Summary: New research has found that command-line interface (CLI) tools from Amazon Web Services (AWS) and Google Cloud can expose sensitive credentials in build logs, posing significant risks to organizations.

Threat Actor: LeakyCLI | LeakyCLI Victim: Organizations using AWS and Google Cloud CLI tools | AWS and Google Cloud CLI users

Key Point :

AWS and Google Cloud CLI commands can expose sensitive information in the form of environment variables, which can be collected by adversaries when published by tools such as GitHub Actions.…
Read More

Summary: A new campaign conducted by the TA558 hacking group is using steganography to hide malicious code inside images and deliver various malware tools onto targeted systems.

Threat Actor: TA558 | TA558 Victim: Various sectors and countries | SteganoAmor campaign

Key Point :

The TA558 hacking group is using steganography to conceal malicious code inside images and deliver malware tools.…
Read More

Identifier: TRR240401 

On March 25, 2024, the U.S. Department of Justice (DoJ) released an indictment of seven hackers associated with APT31, a “hacking group in support of China’s Ministry of State Security” (MSS) which has been active for 14 years. On the same day, the Department of Treasury enacted sanctions on several entities listed in the document.…

Read More

Victim: St. Cloud Florida Country: United States of America Actor: hunters Source: https://hunters55rdxciehoqzwv7vgyv6nt37tbwax2reroyzxhou7my5ejyid.onion/companies/1646187227 Discovered: 2024-04-16 07:44:20.814675 Description:

Country: United States of America Exfiltrated data: Yes Encrypted data: Yes

hunting, St. Cloud Florida, data exfiltration…

Read More

Summary: Palo Alto Networks has released hotfixes for a zero-day vulnerability that has been actively exploited since March 26th to backdoor PAN-OS firewalls.

Threat Actor: Unauthenticated threat actors

Victim: Palo Alto Networks

Key Point :

Palo Alto Networks has released hotfixes for a zero-day vulnerability that allows unauthenticated threat actors to gain root code execution on PAN-OS firewalls.…
Read More

Summary: The threat actor known as Muddled Libra is actively targeting software-as-a-service (SaaS) applications and cloud service provider (CSP) environments to exfiltrate sensitive data, using sophisticated social engineering techniques and reconnaissance tactics.

Threat Actor: Muddled Libra | Muddled Libra Victim: Various organizations using SaaS applications and CSP environments | N/A

Key Points:

Muddled Libra targets SaaS applications and CSP environments to exfiltrate sensitive data.…
Read More

Summary: Organizations using Delinea Secret Server are urged to update their installations immediately to fix a critical vulnerability that could allow attackers to bypass authentication and gain admin access to extract secrets.

Threat Actor: Unknown | Unknown Victim: Organizations using Delinea Secret Server | Delinea Secret Server

Key Point :

Delinea Secret Server has a critical vulnerability in its SOAP API that allows attackers to bypass authentication and gain admin access.…
Read More

Summary: Israeli auto cybersecurity startup, Upstream Security, has received an undisclosed investment from Cisco Investments as the demand for internet-connected vehicles and devices increases.

Threat Actor: N/A

Victim: N/A

Key Point :

Upstream Security, an Israeli auto cybersecurity startup, has received an investment from Cisco Investments to meet the growing demand for cybersecurity in internet-connected vehicles and devices.…
Read More

This video demonstrates a detailed hacking scenario where the presenter exploits Azure Managed Identities to gain unauthorized access to cloud resources. Here are the critical points covered in the video:

🌐 Initial Access and Exploitation: The presenter begins by exploiting a vulnerability in a PHP-powered Azure website, allowing the upload of a malicious PHP webshell.…
Read More

On Friday, April 12, Palo Alto Networks published an advisory on CVE-2024-3400, a CVSS 10 zero-day vulnerability in several versions of PAN-OS, the operating system that runs on the company’s firewalls. According to the vendor advisory, if conditions for exploitability are met, the vulnerability may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.…

Read More

The list comprises 25 influential figures in the technology sector, arranged by age from youngest to oldest. These individuals are recognized for their significant contributions across various areas of technology, including internet innovations, software development, consumer electronics, and digital services.

Their work has not only transformed how we interact with technology on a daily basis but also laid foundational advancements that define the modern digital era.…

Read More
Must-Read Cybersecurity Blogs [List of Blogs & Websites]

1. Unsupervised Learning

An experienced cybersecurity expert, consultant and writer, Miessler takes a personal approach on his blog with an “about me” page that not only details his professional interests but also his hobbies, interests and political views. His offerings include newsletters and essays on a variety of topics and a podcast called Unsupervised Learning that focuses on security and artificial intelligence.…

Read More

Threat Actor: Unknown | Unknown Victim: Palo Alto Networks | Palo Alto Networks Price: Not applicable Exfiltrated Data Type: Not applicable

Additional Information:

The vulnerability, designated as CVE-2024-3400, affects Palo Alto Networks’ PAN-OS software, specifically targeting the GlobalProtect feature. The vulnerability allows malicious actors to execute arbitrary code with root privileges on vulnerable firewalls.…
Read More

Summary: A 6-year-old vulnerability in the Lighttpd web server used in Baseboard Management Controllers (BMC) has been overlooked by device vendors, including Intel and Lenovo, potentially allowing attackers to bypass protection mechanisms and exfiltrate process memory addresses.

Threat Actor: N/A

Victim: Intel, Lenovo, and other system vendors using Baseboard Management Controllers (BMC)

Key Points:

A vulnerability in the Lighttpd web server used in BMCs has been discovered, allowing attackers to exfiltrate process memory addresses.…
Read More

Summary: This blog post discusses recent cyber attacks conducted by Iranian threat actors during the “Swords of Iron War” against Hamas terrorists. It highlights the use of the “DarkBeatC2” C2 framework by MuddyWater and provides insights into the attacks and their victims.

Threat Actor: Iranian threat actors | Iranian threat actorsVictim: Israeli companies in the private sector | Israeli companies

Key Points:

Iranian threat actors have increased their “hack and leak” fake hacktivist operations against Israeli companies during the “Swords of Iron War” against Hamas terrorists.…
Read More

Summary: This article discusses the importance of exposure management in cybersecurity and how organizations can prioritize their security efforts to protect their most vulnerable areas.

Threat Actor: N/A

Victim: N/A

Key Points:

Organizations need to implement asset identification and understand their assets’ security posture to effectively protect against cyber threats.…
Read More