Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
Summary: Richard Horne has been announced as the next CEO of Britain’s National Cyber Security Centre (NCSC), becoming the agency’s third permanent chief executive and the first person with formal academic training in cybersecurity to lead the NCSC.
Threat Actor: N/A Victim: N/A
Key Point:
Richard Horne, with a PhD in mathematics and cryptography, will become the next CEO of Britain’s NCSC, bringing his experience from PwC UK’s cybersecurity practice and Barclays Bank.…Summary: Hackers are targeting messaging apps used by the Ukrainian armed forces in an attempt to plant data-stealing malware, according to a report from CERT-UA.
Threat Actor: UAC-0184 | UAC-0184 Victim: Ukrainian armed forces | Ukrainian armed forces
Key Point :
Hackers identified as UAC-0184 are targeting Ukrainian armed forces’ messaging apps with data-stealing malware.…Summary: Cybersecurity researchers have discovered almost 30 phishing websites that are impersonating the electronic toll collection service E-ZPass, following an FBI warning about smishing attacks targeting road toll collection services.
Threat Actor: Unknown threat actor | Unknown threat actor Victim: E-ZPass customers and users of road toll collection services
Key Point :
Cybersecurity researchers have identified nearly 30 newly created domains related to tolls, 15 of which are likely to be used for phishing, malware, or spam.…Attackers are constantly seeking new vulnerabilities to compromise Kubernetes environments. Microsoft recently uncovered an attack that exploits new critical vulnerabilities in OpenMetadata to gain access to Kubernetes workloads and leverage them for cryptomining activity.
OpenMetadata is an open-source platform designed to manage metadata across various data sources.…
A new info-stealing malware called “TimbreStealer” is in town. Cisco Talos detected its distribution through a phishing campaign targeting Mexico. The threat actors used finance-themed phishing emails to lure victims in, including generic fake invoices and those imitating invoices from Comprobante Fiscal Digital por Internet (CDFI), the country’s standard electronic invoice format.…
Hacklido.com is a cybersecurity community platform focused on various aspects of ethical hacking, security research, and cybersecurity knowledge sharing. The website hosts a range of content including blogs on topics like cybersecurity trends, techniques to bypass security measures such as one-time password (OTP) systems, and discussions on vulnerabilities like cross-site scripting (XSS) (HACKLIDO).…
Summary: CrushFTP has warned its customers about an actively exploited zero-day vulnerability that allows attackers to escape the user’s virtual file system and download system files. The vulnerability has been fixed in new versions of CrushFTP, and users are urged to patch their servers immediately.
Threat Actor: Unknown | CrushFTP Victim: CrushFTP users | CrushFTP
Key Point :
CrushFTP has warned its customers about an actively exploited zero-day vulnerability that allows unauthenticated attackers to escape the user’s virtual file system and download system files.…Content :
Introduction to SOCWhat is a Use Case in SOC?Use Case Life CycleUse Case ManagementChallenges in Use Case ManagementBest PracticesIntroduction to SOC (Security Operation Center)A Security Operation Center (SOC) is a centralized unit within an organization dedicated to continuously monitoring, detecting, analyzing, and responding to cybersecurity incidents.…
New research from Recorded Futures Insikt Group focuses on the growing threat of a possible "mobile NotPetya" event. Through zero-click exploits, a self-propagating mobile malware could infiltrate smartphones at scale. The threat has increased sharply in the past few years as spyware companies continually refine zero-click exploits.…
At its core, threat hunting is the practice of proactively searching for signs of malicious activities or indicators of compromise (IOCs) before threat actors gain a deep foothold within your organization’s environment.
This involves observing both attacker behaviors (e.g., evidence of lateral movement, privilege escalation attempts, anomalous user activity) and indicators (e.g.,…
Summary: Cheap ransomware is being sold on dark web forums, allowing inexperienced individuals to enter the world of cybercrime without the need for affiliates, posing a challenge for defenders.
Threat Actor: Inexperienced freelancers selling cheap ransomware on dark web forums.
Victim: Small companies and individuals who are unlikely to have the resources to defend themselves effectively.…
Summary: Damn Vulnerable RESTaurant is an open-source project that allows developers to learn to identify and fix security vulnerabilities in their code through an interactive game.
Threat Actor: N/A
Victim: N/A
Key Point :
Damn Vulnerable RESTaurant is an open-source project that helps developers learn about security vulnerabilities in their code through an interactive game.…Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.…
Summary: The U.S. food and agriculture sector experienced 167 ransomware attacks in 2023, making it the seventh most targeted sector in the country. The industry continues to face cyber threats, with 40 attacks reported in the first quarter of 2024.
Threat Actor: Ransomware gangs such as LockBit, BlackCat, Play, 8Base, and Akira have targeted the food and agriculture sector.…
A new packed variant of the Redline Stealer trojan was observed in the wild, leveraging Lua bytecode to perform malicious behavior.
McAfee telemetry data shows this malware strain is very prevalent, covering North America, South America, Europe, and Asia and reaching Australia.
Infection ChainGitHub is being abused to host the malware file at Microsoft’s official account in the vcpkg repository https[:]//github[.]com/microsoft/vcpkg/files/14125503/Cheat.Lab.2.7.2.zip…Affected Platforms: TP-Link Archer AX21 (AX1800) Version 1.1.4 Build 20230219 or priorImpacted Users: Any organizationImpact: Remote attackers gain control of the vulnerable systemsSeverity Level: High
Last year, a command injection vulnerability, CVE-2023-1389, was disclosed and a fix developed for the web management interface of the TP-Link Archer AX21 (AX1800).…
This post is also available in: 日本語 (Japanese)
Executive SummaryThis threat brief is frequently updated as new threat intelligence is available for us to share. The full update log is at the end of this post and offers the fullest account of all changes made.…
As we explained in a previous blogpost, exploiting a prompt injection attack is conceptually easy to understand: There are previous instructions in the prompt, and we include additional instructions within the user input, which is merged together with the legitimate instructions in a way that the underlying model cannot distinguish between them.…
Experience Level required: beginner
In this blog we will Learn how to analyze MS Office Macro enabled Documents.
1st sample: 8d15fadf25887c2c974e521914bb7cba762a8f03b1c97a2bc8198e9fb94d45a5 2nd sample: a9f8b7b65e972545591683213bb198c1767424423ecc8269833f6e784aa8bc99Let’s see the sample in Virus Total
37 of 63 security vendors detected this file as malicious.
Let’s open the file.
It uses a social engineering technique to persuade the user to enable the macros that lead to the infection of the user.…
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats within minutes.
We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.…