Date Reported: 2024-04-15 Country: France (FRA) Victim: Le Slip Français | leslipfrancais.fr

Additional Information:

Le Slip Français, a company specialized in the sale of underwear, fell victim to a cyberattack on April 15th. The attack resulted in the theft of certain personal data of its customers, although passwords or payment card information were not compromised.…
Read More
Summary

This report details the resurgence of the LightSpy mobile espionage campaign, which focuses on targets in Southern Asia and probably India, potentially indicating a renewed focus on political targets and tensions in the region.

Beyond our findings, the echoes of concern reach further. VirusTotal submissions from India suggest potential victims within its borders, aligning with recent warnings by Apple on detections within the same country.…

Read More
Key findings:The group is targeting various countries around the world in addition to its priority region of Latin America.It uses long chains that incorporate a variety of tools and malware: AgentTesla, FormBook, Remcos, LokiBot, Formbook, Guloader, SnakeKeylogger, XWorm, and others.The group uses compromised legitimate FTP servers for C2, and SMTP servers, for C2 and phishing.…
Read More

Summary: The World Cybercrime Index reveals that Russia is the top hub for digital threat actors and the most significant source of global cybercrime, followed by Ukraine, China, the United States, Nigeria, and Romania.

Threat Actor: Russia, Ukraine, China, United States, Nigeria, Romania

Victim: N/A

Key Point:

Russia is the most significant source of global cybercrime and serves as the top hub for digital threat actors worldwide.…
Read More

Summary: Test files associated with the XZ Utils backdoor have been found in the Rust crate liblzma-sys, which has been downloaded over 21,000 times. The backdoor was discovered in late March and allowed for remote code execution through manipulation of the Secure Shell Daemon (sshd).

Threat Actor: Unknown | Unknown Victim: Rust developers using the liblzma-sys crate | liblzma-sys

Key Point :

Test files associated with the XZ Utils backdoor were found in the liblzma-sys crate, which has been downloaded over 21,000 times.…
Read More

Threat Actor: Credential Stuffing Attackers | Credential Stuffing Attackers Victim: Roku | Roku Price: N/A Exfiltrated Data Type: User account information

Additional Information :

Roku announced that 576,000 accounts were hacked in credential stuffing attacks. Threat actors used credentials stolen from third-party platforms. Unauthorized actors accessed around 15,000 user accounts in the first security breach.…
Read More

A proxy server is an intermediary system that sits between end users and the websites or services they access online. It provides functions like web filtering, enhanced security, and data caching to improve network performance. Proxies also help in masking user IP addresses, enabling anonymous web browsing and managing internet usage within an organization.…

Read More
By Securonix Threat Research: D. Iuzvyk, T. Peck, O. Kolesnikov

tldr: In this article, we take a deeper dive into a prevalent “DLL sideloading” attack technique we’ve been observing  in real-world attacks, including many of those we discovered, to understand its variations, how it works, and how we can detect it.…

Read More

Summary: This content provides a list of security vulnerabilities and their severity levels in various Microsoft products and services.

Threat Actor: N/A

Victim: N/A

Key Point:

The content highlights multiple security vulnerabilities in Microsoft products and services, including .NET and Visual Studio, Azure, Azure AI Search, Azure Arc, Azure Compute Gallery, Azure Migrate, Azure Monitor, Azure Private 5G Core, Azure SDK, Intel, Internet Shortcut Files, Mariner, Microsoft Azure Kubernetes Service, Microsoft Brokering File System, Microsoft Defender for IoT, Microsoft Edge (Chromium-based), Microsoft Install Service, Microsoft Office Excel, Microsoft Office Outlook, Microsoft Office SharePoint, Microsoft WDAC ODBC Driver, Microsoft WDAC OLE DB provider for SQL, Role: DNS Server, Role: Windows Hyper-V, SQL Server, Windows Authentication Methods, Windows BitLocker, Windows Compressed Folder, Windows Cryptographic Services, Windows Defender Credential Guard, Windows DHCP Server, Windows Distributed File System (DFS), Windows DWM Core Library, Windows File Server Resource Management Service, Windows HTTP.sys,…
Read More

Safeguarding sensitive data, maintaining brand reputation, and cultivating customer trust pose continuous challenges for enterprise organizations. However, the dark web, a hidden corner of the internet, poses unique challenges for cybersecurity professionals. Criminal activities such as the sale of stolen credentials and plans for targeted attacks thrive in this dark section of the internet.…

Read More

Summary: Varonis Threat Labs discovered two techniques in SharePoint that allow users to circumvent audit logs and avoid triggering download events while exfiltrating files. These techniques can bypass traditional security tools and hide data exfiltration activities from detection.

Threat Actor: N/A

Victim: N/A

Key Points:

Technique #1: Open in App Method: This technique uses the “open in app” feature in SharePoint to access and download files while only leaving an access event in the file’s audit log.…
Read More

In December 2023, Sophos X-Ops received a report of a false positive detection on an executable signed by a valid Microsoft Hardware Publisher Certificate. However, the version info for the supposedly clean file looked a little suspicious.

Figure 1: Version info of the detected file. Note the typos ‘Copyrigth’ and ‘rigths’

The file’s metadata indicates that it is a “Catalog Authentication Client Service” by “Catalog Thales ” – possibly an attempt to impersonate the legitimate company Thales Group.…

Read More