Resecurity has detected a new version of JSOutProx, targeting financial services and organizations in the APAC and MENA regions. JSOutProx is a sophisticated attack framework utilizing both JavaScript and .NET. It employs the .NET (de)serialization feature to interact with a core JavaScript module running on the victim’s machine.…
Tag: LEARN
macOS has been gaining the unwanted attention of more and more backdoor operators since late 2023.
In February 2024, Bitdefender uncovered RustDoor, which was written in Rust and possibly has ties to the operators of a Windows ransomware. They published their findings, including seven indicators of compromise (IoCs) comprising five domain names and two IP addresses.…
Threat Actor: AlphV ransomware gang Victim: Prudential Insurance
Information: – The sensitive information of more than 36,000 individuals was stolen from Prudential Insurance during a cyberattack in February. – The unauthorized third party gained access to Prudential Insurance’s network on February 4, 2024, and removed a small percentage of personal information.…
____________________ Losses linked to impersonation scams top $1 billion yearly, FTC says Key Point : * Impersonation scams reported to the Federal Trade Commission cost victims about $1.1 billion in 2023. * 40 percent of reported cases started online, while scam phone calls accounted for 32 percent.…
____________________ The FCC is investigating vulnerabilities in phone network infrastructure that can lead to cybercrime and spying. Key Point : * FCC is probing weaknesses in SS7 and Diameter protocols. * Vulnerabilities can reveal consumers’ locations to hackers and spies. * The agency is demanding providers to prevent breaches and share examples.…
____________________
The National Institute of Standards and Technology (NIST) is facing a vulnerability database backlog due to increased volume and changes in support, impacting cybersecurity experts and defenders who rely on the National Vulnerability Database (NVD) for critical information.
____________________
Key Point :
NIST blames increased volume of software and changes in interagency support for vulnerability database backlog.…
____________________ India says it has rescued 250 citizens from Cambodian cyber slavery
Key Point : * Indian government rescued 250 citizens from Cambodia * Citizens were forced to carry out cyber fraud after being enticed by job opportunities * Ministry of External Affairs closely collaborating with Cambodian authorities for rescue efforts * 75 of the rescued nationals have been repatriated in the last three months * Indian government working with Cambodian authorities to crack down on fraudulent schemes
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
The Indian government says it has rescued 250 citizens from Cambodia, where they were enticed by job opportunities and then forced to carry out cyber fraud.…
As cyber adversaries become more sophisticated, detecting and neutralizing potential threats before they can cause any harm has become a top priority for cybersecurity professionals. It is also why threat hunting is a crucial skill. By mastering the art of cyber threat hunting, security professionals can build a robust defense and shield their organization from the ever-persistent menace of cyber threats.…
2. DarknetLive — Is on the Clearnet and Dark Web. This site is owned by the Incognito Darknet Market admin and provides news on vendor arrests and other illegal Dark web news.…
CrowdStrike is committed to protecting our customers from the latest and most sophisticated cybersecurity threats. We are actively monitoring activity surrounding CVE-2024-3094, a recently identified vulnerability in XZ Utils. In this blog, we discuss the significance of this vulnerability, how CrowdStrike protects its customers from adversaries attempting exploitation, and how this issue can be discovered with CrowdStrike Falcon® Exposure Management, CrowdStrike Falcon® Insight XDR and CrowdStrike Falcon® for IT.…
Secureworks® Counter Threat Unit™ (CTU) researchers identified a vulnerability within Azure multi-tenant applications where the application’s redirect URI (also known as reply URL) contains a subdomain entry that is registered to the application but not to an Azure resource. These redirect URI endpoints are used to facilitate authorization code flow and can be abused by threat actors to steal users’ authorization codes and ID tokens.…
Summary : The Pentagon has released its first cybersecurity strategy to enhance the defense industrial base’s resilience against cyberattacks.
Key Point :
The strategy covers fiscal years 2024 through 2027.
Goals include improving best practices within the industrial base.
The Cybersecurity Maturity Model certification program is part of the strategy.…
Summary: The British nuclear site Sellafield is facing prosecution for cybersecurity failures, with concerns raised over information technology security offenses spanning several years. Despite no compromise to public safety, the company is under scrutiny for its cybersecurity shortcomings.
Key Point:
Sellafield nuclear site to be prosecuted for cybersecurity failures
Alleged information technology security offenses between 2019 and early 2023
No suggestion of public safety compromise
Enhanced regulatory attention on Sellafield’s cybersecurity failings
National Cyber Security Centre threat assessment warns of ransomware threats
Sellafield remains largest nuclear site in Europe with complex and hazardous operations
Historical nuclear accident in 1957 at Sellafield
Concerns over cyberattacks targeting operational technology systems at power plants
Potential risks of cyber incidents at nuclear facilities
Uncertainty on the extent of damage from a cyber incident at Sellafield
——————–
The United Kingdom’s independent nuclear safety regulator has announced that it will be prosecuting the company managing the Sellafield nuclear site over “alleged information technology security offenses during a four year period between 2019 and early 2023.”…
Jamf Threat Labs dissects ongoing infostealer attacks targeting macOS users. Each with different means of compromising victim’s Macs but with similar aims: to steal sensitive user data.
IntroductionOver the past year, the macOS environment has been under constant attack by infostealers. Many of these stealers are targeting individuals involved in the crypto industry with a focus on harvesting credentials along with data from various crypto wallets.…
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats within minutes.
We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.…
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats within minutes.
We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.…
MuddyWater APT has targeted government and private companies since 2017, including critical sectors such as energy, telecommunications, government, and defense. In February 2024, MuddyWater resumed spear-phishing attacks using new techniques. The National Cyber Directorate of Israel attributed the team’s attack toolkit and attack pattern findings to the MuddyWater group in March 2024, following an increase in new attacks.…
Experience Level required: Beginner
In this blog, we will learn how to analyze and deobfuscate Javascript malware.
Let’s view the sample code
The code has obfuscation with ° and g0 spread throughout, so let’s remove them.
We need to take care because g0 is being used here as a variable.…
Open-source software’s adaptive nature ensures its durability, relevance, and compatibility with new technologies.
When I started digging deeper into the open-source cybersecurity ecosystem, I discovered an engaged community of developers working to find practical solutions to many problems, one of them being saving time.
Here are 20 essential open-source cybersecurity tools that are freely available and waiting for you to include them in your arsenal.…
____________________ Summary : The week saw two prominent crypto platforms being compromised, with millions worth of cryptocurrency stolen by hackers with confusing motives.
Key Point :
Munchables blockchain-based game was attacked, with $62 million worth of cryptocurrency stolen.
Rumors suggested North Korean connection, but the alleged developer returned the stolen funds without any condition.…