Author: Admin
Since late July 2024, Iranian state-sponsored threat actors have been seen running phishing campaigns targeting a prominent Jewish figure to deliver a new intelligence-gathering tool called AnvilEcho. Enterprise security company Proofpoint tracks activity called TA453, which intersects with activity tracked by the broader cybersecurity community under the aliases APT42 (Mandiant), Charming Kitten (CrowdStrike), Damselfly (Symantec), Mint Sandstorm (Microsoft), and Yellow. Garuda (PwC). “The initial interaction was trying to entice the subject to engage with the benign email to build conversation and trust, and then click on the next malicious link,” security researchers Joshua Miller, Georgi Mladenov, Andrew Northern and Greg…
August 20, 2024Ravi LakshmananVulnerability / Container Security Cybersecurity researchers have discovered a security flaw affecting Microsoft’s Azure Kubernetes services that, if successfully exploited, could allow an attacker to elevate privileges and gain access to credentials for services used by the cluster. “An attacker executing a command in a Pod running on a compromised Azure Kubernetes Services cluster can download the configuration used to secure a cluster node, obtain transport layer (TLS) download tokens, and perform a TLS download attack to read all secrets inside the cluster” , Google-owned Mandiant said. Clusters using “Azure CNI” for “Network Configuration” and “Azure” for…
August 20, 2024Ravi LakshmananVulnerability / Threat Intelligence A previously undocumented backdoor called Msupedge was used against a cyber attack targeting an unnamed university in Taiwan. “The most notable feature of this backdoor is that it communicates with the command and control (C&C) server through DNS traffic,” Symantec Threat Hunter team, part of Broadcom, said in a report shared with The Hacker News. The origin of the backdoor is currently unknown, as are the targets of the attack. The initial access vector that likely facilitated the deployment of Msupedge is said to involve exploiting a recently disclosed critical flaw affecting PHP…
August 20, 2024Ravi LakshmananVulnerability / Ransomware The US Cybersecurity and Infrastructure Security Agency (CISA) has added critical security flaw that affects known Jenkins exploited vulnerabilities (KEV) directory after its use in ransomware attacks. Vulnerability, tracked as CVE-2024-23897 (CVSS score: 9.8), is a path traversal flaw that can lead to code execution. “The Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that could allow an attacker to restrict read access to certain files, which could lead to code execution,” CISA said in a statement. It was the first opened By Sonar security researchers in January 2024 and addressed in…
August 20, 2024Ravi LakshmananEnterprise Security / Data Breach Cybersecurity researchers are warning of the discovery of thousands of third-party Oracle NetSuite e-commerce sites that have been found to be vulnerable to leaking sensitive customer information. “A potential issue in the NetSuite SuiteCommerce platform could allow attackers to gain access to sensitive data due to misconfiguration of access controls for custom record types (CRTs),” Aaron Costello of AppOmni said. It should be emphasized here that the problem is not a lack of security in the NetSuite product, but a misconfiguration of the client that can lead to the leakage of sensitive…
August 20, 2024Ravi LakshmananMalware / cyber espionage Cyber security researchers have shed light on a threat known as A blind eagle which has persistently targeted organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries. The targets of these attacks span multiple sectors, including government agencies, financial companies, and energy and oil and gas companies. “Blind Eagle has demonstrated adaptability in shaping the targets of its cyberattacks and the versatility to switch between purely financially motivated attacks and espionage operations,” Kaspersky said. said in Monday’s report. Also referred to as APT-C-36, Blind Eagle appears believed Since at…
August 19, 2024Ravi LakshmananHarmful advertising / Cybercrime Cybersecurity researchers have discovered a spike in malware infections as a result of malicious ad campaigns that distribute a downloader called FakeBat. “These attacks are opportunistic and target users looking for popular business software,” Mandiant Managed Defense Team said in the technical report. “The infection uses an MSIX installer trojan that executes a PowerShell script to download an additional payload.” FakeBatwhich is also called EugenLoader and PaykLoader, is associated with a threat actor named Eugenfest. The Google-owned threat intelligence team is tracking a malware called NUMOZYLOD and has attributed a Malware-as-a-Service (MaaS) operation…
August 19, 2024Ravi LakshmananThreat Intelligence / Cryptocurrency A new type of malware called UULoader is used by threat actors to deliver next-stage payloads such as Gh0st RAT and Mimiket. Cyberint, the research group that discovered the malware, said it was distributed as malicious installers for legitimate apps targeting Korean and Chinese speakers. There is evidence that UULoader is the work of a Chinese native speaker due to the presence of Chinese lines in the program database (PDB) files embedded in the DLL file. “UULoader’s ‘core’ files are contained in a Microsoft Cabinet archive (.cab) file that contains two core executables…
According to the latest research on employee exit70% of IT professionals say they’ve experienced the negative impact of an incomplete IT shutdown, whether it’s a security incident involving an account that wasn’t shut down, an unexpected bill for resources that are no longer in use, or a missed handover of a critical resource or account. This is despite the fact that each departing employee spends an average of five hours on activities such as locating and disabling SaaS accounts. As the number of SaaS in most organizations continues to expand, it becomes increasingly difficult (and time-consuming) to ensure that all…
August 19, 2024Ravi LakshmananCloud Security / Threat Intelligence Attackers use a cloud-based attack tool called Xeon Sender to conduct large-scale SMS phishing and spam campaigns, abusing legitimate services. “Attackers can use Xeon to send messages through multiple software-as-a-service (SaaS) providers using valid credentials for the service providers,” SentinelOne security researcher Alex Delamotte. said in a report shared with The Hacker News. Examples of services used to facilitate bulk SMS messaging include Amazon Simple Notification Service (SNS), Nexmo, Plivo, Proovl, Send99, Telesign, Telnyx, TextBelt, Twilio. It is important to note here that this activity does not exploit the weaknesses inherent in…