said to have used Hajj-themed decoys to trick victims into executing a malicious payload disguised as a Microsoft Compiled HTML Help (CHM) file, Knownsec 404 command said in an analysis published today. Mysterious Elephant, which is also known as APT-K-47, is a threat actor of South Asian origin that has been active since at least 2022, primarily against Pakistani organizations. The group’s tactics and tools were found to share…
November 22, 2024Ravi LakshmananCyber espionage / malware Threat actors linked to Russia have been linked to a cyber espionage campaign targeting organizations in Central Asia, East Asia and Europe. Insikt Group Recorded Future, which named the cluster of activity as TAG-110, said it matched a threat group tracked by Ukraine’s Emergency Response Team (CERT-UA) as UAC-0063, which in turn matched APT28. The hacking team has been active since at least 2021. “Using the custom tools of the HATVIBE and CHERRYSPY malware, TAG-110 primarily attacks government organizations, human rights groups, and educational institutions,” the cybersecurity firm reported. said in a report…
Meta Platforms, Microsoft and the US Department of Justice (DoJ) have announced independent actions to combat cybercrime and shut down services that enable scams, fraud and phishing attacks. This was announced by Microsoft’s Digital Crime Unit (DCU). 240 fraudulent websites were seized linked to an Egyptian cybercrime facilitator named Abanoub Nadi (aka MRxC0DER and mrxc0derii) who advertised a phishing kit called ONNX. Nadia’s criminal operation was launched back in 2017. “Many cybercriminals and online threat actors have purchased these kits and used them in widespread phishing campaigns to bypass additional security measures and compromise Microsoft customer accounts,” said Steven Masada…