Threat detection and response are critical components of a robust cybersecurity strategy. However, simply relying on automated detections is no longer enough to protect your organization from downtime.
To reduce the chances of business disruption from advanced and unknown threats, security teams must operationalize threat intelligence by conducting proactive, hypothesis-driven threat hunts.…
Affected Platforms: Microsoft WindowsImpacted Users: Microsoft WindowsImpact: The stolen information can be used for future attackSeverity Level: High
In January 2024, FortiGuard Labs collected a PDF file written in Portuguese that distributes a multi-functional malware known as Byakugan. While investigating this campaign, a report about it was published.…
Hihi 
! In this blog post, we’ll explore the functionality, features, and advantages of Incinerator, an advanced Android reverse engineering suite inspired by the success of Shambles.
Our mission is straightforward: we want an advanced hassle-free solution to reverse Android applications, especially malware. We need a tool that integrates decompilation, decryption, dynamic debugging, and vulnerability detection.…
In the last few years, there has been a dramatic rise (1300%) in supply chain attacks across multiple public repositories. ReversingLabs’ researchers have been monitoring them daily to detect malicious packages. After packages are detected, the team notifies administrators for these public repositories, and encourages them to take the offending packages down if they are still up.…
The Pixel Update Bulletin provides details on security vulnerabilities, functional improvements, and updates for supported Pixel devices.
Key Point:
Security patch levels of 2024-04-05 or later address all issues in the bulletin and the April 2024 Android Security Bulletin. All supported Google devices will receive an update to the 2024-04-05 patch level.…At XLab, we see a lot of botnets every day, mainly tweaks of old Mirai and Gafgyt codes. These are common and usually don’t grab our attention. But recently, we found something different.
This new botnet uses some of Gafgyt’s attack style but has been built differently from the ground up.…
Resecurity has detected a new version of JSOutProx, targeting financial services and organizations in the APAC and MENA regions. JSOutProx is a sophisticated attack framework utilizing both JavaScript and .NET. It employs the .NET (de)serialization feature to interact with a core JavaScript module running on the victim’s machine.…
macOS has been gaining the unwanted attention of more and more backdoor operators since late 2023.
In February 2024, Bitdefender uncovered RustDoor, which was written in Rust and possibly has ties to the operators of a Windows ransomware. They published their findings, including seven indicators of compromise (IoCs) comprising five domain names and two IP addresses.…
Threat Actor: AlphV ransomware gang Victim: Prudential Insurance
Information: – The sensitive information of more than 36,000 individuals was stolen from Prudential Insurance during a cyberattack in February. – The unauthorized third party gained access to Prudential Insurance’s network on February 4, 2024, and removed a small percentage of personal information.…
____________________ Losses linked to impersonation scams top $1 billion yearly, FTC says Key Point : * Impersonation scams reported to the Federal Trade Commission cost victims about $1.1 billion in 2023. * 40 percent of reported cases started online, while scam phone calls accounted for 32 percent.…
____________________ The FCC is investigating vulnerabilities in phone network infrastructure that can lead to cybercrime and spying. Key Point : * FCC is probing weaknesses in SS7 and Diameter protocols. * Vulnerabilities can reveal consumers’ locations to hackers and spies. * The agency is demanding providers to prevent breaches and share examples.…
____________________
The National Institute of Standards and Technology (NIST) is facing a vulnerability database backlog due to increased volume and changes in support, impacting cybersecurity experts and defenders who rely on the National Vulnerability Database (NVD) for critical information.
____________________
Key Point :
NIST blames increased volume of software and changes in interagency support for vulnerability database backlog.…
____________________ India says it has rescued 250 citizens from Cambodian cyber slavery
Key Point : * Indian government rescued 250 citizens from Cambodia * Citizens were forced to carry out cyber fraud after being enticed by job opportunities * Ministry of External Affairs closely collaborating with Cambodian authorities for rescue efforts * 75 of the rescued nationals have been repatriated in the last three months * Indian government working with Cambodian authorities to crack down on fraudulent schemes
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
The Indian government says it has rescued 250 citizens from Cambodia, where they were enticed by job opportunities and then forced to carry out cyber fraud.…
As cyber adversaries become more sophisticated, detecting and neutralizing potential threats before they can cause any harm has become a top priority for cybersecurity professionals. It is also why threat hunting is a crucial skill. By mastering the art of cyber threat hunting, security professionals can build a robust defense and shield their organization from the ever-persistent menace of cyber threats.…
2. DarknetLive — Is on the Clearnet and Dark Web. This site is owned by the Incognito Darknet Market admin and provides news on vendor arrests and other illegal Dark web news.…
CrowdStrike is committed to protecting our customers from the latest and most sophisticated cybersecurity threats. We are actively monitoring activity surrounding CVE-2024-3094, a recently identified vulnerability in XZ Utils. In this blog, we discuss the significance of this vulnerability, how CrowdStrike protects its customers from adversaries attempting exploitation, and how this issue can be discovered with CrowdStrike Falcon® Exposure Management, CrowdStrike Falcon® Insight XDR and CrowdStrike Falcon® for IT.…
Secureworks® Counter Threat Unit™ (CTU) researchers identified a vulnerability within Azure multi-tenant applications where the application’s redirect URI (also known as reply URL) contains a subdomain entry that is registered to the application but not to an Azure resource. These redirect URI endpoints are used to facilitate authorization code flow and can be abused by threat actors to steal users’ authorization codes and ID tokens.…
Summary : The Pentagon has released its first cybersecurity strategy to enhance the defense industrial base’s resilience against cyberattacks.
Key Point :
The strategy covers fiscal years 2024 through 2027.
Goals include improving best practices within the industrial base.
The Cybersecurity Maturity Model certification program is part of the strategy.…
Summary: The British nuclear site Sellafield is facing prosecution for cybersecurity failures, with concerns raised over information technology security offenses spanning several years. Despite no compromise to public safety, the company is under scrutiny for its cybersecurity shortcomings.
Key Point:
Sellafield nuclear site to be prosecuted for cybersecurity failures
Alleged information technology security offenses between 2019 and early 2023
No suggestion of public safety compromise
Enhanced regulatory attention on Sellafield’s cybersecurity failings
National Cyber Security Centre threat assessment warns of ransomware threats
Sellafield remains largest nuclear site in Europe with complex and hazardous operations
Historical nuclear accident in 1957 at Sellafield
Concerns over cyberattacks targeting operational technology systems at power plants
Potential risks of cyber incidents at nuclear facilities
Uncertainty on the extent of damage from a cyber incident at Sellafield
——————–
The United Kingdom’s independent nuclear safety regulator has announced that it will be prosecuting the company managing the Sellafield nuclear site over “alleged information technology security offenses during a four year period between 2019 and early 2023.”…