Summary: Richard Horne has been announced as the next CEO of Britain’s National Cyber Security Centre (NCSC), becoming the agency’s third permanent chief executive and the first person with formal academic training in cybersecurity to lead the NCSC.

Threat Actor: N/A Victim: N/A

Key Point:

Richard Horne, with a PhD in mathematics and cryptography, will become the next CEO of Britain’s NCSC, bringing his experience from PwC UK’s cybersecurity practice and Barclays Bank.…
Read More

Summary: Hackers are targeting messaging apps used by the Ukrainian armed forces in an attempt to plant data-stealing malware, according to a report from CERT-UA.

Threat Actor: UAC-0184 | UAC-0184 Victim: Ukrainian armed forces | Ukrainian armed forces

Key Point :

Hackers identified as UAC-0184 are targeting Ukrainian armed forces’ messaging apps with data-stealing malware.…
Read More

Summary: Cybersecurity researchers have discovered almost 30 phishing websites that are impersonating the electronic toll collection service E-ZPass, following an FBI warning about smishing attacks targeting road toll collection services.

Threat Actor: Unknown threat actor | Unknown threat actor Victim: E-ZPass customers and users of road toll collection services

Key Point :

Cybersecurity researchers have identified nearly 30 newly created domains related to tolls, 15 of which are likely to be used for phishing, malware, or spam.…
Read More

Attackers are constantly seeking new vulnerabilities to compromise Kubernetes environments. Microsoft recently uncovered an attack that exploits new critical vulnerabilities in OpenMetadata to gain access to Kubernetes workloads and leverage them for cryptomining activity.

OpenMetadata is an open-source platform designed to manage metadata across various data sources.…

Read More

Hacklido.com is a cybersecurity community platform focused on various aspects of ethical hacking, security research, and cybersecurity knowledge sharing. The website hosts a range of content including blogs on topics like cybersecurity trends, techniques to bypass security measures such as one-time password (OTP) systems, and discussions on vulnerabilities like cross-site scripting (XSS)​ (HACKLIDO)​​.…

Read More

Summary: CrushFTP has warned its customers about an actively exploited zero-day vulnerability that allows attackers to escape the user’s virtual file system and download system files. The vulnerability has been fixed in new versions of CrushFTP, and users are urged to patch their servers immediately.

Threat Actor: Unknown | CrushFTP Victim: CrushFTP users | CrushFTP

Key Point :

CrushFTP has warned its customers about an actively exploited zero-day vulnerability that allows unauthenticated attackers to escape the user’s virtual file system and download system files.…
Read More

Content :

Introduction to SOCWhat is a Use Case in SOC?Use Case Life CycleUse Case ManagementChallenges in Use Case ManagementBest PracticesIntroduction to SOC (Security Operation Center)

A Security Operation Center (SOC) is a centralized unit within an organization dedicated to continuously monitoring, detecting, analyzing, and responding to cybersecurity incidents.…

Read More

At its core, threat hunting is the practice of proactively searching for signs of malicious activities or indicators of compromise (IOCs) before threat actors gain a deep foothold within your organization’s environment.

This involves observing both attacker behaviors (e.g., evidence of lateral movement, privilege escalation attempts, anomalous user activity) and indicators (e.g.,…

Read More

Summary: Cheap ransomware is being sold on dark web forums, allowing inexperienced individuals to enter the world of cybercrime without the need for affiliates, posing a challenge for defenders.

Threat Actor: Inexperienced freelancers selling cheap ransomware on dark web forums.

Victim: Small companies and individuals who are unlikely to have the resources to defend themselves effectively.…

Read More

Summary: Damn Vulnerable RESTaurant is an open-source project that allows developers to learn to identify and fix security vulnerabilities in their code through an interactive game.

Threat Actor: N/A

Victim: N/A

Key Point :

Damn Vulnerable RESTaurant is an open-source project that helps developers learn about security vulnerabilities in their code through an interactive game.…
Read More
SUMMARY

Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.…

Read More

Summary: The U.S. food and agriculture sector experienced 167 ransomware attacks in 2023, making it the seventh most targeted sector in the country. The industry continues to face cyber threats, with 40 attacks reported in the first quarter of 2024.

Threat Actor: Ransomware gangs such as LockBit, BlackCat, Play, 8Base, and Akira have targeted the food and agriculture sector.…

Read More

A new packed variant of the Redline Stealer trojan was observed in the wild, leveraging Lua bytecode to perform malicious behavior.

McAfee telemetry data shows this malware strain is very prevalent, covering North America, South America, Europe, and Asia and reaching Australia.

Infection ChainGitHub is being abused to host the malware file at Microsoft’s official account in the vcpkg repository https[:]//github[.]com/microsoft/vcpkg/files/14125503/Cheat.Lab.2.7.2.zip…
Read More

Experience Level required: beginner

In this blog we will Learn how to analyze MS Office Macro enabled Documents.

1st sample: 8d15fadf25887c2c974e521914bb7cba762a8f03b1c97a2bc8198e9fb94d45a5 2nd sample: a9f8b7b65e972545591683213bb198c1767424423ecc8269833f6e784aa8bc99

Let’s see the sample in Virus Total

37 of 63 security vendors detected this file as malicious.

Let’s open the file.

It uses a social engineering technique to persuade the user to enable the macros that lead to the infection of the user.…

Read More