Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
Summary: This content discusses a severe logging configuration flaw, CVE-2021-44832, in Apache Log4j2 that could have a significant impact on the financial industry.
Threat Actor: N/A
Victim: N/A
Key Point :
The vulnerability, CVE-2021-44832, allows remote attackers to execute malicious code on affected systems by exploiting a logging configuration flaw in Apache Log4j2.…We have observed active exploitation attempts targeting three high-severity CVEs: CVE-2024-2194, CVE-2023-6961, and CVE-2023-40000. These vulnerabilities are found in various WordPress plugins and are prone to unauthenticated stored cross-site scripting (XSS) attacks due to inadequate input sanitization and output escaping, making it possible for attackers to inject malicious scripts.…
Authored by Dexter Shin
Many government agencies provide their services online for the convenience of their citizens. Also, if this service could be provided through a mobile app, it would be very convenient and accessible. But what happens when malware pretends to be these services?
McAfee Mobile Research Team found an InfoStealer Android malware pretending to be a government agency service in Bahrain.…
Summary: This article discusses the threat of cryptocurrency fraud, endpoint security, and fraud management & cybercrime.
Threat Actor: North Korea’s Lazarus Group | North Korea’s Lazarus Group Victim: Not specified | N/A
Key Point :
Cryptomining malware, potentially originating from North Korea’s Lazarus Group, is targeting edge devices.…Threat Actor: Unknown | Unknown Victim: Windows users | Windows users Price: $120,000 Exfiltrated Data Type: Not specified
Additional Information:
The exploit targets multiple versions of Windows, including the latest releases such as Windows Server 2022, Windows 11, and Windows 10. The exploit claims to raise privileges from medium to system level in just 2 seconds with a success rate of 99.4%.…Summary: Researchers have discovered a macOS version of the LightSpy spyware that has been active since January 2024, with threat actors using publicly available exploits to deliver the spyware and exfiltrate private information from devices.
Threat Actor: LightSpy | LightSpy Victim: macOS users | macOS
Key Point :
The macOS version of LightSpy spyware has been active since January 2024.…Summary: Cloudflare’s threat intel team has stopped a month-long phishing and espionage attack targeting Ukraine, attributed to the Russia-aligned gang FlyingYeti, which aimed to exploit financially vulnerable citizens who had benefited from a government moratorium on evictions and utility disconnections for unpaid debt.
Threat Actor: FlyingYeti | FlyingYeti Victim: Financially strapped citizens in Ukraine | Ukraine
Key Point :
FlyingYeti, a Russia-aligned gang, launched a phishing and espionage attack targeting financially vulnerable citizens in Ukraine who had benefited from a government moratorium on evictions and utility disconnections for unpaid debt.…Summary: Okta warns of credential stuffing attacks targeting its Customer Identity Cloud (CIC) feature since April, which poses a risk of exposing sensitive data or enabling fraudulent activities.
Threat Actor: Unknown | credential stuffing attacks Victim: Okta | Okta
Key Point :
Okta has observed credential stuffing attacks targeting its Customer Identity Cloud (CIC) feature since April.…Summary: A threat actor known as “phant0m” is promoting a new Ransomware-as-a-Service (RaaS) called “SpiderX,” which is designed to be more advanced and harder to detect than its predecessor, Diablo ransomware.
Threat Actor: phant0m | phant0m Victim: N/A
Key Point :
A threat actor named phant0m is advertising a new Ransomware-as-a-Service (RaaS) called SpiderX on the dark web forum OnniForums.…Lumen Technologies’ Black Lotus Labs identified a destructive event, as over 600,000 small office/home office (SOHO) routers were taken offline belonging to a single internet service provider (ISP). The incident took place over a 72-hour period between October 25-27, rendered the infected devices permanently inoperable, and required a hardware-based replacement.…
Update 31.05.2024: Added clarification on severity of the vulnerability, recommendations and mitigations. A Proof of Concept (POC) to exploit the vulnerability is now publicly available. CVSS score has been increased from 7.5 to 8.6. Updated Check Point support links.
A critical vulnerability has been discovered in Check Point Security Gateways with Remote Access VPN enabled, also referred to as the “Mobile Access” blade.…
A critical vulnerability was found in the Replicate AI platform that could have exposed the private AI models and application data of all its customers.
The vulnerability stemmed from challenges in tenant separation, a recurring issue in AI-as-a-service platforms.
By exploiting this, attackers could have gained unauthorized access to user prompts and the corresponding AI results, as the security flaw was responsibly disclosed to Replicate and promptly addressed, with no customer data compromised. …
On May 28, 2024, Check Point published an advisory for CVE-2024-24919, a high-severity information disclosure vulnerability affecting Check Point Security Gateway devices configured with either the “IPSec VPN” or “Mobile Access” software blade.
On May 29, 2024, security firm mnemonic published a blog reporting that they have observed in-the-wild exploitation of CVE-2024-24919 since April 30, 2024, with threat actors leveraging the vulnerability to enumerate and extract password hashes for all local accounts, including accounts used to connect to Active Directory.…
Global law enforcement recently announced Operation Endgame, a widespread effort to disrupt malware and botnet infrastructure and identify the alleged individuals associated with the activity. In a press release, Europol called it the “largest ever operation against botnets, which play a major role in the deployment of ransomware.”…
Summary: This content discusses the components of cyber risk management, including risk assessments, processes and controls, and monitoring and review requirements.
Threat Actor: N/A
Victim: N/A
Key Point :
Cyber risk management involves conducting comprehensive risk assessments. Processes and controls, such as policies, are important components of cyber risk management.…Summary: RansomLord is an open-source tool that automates the creation of PE files to exploit ransomware pre-encryption, aiming to demonstrate vulnerabilities in ransomware and help build anti-ransomware defenses.
Threat Actor: hyp3rlinx | hyp3rlinx Victim: N/A
Key Point :
RansomLord leverages DLL hijacking tactics used by cybercriminals and deploys exploits to defend networks, providing a novel strategy against ransomware.…Summary: This content discusses the unintended consequences of the growing number of software vulnerabilities reported and maintained as common vulnerabilities and exposures (CVEs) in cybersecurity.
Threat Actor: N/A Victim: N/A
Key Point :
The increasing number of software vulnerabilities reported as CVEs poses challenges in terms of managing and prioritizing them effectively.…Water Sigbin (aka the 8220 Gang) exploited Oracle WebLogic vulnerabilities to deploy a cryptocurrency miner using a PowerShell script. The threat actor also adopted new techniques to conceal its activities, making attacks harder to defend against.
SummaryWater Sigbin exploited the vulnerabilities CVE-2017-3506 and CVE-2023-21839 to deploy a cryptocurrency miner via a PowerShell script.…In a dramatic turn of events, hackers have claimed a massive data breach involving Ticketmaster, allegedly exposing the details of 560 million users and their payment card information.
This claim has catapulted BreachForums into the spotlight, providing the platform with the quick attention it needs to boost its user numbers and reputation.…
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats within minutes.
We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.…