Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
Summary: The Cybersecurity and Infrastructure Security Agency (CISA) has reported success with its Ransomware Vulnerability Warning Pilot program, which proactively notifies organizations about potential vulnerabilities to ransomware attacks.
Threat Actor: N/A
Victim: N/A
Key Point :
The Ransomware Vulnerability Warning Pilot program, launched in January 2023, aims to identify organizations with internet-accessible vulnerabilities commonly associated with known ransomware actors.…Summary: The Russian independent news website Meduza is facing repeated attempts to disrupt its digital infrastructure, including distributed denial-of-service (DDoS) attacks, which are believed to be orchestrated by the Russian authorities.
Threat Actor: Russian authorities | Russian authorities Victim: Meduza | Meduza
Key Point :
Meduza has been targeted by a series of DDoS attacks, which have intensified and continued even after the Russian presidential election in March.…Summary: The content discusses a controversial executive order proposed by the White House that aims to require U.S. cloud companies to closely monitor the identities of their customers, in response to the cybersecurity threat posed by Chinese and Russian hackers using U.S. cloud infrastructure.
Threat Actor: Chinese and Russian hackers | Chinese and Russian hackers Victim: U.S.…
Summary: Cybercriminals are using fake “verification” apps in online dating scams to steal information and money, according to the FBI. This scam is similar to romance scams and pig butchering schemes that have become increasingly prevalent in recent years.
Threat Actor: Cybercriminals
Victim: Individuals using online dating websites or apps
Key Point :
Cybercriminals meet victims on dating platforms and quickly try to move conversations to an encrypted service.…Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats within minutes.
We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.…
In the previous article https://8ksec.io/dissecting-windows-malware-series-process-injections-part-2/, we introduced the mechanism of Process Injection that malware use to achieve Stealth and Evasion. We saw direct implementation of:
Process InjectionProcess HollowingAnd the use of other interesting Stealth associated mechanism.
What’s In It For Me❓We’ll see how malware utilize complex encryption algorithms like AES and “seemingly simpler” encryption methods like Base64 to conceal their functionalities.…
On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants.…
Summary: The Department of Justice has announced the arrest of the founders of Samourai Wallet, a cryptocurrency mixing service that allegedly facilitated money laundering and sanctions evasion, obscuring the origins of at least $100 million in criminal proceeds.
Threat Actor: Samourai Wallet | Samourai Wallet Victim: N/A
Key Point :
The founders of Samourai Wallet, Keonne Rodriguez and William Lonergan Hill, created features explicitly designed to help criminals engage in large-scale money laundering and sanctions evasion.…Summary: A new report by Netacea reveals that 93% of security leaders expect to face daily AI-driven cyber-attacks by the end of 2024, with offensive AI becoming the norm for cybercriminals. Ransomware is identified as the most likely threat vector to be powered by AI.
Threat Actor: Cybercriminals
Victim: Businesses
Key Points:
93% of security leaders anticipate daily AI-driven cyber-attacks by the end of 2024.…Summary: This content discusses the security analysis of Microsoft Warbird and Protected Media Path technologies conducted by Security Explorations, a research lab of AG Security Research company. It highlights the vulnerabilities discovered in these technologies and their potential impact on content security.
Threat Actor: Security Explorations | Security Explorations Victim: Microsoft | Microsoft
Key Point:
The research conducted by Security Explorations revealed several deficiencies in Microsoft Warbird and Protected Media Path technologies, which could be exploited to gain access to plaintext content keys protected by PlayReady DRM in Windows OS environment.…Summary: The U.S. cybersecurity agency has ordered federal agencies to patch three vulnerabilities being exploited by hackers, including two Cisco product vulnerabilities and one vulnerability affecting CrushFTP file transfer tool. The vulnerabilities are being exploited by a state-sponsored threat actor known as UAT4356 or ArcaneDoor.
Threat Actor: UAT4356 or ArcaneDoor | UAT4356 Victim: Federal civilian agencies | Federal civilian agencies
Key Point :
The Cybersecurity and Infrastructure Security Agency (CISA) has given federal agencies until May 1 to patch three vulnerabilities being exploited by hackers, including two Cisco product vulnerabilities and one vulnerability affecting CrushFTP file transfer tool.…Summary: Chinese and Russian hackers are increasingly targeting edge devices such as VPN appliances, firewalls, routers, and IoT tools in espionage attacks, according to a report by Google security firm Mandiant.
Threat Actor: Chinese and Russian hackers | Chinese and Russian hackers Victim: Various organizations | various organizations
Key Points:
Chinese and Russian hackers have shifted their tactics from targeting employees with phishing emails to finding zero-day vulnerabilities in commonly used devices.…Summary: An unidentified attacker hacked a Czech news service’s website and published a fake story claiming an assassination attempt on the newly elected Slovak president Petr Pellegrini.
Threat Actor: Unidentified | Unidentified Victim: Czech News Agency (CTK) | Czech News Agency
Key Point :
An unidentified attacker hacked the website of Czech news service, CTK, and posted a fake story about an assassination attempt on Slovak president Petr Pellegrini.…Morphisec has successfully identified and prevented a new variant of IDAT loader. …
Microsoft Threat Intelligence is publishing results of our longstanding investigation into activity by the Russian-based threat actor Forest Blizzard (STRONTIUM) using a custom tool to elevate privileges and steal credentials in compromised networks. Since at least June 2020 and possibly as early as April 2019, Forest Blizzard has used the tool, which we refer to as GooseEgg, to exploit the CVE-2022-38028 vulnerability in Windows Print Spooler service by modifying a JavaScript constraints file and executing it with SYSTEM-level permissions.…
In the 1960s and ’70s, the US firearms market saw an influx of cheaply-made, imported handguns. Legislators targeted the proliferation of these inexpensive and frequently unreliable weapons, ostensibly because they were believed to pose a risk to their owners and facilitate criminality. This was not an issue unique to the US or to that time period, of course; in the UK, where handguns are now strictly regulated, criminals often resort to reactivated, or even home-made or antique, firearms.…
CrowdStrike Falcon Next-Gen SIEM, the definitive AI-native platform for detecting, investigating and hunting down threats, enables advanced detection of ransomware targeting VMware ESXi environments. …
Summary: This content discusses the APT29 campaign targeting political parties using the WINELOADER backdoor, providing detailed analysis of the TTPs employed by APT29 and offering detection and response strategies.
Threat Actor: APT29 | APT29 Victim: Political parties | political parties
Key Point :
The APT29 campaign involves the use of the WINELOADER backdoor to target political parties.…Written by: Beleswar Prasad Padhi, Tina Johnson, Michael Bailey, Elliot Chernofsky, Blas Kojusner
FakeNet-NG is a dynamic network analysis tool that captures network requests and simulates network services to aid in malware research. The FLARE team is committed to maintaining and updating the tool to improve its capabilities and usability.…
Summary: Richard Horne has been announced as the next CEO of Britain’s National Cyber Security Centre (NCSC), becoming the agency’s third permanent chief executive and the first person with formal academic training in cybersecurity to lead the NCSC.
Threat Actor: N/A Victim: N/A
Key Point:
Richard Horne, with a PhD in mathematics and cryptography, will become the next CEO of Britain’s NCSC, bringing his experience from PwC UK’s cybersecurity practice and Barclays Bank.…