Tag: CREDENTIAL

Credential Dumping: GMSA
ReadGMSAPassword is a technique where attackers exploit misconfigured Group Managed Service Accounts (gMSA) in Active Directory to access their passwords, enabling lateral movement and privilege escalation. Attackers can utilize these credentials for various malicious activities, including Pass-the-Hash attacks, if permissions are not correctly configured. Proper security measures and monitoring are crucial to preventing these vulnerabilities.…
Read More
How To Bypass Windows UAC With UACMe
This article discusses bypassing User Account Control (UAC) in Windows using the UACMe tool, developed by @hfire0x. It explains UAC’s purpose in Windows security and details the steps to exploit its vulnerabilities, specifically for educational purposes. Affected: Windows Operating System

Keypoints :

User Account Control (UAC) was introduced in Windows Vista to prevent unauthorized system changes.…
Read More
Signed Sideloaded Compromised
This article outlines a sophisticated multi-stage cyber attack characterized by the use of vishing, remote access tools, and legitimate software exploitation to gain unauthorized access and maintain persistence. The attack involved delivering malicious payloads through Microsoft Teams, using Quick Assist for remote access, and deploying malware including TeamViewer and a JavaScript-based command and control backdoor.…
Read More
Australian pension funds hit by wave of credential stuffing attacks
Summary: A wave of credential stuffing attacks affected multiple large Australian superannuation funds over the weekend, compromising thousands of member accounts. Despite most attempts being repelled, it is reported that over 20,000 accounts were breached, with members losing some savings. Several major funds have taken immediate action to secure affected accounts and advise members on online security measures.…
Read More
Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware
Summary: Ivanti has patched a critical security vulnerability (CVE-2025-22457) in its Connect Secure systems, which is being actively exploited to execute arbitrary code. The vulnerability affects multiple Ivanti products and has prompted warnings to customers regarding security monitoring and potential compromises. Mandiant has linked the exploitation of this vulnerability to the China-nexus threat group UNC5221, which has a history of exploiting zero-day vulnerabilities in similar devices.…
Read More
OH-MY-DC: OIDC Misconfigurations in CI/CD
Unit 42’s investigation into OpenID Connect (OIDC) within CI/CD environments revealed significant vulnerabilities that could allow threat actors unauthorized access to restricted resources. Key risks stem from loose identity federation policies, reliance on user-controllable claim values, and potential exploitation of poisoned pipeline execution. It is critical for organizations to strengthen OIDC policies and CI/CD security.…
Read More
AustralianSuper, Rest, ART Among Victims in Widespread Superannuation Cyberattacks
Summary: A series of cyberattacks have targeted some of Australia’s largest superannuation funds, compromising over 20,000 member accounts, with significant impacts reported by AustralianSuper and Australian Retirement Trust. In response, affected organizations have implemented immediate protective measures and are working closely with national authorities to secure member information.…
Read More
Australian Pension Funds Hacked
Summary: Major Australian pension funds have been targeted in a hacking campaign that compromised thousands of customer accounts, raising alarms about the security of the A.2 trillion retirement sector. Notably, AustralianSuper and REST Super reported unauthorized access to member accounts, attributed to credential stuffing techniques. The incident highlights the urgent need for improved cyber hygiene among both financial institutions and their clients.…
Read More
Outlaw Linux Malware: Persistent, Unsophisticated, and Surprisingly Effective — Elastic Security Labs
OUTLAW is a persistent, auto-propagating coinminer that utilizes simple techniques such as SSH brute-forcing and modification of commodity miners for infection and persistence. By deploying a honeypot, researchers gained insights into how OUTLAW operates, revealing the malware’s ability to maintain control and expand its botnet with basic tactics.…
Read More
Wiz Threat Research has identified an ongoing campaign by the threat actor JINX-0126, targeting poorly configured and publicly exposed PostgreSQL servers. By exploiting weak login credentials, the actor gains access to deploy XMRig-C3 cryptominers, impacting over 1,500 victims. The attacker employs advanced techniques to evade detection while continuously scanning for vulnerable systems.…
Read More
Malloc Privacy Weekly
This week’s analysis highlights various cybersecurity threats, including the targeting of Serbian journalists with Pegasus spyware and the emergence of the Crocodilus mobile banking Trojan, which exploits accessibility services to steal sensitive data. Furthermore, significant privacy breaches have occurred across multiple platforms, including dating apps and financial services, raising alarm over user data security.…
Read More
Tiny Habits, Cybersecurity: The Little Things in our Cyber Hygiene
The global spending on cybersecurity is set to exceed .63 trillion by 2029, primarily due to basic cybersecurity failures rather than sophisticated attacks. Common vulnerabilities exploited include those in file transfer software, VPNs, and other systems, highlighting the critical need for organizations to improve their cyber hygiene practices like patching and proper configurations.…
Read More
Threat actors leverage tax season to deploy tax-themed phishing campaigns
As the tax season approaches in the U.S., Microsoft has noted an increase in phishing campaigns using tax-related themes to steal sensitive information and deploy malware. These campaigns exploit various techniques, including URL shorteners, QR codes, and legitimate file-hosting services to evade detection. The reported threats include credential theft linked to platforms like RaccoonO365 and various malware types such as Remcos and Latrodectus.…
Read More
Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware
Summary: Microsoft has issued warnings about multiple phishing campaigns utilizing tax-related themes to distribute malware and steal credentials. These campaigns employ sophisticated methods like URL shorteners and QR codes to mask malicious intent while targeting thousands of organizations, especially in the U.S. The attacks often involve a phishing-as-a-service platform, RaccoonO365, and various malware types, including remote access trojans and information stealers.…
Read More
This advisory addresses the significant threat posed by the “fast flux” technique, used by malicious cyber actors to evade detection and maintain command and control infrastructure. Fast flux enables the rapid alteration of DNS records, complicating tracking and blocking actions. The advisory calls for collaborative efforts from government entities and service providers to enhance detection and mitigation capabilities against fast flux activities.…
Read More
BeaverTail and Tropidoor Malware Distributed via Recruitment Emails
This article discusses a malware distribution incident involving North Korean attackers who impersonated a recruitment email from Dev.to to deploy BeaverTail malware and a downloader named car.dll. The compromised project revealed malicious content, prompting community disclosure. BeaverTail is primarily used for information theft and is often spread through phishing attacks disguised as job offers.…
Read More
My book on Cyber Threat Intel, that never quite made it as a book, Chapter 1.1
This content explores the significance of Cyber Threat Intelligence (CTI) in improving organizational security and understanding the threat landscape. It delves into the motivations of various types of threat actors, their tactics, and how to effectively mitigate risks. The goal is to provide a comprehensive guide that enhances awareness and proactive measures against cyber threats.…
Read More
Emulating the Sophisticated Russian Adversary Seashell Blizzard
Seashell Blizzard, also known as APT44, is a highly sophisticated Russian adversary linked to military intelligence, targeting various critical sectors to conduct espionage through persistent access and custom tools. The AttackIQ assessment template helps organizations validate their security against this threat. Affected: energy, telecommunications, government, military, transportation, manufacturing, retail sectors.…
Read More

Summary: The video discusses the recent developments in security related to various topics, including a ransomware attack on Kuala Lumpur’s International Airport, the hacking of Troy Hunt’s Have I Been Pwned website, and the European Union’s potential shift towards a Linux-based operating system for public sector use.…
Read More