Phishing is one of the most common and effective cyberattack vectors that threat actors use to compromise email accounts, steal sensitive data, and deliver malware. Recently, we have observed a new trend in phishing campaigns that leverage QR codes embedded in emails to evade detection and trick users into visiting malicious links.…
Tag: MONITOR
A proxy server is an intermediary system that sits between end users and the websites or services they access online. It provides functions like web filtering, enhanced security, and data caching to improve network performance. Proxies also help in masking user IP addresses, enabling anonymous web browsing and managing internet usage within an organization.…
By Securonix Threat Research: D. Iuzvyk, T. Peck, O. Kolesnikov
Read More tldr: In this article, we take a deeper dive into a prevalent “DLL sideloading” attack technique we’ve been observing in real-world attacks, including many of those we discovered, to understand its variations, how it works, and how we can detect it.…
Summary: This content provides a list of security vulnerabilities and their severity levels in various Microsoft products and services.
Threat Actor: N/A
Victim: N/A
Key Point:
The content highlights multiple security vulnerabilities in Microsoft products and services, including .NET and Visual Studio, Azure, Azure AI Search, Azure Arc, Azure Compute Gallery, Azure Migrate, Azure Monitor, Azure Private 5G Core, Azure SDK, Intel, Internet Shortcut Files, Mariner, Microsoft Azure Kubernetes Service, Microsoft Brokering File System, Microsoft Defender for IoT, Microsoft Edge (Chromium-based), Microsoft Install Service, Microsoft Office Excel, Microsoft Office Outlook, Microsoft Office SharePoint, Microsoft WDAC ODBC Driver, Microsoft WDAC OLE DB provider for SQL, Role: DNS Server, Role: Windows Hyper-V, SQL Server, Windows Authentication Methods, Windows BitLocker, Windows Compressed Folder, Windows Cryptographic Services, Windows Defender Credential Guard, Windows DHCP Server, Windows Distributed File System (DFS), Windows DWM Core Library, Windows File Server Resource Management Service, Windows HTTP.sys,…Safeguarding sensitive data, maintaining brand reputation, and cultivating customer trust pose continuous challenges for enterprise organizations. However, the dark web, a hidden corner of the internet, poses unique challenges for cybersecurity professionals. Criminal activities such as the sale of stolen credentials and plans for targeted attacks thrive in this dark section of the internet.…
Summary: Varonis Threat Labs discovered two techniques in SharePoint that allow users to circumvent audit logs and avoid triggering download events while exfiltrating files. These techniques can bypass traditional security tools and hide data exfiltration activities from detection.
Threat Actor: N/A
Victim: N/A
Key Points:
Technique #1: Open in App Method: This technique uses the “open in app” feature in SharePoint to access and download files while only leaving an access event in the file’s audit log.…Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats within minutes.
We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.…
In December 2023, Sophos X-Ops received a report of a false positive detection on an executable signed by a valid Microsoft Hardware Publisher Certificate. However, the version info for the supposedly clean file looked a little suspicious.
Figure 1: Version info of the detected file. Note the typos ‘Copyrigth’ and ‘rigths’
The file’s metadata indicates that it is a “Catalog Authentication Client Service” by “Catalog Thales ” – possibly an attempt to impersonate the legitimate company Thales Group.…
Summary: The U.S. Department of Health and Human Services (HHS) has warned that hackers are using social engineering tactics to target IT help desks in the Healthcare and Public Health sector, allowing them to gain access to organizations’ systems and carry out business email compromise attacks.…
Summary: MPs in the UK have been targeted in a spear-phishing attack, potentially compromising parliament’s security.
Threat Actor: Unknown | Unknown Victim: UK Parliament | UK Parliament
Key Point :
A police investigation has been launched after MPs received unsolicited messages, potentially indicating a spear-phishing attack.…Date Reported: 2024-02-17 Country: USA Victim: Otolaryngology Associates (OA) | otolaryn.com Additional Information :
Otolaryngology Associates (OA) was targeted in a cyberattack on February 17, 2024. Although the medical records system was not compromised, it is believed that data may have been exfiltrated. The stolen information includes billing data and, for some individuals, sensitive information such as social security numbers and bank details.…Date Reported: 2024-02-29 Country: Sweden Victim: Mediplast | mediplast.se Additional Information:
The Swedish medical equipment supplier, Mediplast, has fallen victim to a cyberattack. The attack has affected the delivery of essential products used in surgical operations in the Västerbotten region. The region has declared a state of emergency to monitor the situation and is considering alternative suppliers.…Date Reported: 2024-02-29 Country: South Africa (ZAF) Victim: Commission for Companies and Intellectual Property (CIPC) | cipc.co.za Additional Information:
The CIPC, South Africa’s Commission for Companies and Intellectual Property, has fallen victim to a cyberattack. The attack resulted in the compromise of personal data belonging to both clients and employees.…Date Reported: 2024-03-13 Country: Malaysia (MYS) Victim: Maxis | maxis.com.my Additional Information:
The Malaysian company, Maxis, has been targeted in a cyberattack carried out by the international hacker group R00TK1T. The attack did not result in any personal data leaks, according to the Personal Data Protection Authority (JPDP).…Key Point: – Newly discovered HTTP/2 protocol vulnerabilities called “CONTINUATION Flood” can lead to denial of service (DoS) attacks, crashing web servers with a single TCP connection in some implementations. – The vulnerabilities relate to the use of HTTP/2 CONTINUATION frames, which are not properly limited or checked in many implementations of the protocol.…
Key Point : – Scrut Automation has secured $10 million in growth capital from existing investors. – The funding will be used to enhance platform capabilities and expand into North American and European markets. – The company’s total venture funding since its establishment amounts to $20.5 million.…
Affected Platforms: Microsoft WindowsImpacted Users: Microsoft WindowsImpact: The stolen information can be used for future attackSeverity Level: High
In January 2024, FortiGuard Labs collected a PDF file written in Portuguese that distributes a multi-functional malware known as Byakugan. While investigating this campaign, a report about it was published.…
The impact that AI has on society has steadily crept into the darkest nooks and crannies of the internet. So much so that cybercrooks are hitching free rides on the AI bandwagon by leveraging the increased demand of AI-powered software for content creators.
Cybercriminal groups constantly adapt their operating methods and tools to stay a step ahead of potential victims.…
Key Point : —————————— – Operation Cronos disrupted LockBit’s operations, leading to outages on LockBit-affiliated platforms and a takeover of its leak site by the UK’s National Crime Agency. – Authorities used the compromised leak site to distribute information about LockBit, highlighting the risks of paying ransoms and the impact on affected businesses.…
Proofpoint’s Threat Research team joined up with the Team Cymru S2 Threat Research team, in a collaborative effort to provide the information security community with a comprehensive view of the threat activity described.
Key takeaways Proofpoint first observed new malware named Latrodectus appear in email threat campaigns in late November 2023. …