Author: Admin
October 18, 2024Ravi LakshmananThreat Intelligence / Phishing Attack Threat actors use fake Google Meet web pages as part of an ongoing malware campaign called Click Fix to deliver information theft targeting Windows and macOS systems. “This tactic involves displaying fake error messages in web browsers to trick users into copying and executing specified malicious PowerShell code, eventually infecting their systems,” French cybersecurity firm Sekoia said. said in a report shared with The Hacker News. There were variants of the company ClickFix (aka ClearFake and OneDrive Pastejacking). reported widely Art the last monthswhere threat actors use a variety of lures to…
October 18, 2024Ravi LakshmananThreat Intelligence / Browser Security Microsoft has revealed details about a patched security flaw in Apple’s Transparency, Consent, and Control (TCC) in macOS that was likely used to bypass privacy settings and access user data. The flaw, which the tech giant has codenamed HM Surf, is tracked as CVE-2024-44133. It was addressed by Apple as part of macOS Sequoia 15 by removing the vulnerable code. HM Surf “involves removing TCC protection for the Safari browser directory and modifying a configuration file in said directory to access user data, including pages viewed, device camera, microphone, and location, without…
October 17, 2024Ravi LakshmananThreat Intelligence / Malware The Russian threat known as RomCom has been linked to a new wave of cyberattacks targeting Ukrainian government agencies and unidentified Polish organizations since at least late 2023. Intrusions are characterized by the use of a variety of Art RAT RomCom called SingleCamper (aka SnipBot or RomCom 5.0), reported Cisco Talos, which monitors a cluster of activity under the alias UAT-5647. “This version loads directly from the registry into memory and uses a loopback address to communicate with its loader,” security researchers Dmitry Karzhevin, Ashir Malhotra, Vanya Sveitzer, and Vitor Ventura noted. Also…
October 17, 2024Ravi LakshmananRansomware / Network Security Cybersecurity researchers have gathered more information about a nascent ransomware-as-a-service (RaaS) called Cicada3301 after successfully gaining access to the group’s affiliate panel on the dark web. Singapore-headquartered Group-IB said it contacted the threat actor behind the persona Cicada3301 on the RAMP cybercrime forum via the Tox messaging service after the latter posted an ad calling for new partners in its affiliate program. “The Cicada3301 ransomware group’s affiliate panel dashboard had sections like Control Panel, News, Campaigns, Chat Campaigns, Chat Support, Account, FAQ section questions and “Exit” – researchers Mikalai Kichatov and Sharmin Lowe.…
An Advanced Persistent Threat Entity (APT), believed to have links to India, has carried out a flurry of attacks against prominent organizations and strategic infrastructure in the Middle East and Africa. The activity was assigned to a group tracked as SideWinderwhich is also known as APT-C-17, Baby Elephant, Hardcore Nationalist, Leafperforator, Rattlesnake, Razor Tiger and T-APT-04. “The group may be perceived as a low-level actor due to the use of public exploits, malware and LNK scripts as infection vectors, as well as the use of public RATs, but their true capabilities only become apparent when you closely examine the details…
As technology implementation has become employee-led, on-time, from any location and device, IT and security departments have found themselves competing with an ever-expanding SaaS attack surface, much of which is often unknown or unmanaged. This greatly increases the risk of identity-based threats, and according to a recent CrowdStrike report, 80% of breaches today use compromised credentials, including cloud and SaaS credentials. Given this reality, IT security managers need practical and effective SaaS security solutions designed to identify and manage their expanding SaaS footprint. Here are 5 key ways Nudge Security can help. Close the visibility gap Knowledge of the full…
Federal prosecutors in the US have charged two Sudanese brothers with running a distributed denial-of-service (DDoS) botnet for hire that carried out a record 35,000 DDoS attacks in one year, including those that focused on Microsoft services in June 2023. Attacks facilitated by Anonymous Sudan’s “powerful DDoS tool” have targeted critical infrastructure, corporate networks and government agencies in the United States and around the world, the US Department of Justice (DoJ) said. Ahmed Salah Yusuf Omer, 22, and Alaa Salah Yusuf Omer, 27, were charged with conspiracy to damage protected computers. Ahmed Salah is also charged with three counts of…
October 17, 2024Ravi LakshmananVulnerability / Kubernetes A critical security flaw has been discovered in Kubernetes Image Builder that, if successfully exploited, could be used to gain root access under certain circumstances. Vulnerability, tracked as CVE-2024-9486 (CVSS score: 9.8), considered in version 0.1.38. The project maintainers thanked Mykola Rybnikar for discovering and reporting the vulnerability. “A security issue has been identified in Kubernetes Image Builder where default credentials are enabled during the image build process,” Joel Smith of Red Hat said in the notice. “Additionally, virtual machine images created using the Proxmox provider do not disable these default credentials, and nodes…
October 16, 2024Ravi LakshmananEndpoint Security / Malware Threat actors are attempting to abuse the open source EDRSilencer tool in an effort to spoof Endpoint Detection and Response (EDR) solutions and conceal malicious activity. Trend Micro said it discovered that “threat actors are attempting to integrate EDRSilencer into their attacks by repurposing it as a means of evading detection.” EDRS silencerinspired NightHawk FireBlock the tool from MDSec is designed to block the outbound traffic of running EDR processes using the Windows Filtering Framework (MPP). It supports termination of various processes related to EDR products from Microsoft, Elastic, Trellix, Qualys, SentinelOne, Cybereason,…
October 16, 2024Ravi LakshmananData privacy / no password The FIDO Alliance said it is working to create one access keys and other credentials are easier to export between different providers and improve interoperability between credential providers as more than 12 billion online accounts become accessible with a passwordless login method. To this end, the alliance said it has published a project for a a new set of specifications for the secure exchange of credentials according to commitments between members of a credential provider’s special interest group (SIG). This includes 1Password, Apple, Bitwarden, Dashlane, Enpass, Google, Microsoft, NordPass, Okta, Samsung and…