Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
Summary: Richard Horne has been announced as the next CEO of Britain’s National Cyber Security Centre (NCSC), becoming the agency’s third permanent chief executive and the first person with formal academic training in cybersecurity to lead the NCSC.
Threat Actor: N/A Victim: N/A
Key Point:
Richard Horne, with a PhD in mathematics and cryptography, will become the next CEO of Britain’s NCSC, bringing his experience from PwC UK’s cybersecurity practice and Barclays Bank.…Summary: Hackers are targeting messaging apps used by the Ukrainian armed forces in an attempt to plant data-stealing malware, according to a report from CERT-UA.
Threat Actor: UAC-0184 | UAC-0184 Victim: Ukrainian armed forces | Ukrainian armed forces
Key Point :
Hackers identified as UAC-0184 are targeting Ukrainian armed forces’ messaging apps with data-stealing malware.…Summary: Cybersecurity researchers have discovered almost 30 phishing websites that are impersonating the electronic toll collection service E-ZPass, following an FBI warning about smishing attacks targeting road toll collection services.
Threat Actor: Unknown threat actor | Unknown threat actor Victim: E-ZPass customers and users of road toll collection services
Key Point :
Cybersecurity researchers have identified nearly 30 newly created domains related to tolls, 15 of which are likely to be used for phishing, malware, or spam.…Curated bookmark list categorized by area and event monitoring, person of interest search, corporate profiling, mapping, AI, intelligence analysis, reporting tools, collective tools, cryptocurrency, country specific, verification and fact-checking.
They are broken down into appropriate categories such as:
area and event monitoringperson of interest searchcorporate profilingmappingartificial intelligenceintelligence analysisreporting toolscollective toolscryptocurrencycountry specificverification and fact-checking.…We have been tracking a threat actor who’s behind several malvertising campaigns impersonating popular software downloads. That advertiser uses different identities but their tactics, techniques and procedures are very similar from one campaign to the next.
We have connected this threat actor with the distribution of stealers, often indirectly using known loaders such as FakeBat for Windows, while using Atomic Stealer for Mac.…
Attackers are constantly seeking new vulnerabilities to compromise Kubernetes environments. Microsoft recently uncovered an attack that exploits new critical vulnerabilities in OpenMetadata to gain access to Kubernetes workloads and leverage them for cryptomining activity.
OpenMetadata is an open-source platform designed to manage metadata across various data sources.…
Date Reported: 2024-04-13 Country: USA Victim: DISB | Department of Insurance, Securities and Banking | tylertech.com Additional Information:
The Washington D.C. government agency, DISB, has confirmed that stolen and leaked data by the ransomware group LockBit originated from a third-party technology provider, Tyler Technologies. Tyler Technologies experienced a data breach affecting the cloud storage of client data for DISB’s STAR system.…Content :
Introduction to SOCWhat is a Use Case in SOC?Use Case Life CycleUse Case ManagementChallenges in Use Case ManagementBest PracticesIntroduction to SOC (Security Operation Center)A Security Operation Center (SOC) is a centralized unit within an organization dedicated to continuously monitoring, detecting, analyzing, and responding to cybersecurity incidents.…
Summary: This article discusses the rise of infostealer malware attacks and how cybercriminals are turning credential stealing into a profitable business. It highlights the increasing value of corporate credentials in the cybercrime market and the impact of these attacks on victims, particularly in the Asia-Pacific and Latin America regions.…
While most cloud CLI tools provide a one-to-one correlation between an API being invoked and a single corresponding API event being generated in cloud log telemetry, browser-based interactive console sessions differ profoundly across cloud providers in ways that obfuscate the original actions taken by the user.…
At its core, threat hunting is the practice of proactively searching for signs of malicious activities or indicators of compromise (IOCs) before threat actors gain a deep foothold within your organization’s environment.
This involves observing both attacker behaviors (e.g., evidence of lateral movement, privilege escalation attempts, anomalous user activity) and indicators (e.g.,…
Summary: Cheap ransomware is being sold on dark web forums, allowing inexperienced individuals to enter the world of cybercrime without the need for affiliates, posing a challenge for defenders.
Threat Actor: Inexperienced freelancers selling cheap ransomware on dark web forums.
Victim: Small companies and individuals who are unlikely to have the resources to defend themselves effectively.…
Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.…
Recently, NSFOCUS CERT detected that Palo Alto Networks issued a security announcement and fixed the command injection vulnerability (CVE-2024-3400) in PAN-OS. Since GlobalProtect gateway or portal configured in PAN-OS does not strictly filter user input, unauthenticated attackers can construct special packets to execute arbitrary code on the firewall with root privileges.…
On 15 April 2024, Fabian Bäumer and Marcus Brinkmann of Ruhr University Bochum identified a vulnerable implementation of DSA for certain elliptic curve configurations in the 0.68 – 0.80 versions of PuTTY SSH libraries. This vulnerability has been assigned CVE-2024-31497.
In this blog, you’ll find:
A list of potentially vulnerable software identified by the Stairwell platform and not mentioned in the NIST advisory Known vulnerable hashes A YARA rule created by Stairwell to aid in the detection of vulnerable binaries A brief overview of this supply chain vulnerabilityAs with the recent xz backdoor, a threat report with the known hashes and a YARA rule has already been added to the Stairwell platform to aid users in detection — enabling them to quickly find software supply chain vulnerabilities and software packages like these across their entire environment or have evidence of their absence.…
Since its discovery in early 2023, Akira ransomware has evolved from a seemingly ordinary addition to the ransomware landscape to a significant threat affecting a wide range of businesses and critical infrastructure entities. This evolution, coupled with its unique aesthetic on its leak site and communications, has drawn attention to its operations.…
Summary: This blog post discusses a threat actor that used malvertising and DNS tunneling to distribute a backdoor named “MadMxShell” to target IT professionals in the IT security and network administration roles. The post provides details on the attack chain, technical analysis of the backdoor, infrastructure details, observed commands, indicators of compromise (IOCs), and coverage by Zscaler’s security platform.…
Summary: Armis has acquired Silk Security, a security prioritization and remediation vendor, to enhance its ability to address vulnerabilities and misconfigurations with AI and automation.
Threat Actor: N/A
Victim: N/A
Key Point :
Armis’ acquisition of Silk Security will help organizations respond to security threats by integrating and managing vast amounts of security data, prioritizing remediation effectively, and automating ticketing processes.…Summary: Hackers who appear to be Chinese are exploiting vulnerabilities in the OpenMetadata platform running on Kubernetes clusters to download cryptomining software, according to Microsoft.
Threat Actor: Chinese hackers | Chinese hackers Victim: OpenMetadata platform running on Kubernetes clusters | OpenMetadata platform
Key Point :
Hackers are exploiting vulnerabilities in the OpenMetadata platform running on Kubernetes clusters to download cryptomining software.…Summary: The U.S. food and agriculture sector experienced 167 ransomware attacks in 2023, making it the seventh most targeted sector in the country. The industry continues to face cyber threats, with 40 attacks reported in the first quarter of 2024.
Threat Actor: Ransomware gangs such as LockBit, BlackCat, Play, 8Base, and Akira have targeted the food and agriculture sector.…