Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
Summary: Mandiant’s “M-Trends 2024 Special Report” reveals that attacker dwell time has decreased, indicating improvements in defensive capabilities, while ransomware attacks and zero-day vulnerabilities continue to pose threats to organizations.
Threat Actor: Various threat actors involved in ransomware attacks and exploitation of zero-day vulnerabilities.
Victim: Organizations targeted by ransomware attacks and zero-day exploits.…
Microsoft Threat Intelligence is publishing results of our longstanding investigation into activity by the Russian-based threat actor Forest Blizzard (STRONTIUM) using a custom tool to elevate privileges and steal credentials in compromised networks. Since at least June 2020 and possibly as early as April 2019, Forest Blizzard has used the tool, which we refer to as GooseEgg, to exploit the CVE-2022-38028 vulnerability in Windows Print Spooler service by modifying a JavaScript constraints file and executing it with SYSTEM-level permissions.…
Threat Actor: Chinese keyboard apps | Chinese keyboard apps Victim: Users of Baidu, Tencent, iFlytek, Honor, Huawei, OPPO, Vivo, Samsung, Xiaomi | users of Chinese keyboard apps Price: Not specified Exfiltrated Data Type: Keystrokes
Additional Information:
Massive Impact: Up to a billion users could be affected by the security flaws in Chinese keyboard apps from Baidu, Tencent, iFlytek, and popular phone brands used across China (Honor, Huawei, OPPO, Vivo, Samsung, Xiaomi).…Summary: Scammers are using a sophisticated tactic to steal Toncoins from Telegram users by enticing them with promises of an “exclusive earning program” and directing them to join an unofficial Telegram bot.
Threat Actor: Scammers | scammers Victim: Telegram users | Telegram users
Key Point:
Scammers are attracting Telegram users through a referral system and directing them to join an unofficial Telegram bot.…Summary: Cloud Console Cartographer is an open-source tool that helps security practitioners understand console behavior in their environment by mapping noisy log activity into consolidated events.
Threat Actor: N/A
Victim: N/A
Key Point :
Cloud Console Cartographer is designed to cut through the noise generated in logs by console sessions, providing security professionals with a clear understanding of user activity in the console UI.…We’ve been tracking a curious one here.…
Summary: The majority of companies have experienced cyberattacks that were not fully covered by their cyber insurance policies, leaving significant gaps in coverage and resulting in uncovered losses.
Threat Actor: N/A
Victim: Companies
Key Point :
4 out of 5 companies have suffered a cyberattack that was not fully covered by their cyber insurance policy, leaving significant gaps in coverage.…Summary: Researchers at SafeBreach discussed flaws in Microsoft and Kaspersky security products that can potentially allow the remote deletion of files, even after both vendors claim to have patched the problem.
Threat Actor: N/A
Victim: Microsoft and Kaspersky
Key Point:
Researchers found that Microsoft Defender and Kaspersky’s Endpoint Detection and Response (EDR) can be manipulated to detect false positive indicators of malicious files and delete them.…Organizations are increasingly turning to cloud computing for IT agility, resilience and scalability. Amazon Web Services (AWS) stands at the forefront of this digital transformation, offering a robust, flexible and cost-effective platform that helps businesses drive growth and innovation.
However, as organizations migrate to the cloud, they face a complex and growing threat landscape of sophisticated and cloud-conscious threat actors.…
The cloud presents opportunities for agility and scalability, but its shared responsibility model exposes organizations to new security challenges. In the face of these threats, security operation teams must retain the knowledge of cloud incident response as it will be necessary.…
Passbolt, an Open Source Password Manager, is using the Pwned Passwords service from HaveIBeenPwned to alert users if their password is present in a previous data breach. Pwned Passwords API is based on a mathematical property known as k-Anonymity guaranteeing that it never gains enough information about a non-breached password hash to be able to breach it later.…
AhnLab SEcurity intelligence Center (ASEC) confirmed that abnormally sized link files (*.LNK) that spread backdoor-type malware are being steadily distributed. It is confirmed that the recently confirmed link file (*.LNK) is being distributed to domestic users, especially people related to North Korea. The confirmed LNK file name is as follows.…
Identifier: TRR240402.
SummaryWe have been closely monitoring the activities of the Iranian state-sponsored threat actor MuddyWater since the beginning of 2024. Our investigations reveal an active campaign that has been ramping up since October 2023, aligning with the Hamas attack that took place that month1.…
Summary: Veriti Research has discovered a surge in attacks from operators of the Androxgh0st malware family, with over 600 servers compromised primarily in the U.S., India, and Taiwan. The threat actor behind Androxgh0st has been exploiting multiple vulnerabilities to deploy web shells on vulnerable servers and gain remote control capabilities.…
We continue covering the activities of the APT group ToddyCat. In our previous article, we described tools for collecting and exfiltrating files (LoFiSe and PcExter). This time, we have investigated how attackers obtain constant access to compromised infrastructure, what information on the hosts they are interested in, and what tools they use to extract it.…
Summary: Richard Horne has been announced as the next CEO of Britain’s National Cyber Security Centre (NCSC), becoming the agency’s third permanent chief executive and the first person with formal academic training in cybersecurity to lead the NCSC.
Threat Actor: N/A Victim: N/A
Key Point:
Richard Horne, with a PhD in mathematics and cryptography, will become the next CEO of Britain’s NCSC, bringing his experience from PwC UK’s cybersecurity practice and Barclays Bank.…Summary: Hackers are targeting messaging apps used by the Ukrainian armed forces in an attempt to plant data-stealing malware, according to a report from CERT-UA.
Threat Actor: UAC-0184 | UAC-0184 Victim: Ukrainian armed forces | Ukrainian armed forces
Key Point :
Hackers identified as UAC-0184 are targeting Ukrainian armed forces’ messaging apps with data-stealing malware.…Summary: Cybersecurity researchers have discovered almost 30 phishing websites that are impersonating the electronic toll collection service E-ZPass, following an FBI warning about smishing attacks targeting road toll collection services.
Threat Actor: Unknown threat actor | Unknown threat actor Victim: E-ZPass customers and users of road toll collection services
Key Point :
Cybersecurity researchers have identified nearly 30 newly created domains related to tolls, 15 of which are likely to be used for phishing, malware, or spam.…Curated bookmark list categorized by area and event monitoring, person of interest search, corporate profiling, mapping, AI, intelligence analysis, reporting tools, collective tools, cryptocurrency, country specific, verification and fact-checking.
They are broken down into appropriate categories such as:
area and event monitoringperson of interest searchcorporate profilingmappingartificial intelligenceintelligence analysisreporting toolscollective toolscryptocurrencycountry specificverification and fact-checking.…Attackers are constantly seeking new vulnerabilities to compromise Kubernetes environments. Microsoft recently uncovered an attack that exploits new critical vulnerabilities in OpenMetadata to gain access to Kubernetes workloads and leverage them for cryptomining activity.
OpenMetadata is an open-source platform designed to manage metadata across various data sources.…