Author: Admin
October 18, 2024Ravi LakshmananCyber Intelligence / Critical Infrastructure Cyber security and intelligence agencies in Australia, Canada and the US have warned of a year-long campaign by Iranian cyber actors to infiltrate organizations’ critical infrastructure through brute force attacks. “Since October 2023, Iranian actors have used brute force and password cracking to compromise user accounts and gain access to health and public health (HPH), government, information technology, engineering, and energy organizations,” the agencies noted. said in joint consultation. The attacks targeted healthcare, government, information technology, engineering and energy, according to the Australian Federal Police (AFP), the Australian Cyber Security Center (ACSC)…
October 18, 2024Hacker newsWebinar / Data protection Think of your company’s data as a huge, complex puzzle scattered across clouds, devices and networks. Some parts are hidden, some are irrelevant, and others may even be missing altogether. Keeping your data secure in today’s fast-paced landscape can seem like an impossible task. But there is a game-changing solution: Data Security Posture Management (DSPM). Think of it as a high-tech, high-powered lens that reveals your entire data puzzle, helping you find every piece, fix weak points, and protect everything with confidence. Join our webinar “Building a successful data security posture management program”…
October 18, 2024Ravi LakshmananThreat Intelligence / Phishing Attack Threat actors use fake Google Meet web pages as part of an ongoing malware campaign called Click Fix to deliver information theft targeting Windows and macOS systems. “This tactic involves displaying fake error messages in web browsers to trick users into copying and executing specified malicious PowerShell code, eventually infecting their systems,” French cybersecurity firm Sekoia said. said in a report shared with The Hacker News. There were variants of the company ClickFix (aka ClearFake and OneDrive Pastejacking). reported widely Art the last monthswhere threat actors use a variety of lures to…
October 18, 2024Ravi LakshmananThreat Intelligence / Browser Security Microsoft has revealed details about a patched security flaw in Apple’s Transparency, Consent, and Control (TCC) in macOS that was likely used to bypass privacy settings and access user data. The flaw, which the tech giant has codenamed HM Surf, is tracked as CVE-2024-44133. It was addressed by Apple as part of macOS Sequoia 15 by removing the vulnerable code. HM Surf “involves removing TCC protection for the Safari browser directory and modifying a configuration file in said directory to access user data, including pages viewed, device camera, microphone, and location, without…
October 17, 2024Ravi LakshmananThreat Intelligence / Malware The Russian threat known as RomCom has been linked to a new wave of cyberattacks targeting Ukrainian government agencies and unidentified Polish organizations since at least late 2023. Intrusions are characterized by the use of a variety of Art RAT RomCom called SingleCamper (aka SnipBot or RomCom 5.0), reported Cisco Talos, which monitors a cluster of activity under the alias UAT-5647. “This version loads directly from the registry into memory and uses a loopback address to communicate with its loader,” security researchers Dmitry Karzhevin, Ashir Malhotra, Vanya Sveitzer, and Vitor Ventura noted. Also…
October 17, 2024Ravi LakshmananRansomware / Network Security Cybersecurity researchers have gathered more information about a nascent ransomware-as-a-service (RaaS) called Cicada3301 after successfully gaining access to the group’s affiliate panel on the dark web. Singapore-headquartered Group-IB said it contacted the threat actor behind the persona Cicada3301 on the RAMP cybercrime forum via the Tox messaging service after the latter posted an ad calling for new partners in its affiliate program. “The Cicada3301 ransomware group’s affiliate panel dashboard had sections like Control Panel, News, Campaigns, Chat Campaigns, Chat Support, Account, FAQ section questions and “Exit” – researchers Mikalai Kichatov and Sharmin Lowe.…
An Advanced Persistent Threat Entity (APT), believed to have links to India, has carried out a flurry of attacks against prominent organizations and strategic infrastructure in the Middle East and Africa. The activity was assigned to a group tracked as SideWinderwhich is also known as APT-C-17, Baby Elephant, Hardcore Nationalist, Leafperforator, Rattlesnake, Razor Tiger and T-APT-04. “The group may be perceived as a low-level actor due to the use of public exploits, malware and LNK scripts as infection vectors, as well as the use of public RATs, but their true capabilities only become apparent when you closely examine the details…
As technology implementation has become employee-led, on-time, from any location and device, IT and security departments have found themselves competing with an ever-expanding SaaS attack surface, much of which is often unknown or unmanaged. This greatly increases the risk of identity-based threats, and according to a recent CrowdStrike report, 80% of breaches today use compromised credentials, including cloud and SaaS credentials. Given this reality, IT security managers need practical and effective SaaS security solutions designed to identify and manage their expanding SaaS footprint. Here are 5 key ways Nudge Security can help. Close the visibility gap Knowledge of the full…
Federal prosecutors in the US have charged two Sudanese brothers with running a distributed denial-of-service (DDoS) botnet for hire that carried out a record 35,000 DDoS attacks in one year, including those that focused on Microsoft services in June 2023. Attacks facilitated by Anonymous Sudan’s “powerful DDoS tool” have targeted critical infrastructure, corporate networks and government agencies in the United States and around the world, the US Department of Justice (DoJ) said. Ahmed Salah Yusuf Omer, 22, and Alaa Salah Yusuf Omer, 27, were charged with conspiracy to damage protected computers. Ahmed Salah is also charged with three counts of…
October 17, 2024Ravi LakshmananVulnerability / Kubernetes A critical security flaw has been discovered in Kubernetes Image Builder that, if successfully exploited, could be used to gain root access under certain circumstances. Vulnerability, tracked as CVE-2024-9486 (CVSS score: 9.8), considered in version 0.1.38. The project maintainers thanked Mykola Rybnikar for discovering and reporting the vulnerability. “A security issue has been identified in Kubernetes Image Builder where default credentials are enabled during the image build process,” Joel Smith of Red Hat said in the notice. “Additionally, virtual machine images created using the Proxmox provider do not disable these default credentials, and nodes…