Cisco Talos Incident Response (Talos IR) has observed the ongoing use of legitimate digital document publishing (DDP) sites for phishing, credential theft and session token theft during recent incident response and threat intelligence engagements. Hosting phishing lures on DDP sites increases the likelihood of a successful phishing attack, since these sites often have a favorable reputation, are unlikely to appear on web filter blocklists, and may instill a false sense of security in users who recognize them as familiar or legitimate.…
Read More

Mar 13, 2024NewsroomPatch Tuesday / Software Update

Microsoft on Tuesday released its monthly security update, addressing 61 different security flaws spanning its software, including two critical issues impacting Windows Hyper-V that could lead to denial-of-service (DoS) and remote code execution.

Of the 61 vulnerabilities, two are rated Critical, 58 are rated Important, and one is rated Low in severity.…

Read More
How to Set Up a Network Research Laboratory: MonikerLink (CVE-2024-21413) Case Study 

Every now and then, you come across a situation where you need to get hands-on to understand how an exploit or malware works and then create a detection rule. Plus, there are times when it’s essential for the attacking machine to be on the local network to capture network traffic or utilize its own detection tools.…

Read More

The Sysdig Threat Research Team (TRT) discovered a malicious campaign using the blockchain-based Meson service to reap rewards ahead of the crypto token unlock happening around March 15th. Within minutes, the attacker attempted to create 6,000 Meson Network nodes using a compromised cloud account. The Meson Network is a decentralized content delivery network (CDN) that operates in Web3 by establishing a streamlined bandwidth marketplace through a blockchain protocol.…

Read More

Mar 11, 2024The Hacker NewsCybersecurity / Browser Security

As the shift of IT infrastructure to cloud-based solutions celebrates its 10-year anniversary, it becomes clear that traditional on-premises approaches to data security are becoming obsolete. Rather than protecting the endpoint, DLP solutions need to refocus their efforts to where corporate data resides – in the browser.…

Read More

MASEPIE, a new backdoor replacing Headlace to facilitate follow-on actions. In addition to MASEPIE, ITG05 developed another new backdoor dubbed OCEANMAP. X-Force analysis revealed the code basis of CREDOMAP was likely used in the creation of OCEANMAP. In place of CREDOMAP, ITG05 has opted for the use of a new simplified PowerShell script named STEELHOOK.…

Read More

In this article, we’ll delve into the world of designing and developing malware for macOS, which is essentially a Unix-based operating system. We’ll take a classic approach to exploring Apple’s internals. All you need is a basic understanding of exploitation, along with knowledge of C and Python programming, as well as some familiarity with low-level assembly language to grasp the details here.…

Read More

In today’s tech-driven world, APIs (Application Programming Interfaces) are like the connective tissue that allows different software to talk to each other, making our digital experiences seamless. But because they are so crucial, they are also prime targets for hackers. 

They could break in to steal our sensitive data, mess with our systems, or even shut down services.…
Read More

Cisco on Tuesday unveiled an open source proof-of-concept tool designed to improve visibility into backplane traffic in industrial organizations.

A backplane is a piece of hardware that connects various modules and components together. In operational technology (OT) environments, for instance, backplanes enable organizations to link together programmable logic controllers (PLCs) and other modules for high-speed communication.…

Read More

The US Department of Health and Human Services (HHS) on Monday revealed the actions taken to assist healthcare providers in continuing to serve patients following the ransomware attack on Change Healthcare.

One of the largest healthcare technology companies in the US and a subsidiary of UnitedHealth Group, Change Healthcare handles billions of healthcare transactions per year.…

Read More

An in-depth look into a proactive website security solution that continuously detects, prioritizes, and validates web threats, helping to mitigate security, privacy, and compliance risks.

[Reflectiz shields websites from client-side attacks, supply chain risks, data breaches, privacy violations, and compliance issues]

You Can’t Protect What You Can’t See

Today’s websites are connected to dozens of third-party web apps, trackers, and open-source tools like pixels, tag managers, and JavaScript frameworks.…

Read More

The cybercrime group called GhostSec has been linked to a Golang variant of a ransomware family called GhostLocker.

“TheGhostSec and Stormous ransomware groups are jointly conducting double extortion ransomware attacks on various business verticals in multiple countries,” Cisco Talos researcher Chetan Raghuprasad said in a report shared with The Hacker News.…

Read More

Open-source tool that can legitimately be used to manage content in the cloud, but has been seen being abused by ransomware actors to exfiltrate data from victim machines. For an example of how Rclone may be used, see case study below.

AnyDesk: A legitimate remote desktop application. By installing it, attackers can obtain remote access to computers on a network. Malicious…

Read More