CREDENTIAL – Cybersecurity News Everyday

PayPal to pay million settlement over 2022 data breach

PayPal to pay $2 million settlement over 2022 data breach

January 26, 2025 LeakNews

Summary: New York State has reached a $2 million settlement with PayPal due to its failure to comply with cybersecurity regulations, which resulted in a significant data breach in 2022. The breach was attributed to security gaps that allowed credential stuffing attacks, compromising sensitive customer information.…

Cyber Security News

Cybersecurity News Review, Week 4 (2025)

January 25, 2025January 25, 2025 iocOne

This week’s cybersecurity overview includes critical vulnerabilities in various software and hardware, exploits of chained vulnerabilities, record-high DDoS attacks, and a notable ransomware surge, particularly impacting education and utilities. The article emphasizes the necessity for improved security measures across affected sectors. Affected: 7-Zip, Asus, Ivanti Cloud Service Appliances, Cisco, Cambium Networks, ABB, UK Education Sector, PowerSchool, US Utilities, Russia, Iran

Keypoints :

7-Zip has a critical vulnerability (CVE-2025–0411) that allows code execution by bypassing the Mark of the Web security feature.…

Trash

Arctic Wolf Observes Campaign Exploiting SimpleHelp RMM Software for Initial Access – Arctic Wolf

January 25, 2025 iocOne

On January 22, 2025, Arctic Wolf observed a campaign exploiting vulnerabilities in SimpleHelp RMM software for unauthorized access. Several serious vulnerabilities had been disclosed just prior, potentially allowing attackers to leverage administrative privileges. While it’s uncertain if these vulnerabilities are responsible, Arctic Wolf urges users to upgrade their software to mitigate risks.…

Threat Research

Burp Suite Other Modules Thm

January 25, 2025January 25, 2025 iocOne

The article provides an in-depth overview of the Burp Suite’s lesser-known modules, focusing on the Decoder, Comparer, Sequencer, and Organizer tools. Each tool serves a unique function: the Decoder for encoding/decoding data, the Comparer for data comparison, the Sequencer for evaluating token randomness, and the Organizer for managing HTTP requests for future reference.…

Threat Research

Anatomy of an Exploit Chain: CISA, FBI Detail Ivanti CSA Attacks

January 25, 2025 Cyble

Threat actors exploited four vulnerabilities in Ivanti Cloud Service Appliances (CSA) to conduct attacks on multiple organizations in September. The FBI and CISA have issued an advisory urging users to upgrade their systems and implement threat hunting techniques. The vulnerabilities, suspected to be linked to sophisticated nation-state actors, were used to gain access, execute code, and implant web shells.…

Threat Research

GitHub’s Dark Side: Unveiling Malware Disguised as Cracks, Hacks, and Crypto Tools | McAfee Blog

January 25, 2025January 25, 2025 McAfee

This article discusses how cybercriminals exploit GitHub to distribute malware disguised as game hacks and cracked software. McAfee Labs identified multiple repositories that lure users with enticing offers, ultimately leading to the installation of Lumma Stealer variants. The article emphasizes the importance of user education and protective measures against such threats.…

Threat Research

Fortify Your APIs: How BeVigil Secured a Logistics Giant from Critical Vulnerabilities

January 25, 2025 CloudSek

This article emphasizes the critical importance of API security, highlighting how misconfigurations can lead to significant vulnerabilities and potential data breaches. It discusses a case study where BeVigil helped a logistics company identify and rectify a major API security gap involving the Kong API Gateway. Affected: Kong API Gateway

Keypoints :

APIs are essential for modern business operations, facilitating integrations and service delivery.…

Interesting Stuff

Practical Application of the MITRE ATT&CK Framework for SOC/Cybersecurity Analysts: Mapping Techniques to Real-World Threats

January 25, 2025January 25, 2025 iocOne

This article highlights a significant gap in threat detection capabilities within SIEM technologies, which reportedly only cover 19% of the MITRE ATT&CK techniques. Focusing on the MOVEit Transfer attack in 2023, it illustrates the importance of the MITRE ATT&CK framework for cybersecurity analysts in mapping real-world threats, enhancing detection rules, and improving incident response strategies.…

PayPal penalized million over data breach involving 35K Social Security numbers

Cyber Attack

PayPal penalized $2 million over data breach involving 35K Social Security numbers

January 25, 2025January 25, 2025 CybersecurityNews

Summary: PayPal has agreed to pay a $2 million penalty following a cybersecurity incident in December 2022 that exposed thousands of Social Security numbers. The breach was attributed to a credential stuffing attack, which exploited vulnerabilities in the company’s platform due to recent changes. New York regulators emphasized the importance of qualified cybersecurity personnel and proper training to prevent such incidents in the future.…

Threat Research

From Noise to Clarity: The Value of MalOp™ Technology in Modern Cyber Defense

January 24, 2025 Cybereason

This article discusses the latest MITRE ATT&CK® Evaluations for 2024, focusing on advanced threats such as ransomware and macOS attacks. It highlights Cybereason’s MalOp™ technology, which offers a comprehensive view of attacker activities, enhancing security operations by reducing alert fatigue and improving incident response. Affected: Windows, macOS

Keypoints :

The MITRE ATT&CK® Evaluations assess how well security vendors combat advanced threats.…

Cyber Attack

Multiple Cybersecurity Giants’ Account Credentials Leaked and Sold on Dark Web; Ministry of Industry and Information Technology Warns: Beware of Androxgh0st Botnet Risks | NiuLan – Security Niu

January 24, 2025January 25, 2025 iocOne

A recent report reveals that multiple cybersecurity firms have had their account credentials leaked and are being sold on the dark web. This poses risks not only to the companies involved but also to their customers. Additionally, the Ministry of Industry and Information Technology highlights the ongoing threat of the Androxgh0st botnet, which targets IoT devices and network infrastructure.…

Cyber Security News

CVE-2024-8963, CVE-2024-9379, CVE-2024-8190, and CVE-2024-9380 Detection: CISA and FBI Warn Defenders of Two Exploit Chains Using Critical Ivanti CSA Vulnerabilities – SOC Prime

January 24, 2025January 25, 2025 iocOne

Recent vulnerabilities in Ivanti Cloud Service Appliances (CSA) pose significant risks, allowing adversaries to exploit them through various chains. The CISA and FBI alert highlights the need for immediate action, as attackers have been able to gain access, execute remote code, and compromise sensitive networks. Affected: Ivanti Cloud Service Appliances, Enterprise Security

Keypoints :

Ivanti Cloud Service Appliances (CSAs) face critical vulnerabilities tracked as CVE-2024-8963, CVE-2024-9379, CVE-2024-8190, and CVE-2024-9380.…

Trash

CTI REPORT – LockBit 3.0

January 24, 2025January 24, 2025 iocOne

LockBit 3.0 ransomware primarily targets Windows systems, exploiting vulnerabilities in Active Directory and Microsoft Exchange Server. It employs various tactics for initial access, data encryption, and data exfiltration, threatening victims with public data leaks unless ransoms are paid. LockBit has been particularly active in sectors such as healthcare, finance, and critical infrastructure, leveraging advanced techniques to evade detection.…

Cyber Security News

Beware: Fake CAPTCHA Campaign Spreads Lumma Stealer in Multi-Industry Attacks

January 24, 2025January 25, 2025 CybersecurityNews

Summary: A new malware campaign utilizing fake CAPTCHA verification is delivering the Lumma information stealer globally, targeting various industries including healthcare and banking. The attack begins with victims being tricked into executing commands that download and run malicious files, evading browser defenses. The Lumma Stealer operates as malware-as-a-service, complicating detection efforts through diverse delivery methods and social engineering tactics.…

Threat Research

“Crazy Evil” Cryptoscam Gang: Unmasking a Global Threat in 2024

January 24, 2025 RecordedFuture

The “Crazy Evil” cryptoscam gang has become a leading threat in the cybercriminal landscape since 2021, focusing on cryptocurrency theft and identity fraud through sophisticated phishing and malware tactics. The group operates through six subteams, employing advanced tools and social engineering to target specific victim profiles, particularly in the cryptocurrency sector.…

Threat Research

Smishing Threats Targeting INPS: Hunt for Personal Documents for Identity Theft

January 23, 2025 Italy-Cert-agid

A recent smishing campaign in Italy is exploiting the INPS name and logo to deceive victims into providing personal and financial information. The fraudulent SMS messages prompt users to update their information under the threat of account suspension, leading them to a fake website. The stolen data is used for identity theft and other fraudulent activities.…

Cyber Attack

How to Eliminate Identity-Based Threats

January 23, 2025January 25, 2025 LeakNews

Summary: Credential and user-based attacks are a major threat to enterprises, accounting for 50-80% of breaches. Traditional security measures focus on risk reduction rather than prevention, leaving organizations vulnerable. However, modern authentication technologies now offer a paradigm shift that can fully eliminate identity-based threats, transforming identity security practices.…

Cyber Security News

Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9)

January 23, 2025January 25, 2025 CybersecurityNews

Summary: Cisco has issued critical software updates to address a privilege escalation vulnerability (CVE-2025-20156) in its Meeting Management system, allowing remote attackers to gain administrator access. Additionally, patches were released for a denial-of-service (DoS) flaw in BroadWorks and an integer underflow bug in ClamAV. The vulnerabilities highlight ongoing security challenges faced by organizations using Cisco products.…

Threat Research

Fileless Malware Nedir? S1Ep2 Cobalt Kitty Operasyonu

January 23, 2025January 23, 2025 iocOne

This article examines “Operation Cobalt Kitty,” a sophisticated cyberattack targeting financial companies in Asia. The attackers primarily employed fileless malware, spear-phishing, and DNS tunneling techniques to gain access to sensitive systems and maintain persistence. The operation exemplifies the potential damage posed by fileless malware and highlights the lack of detection by existing security measures.…

Tag: CREDENTIAL