PASSWORD – Page 2 – Cybersecurity News Everyday

Gootloader inside out

January 17, 2025 Sophos

The Gootloader malware employs sophisticated social engineering tactics to infect users through compromised WordPress sites. It manipulates search engine results to direct victims to these sites, where they encounter fake message boards that link to the malware. The infection process is complex and heavily obfuscated, making it difficult for even site owners to detect.…

Info Data Leak

FTC sues GoDaddy for years of poor hosting security practices

January 17, 2025January 18, 2025 BleepingComputer

Summary: The Federal Trade Commission (FTC) has mandated GoDaddy to enhance its security measures, including implementing multi-factor authentication and HTTPS APIs, due to significant security failures since 2018. The FTC’s complaint highlights GoDaddy’s misleading claims about its security practices, which left millions of customers vulnerable to breaches.…

Cyber Security News

Researchers Find Exploit Allowing NTLMv1 Despite Active Directory Restrictions

January 16, 2025 TheHackerNews

Summary: Cybersecurity researchers have discovered that a misconfiguration in on-premise applications can bypass Microsoft’s Group Policy designed to disable NT LAN Manager (NTLM) v1 authentication. This vulnerability allows organizations to mistakenly believe they are protected against NTLMv1 attacks, while in reality, they remain exposed due to misconfigured settings.…

The Cyber Threat Responsible for the Biggest Breaches of 2024

Info Data Leak

The $10 Cyber Threat Responsible for the Biggest Breaches of 2024

January 16, 2025January 18, 2025 TheHackerNews

Summary: Stolen credential-based attacks have surged, becoming the leading cyber threat in 2023/24, with a staggering 80% of web app attacks originating from this breach vector. Despite increased cybersecurity budgets, vulnerabilities remain due to inadequate MFA adoption and the rise of infostealer malware. This article explores the factors contributing to the rise in account compromises and offers recommendations for security teams to combat these threats.…

Threat Research

Sneaky 2FA: exposing a new AiTM Phishing-as-a-Service

January 16, 2025 SekoiaIO

In December 2024, a new Adversary-in-the-Middle (AiTM) phishing kit known as Sneaky 2FA was identified, targeting Microsoft 365 accounts. This phishing kit, sold as Phishing-as-a-Service (PhaaS) by the cybercrime service “Sneaky Log”, utilizes sophisticated techniques including autograb functionality and anti-bot measures. The analysis reveals its operational methods, including the use of Telegram for distribution and support.…

Threat Research

Securonix Threat Labs 2024 Annual Autonomous Threat Sweeper Intelligence Insights

January 16, 2025 Securonix

The 2024 Annual Cyber Threat Report reveals a significant increase in cyber threats, including advanced persistent threats (APTs) and evolving tactics used by attackers. Key incidents include the resurgence of LockBit ransomware, exploitation of vulnerabilities in widely-used technologies, and notable data breaches affecting major organizations. Affected: Ivanti Connect Secure, GlobalProtect, CrowdStrike, Snowflake, Palo Alto Networks

Keypoints :

Emerging threats exploit vulnerabilities in Ivanti Connect Secure and GlobalProtect VPN.…

Info Data Leak

15,000 FortiGate Firewalls Exposed: Huge Leak of VPN Login Info

January 16, 2025 SecurityOnline

Victim: FortiGate Users | FortiGate Price: N/A Data: VPN Credentials, Firewall Configurations

Keypoints :

Threat Actor: Belsen Group Number of Exposed Configurations: Over 15,000 Data Types Leaked: Usernames, passwords (some in plain text), device management certificates, complete firewall rule sets Vulnerability Exploited: CVE-2022-40684 Data Organization: Categorized by country with individual IP addresses Potential Risks: Unauthorized network access and exploitation of sensitive information Expert Confirmation: Kevin Beaumont verified the authenticity of the leaked data

Cybersecurity expert Kevin Beaumont has reported that over 15,000 FortiGate firewall configurations, including VPN credentials, have been publicly leaked by a group calling itself “Belsen Group.”…

Threat Research

Unpacking the LastPass Hack: A Case Study | CSA

January 16, 2025January 16, 2025 admin

This article examines the LastPass hack, detailing how attackers exploited vulnerabilities to access sensitive customer data. It emphasizes the importance of robust security measures in cloud computing and offers practical guidelines for detection and prevention. Affected: LastPass

Keypoints :

LastPass is a SaaS provider specializing in password vault solutions.…

Info Data Leak

Hackers leak configs and VPN credentials for 15,000 FortiGate devices

January 16, 2025January 18, 2025 BleepingComputer

Summary: A new hacking group known as the Belsen Group has leaked sensitive configuration files, IP addresses, and VPN credentials for over 15,000 FortiGate devices on the dark web. This data dump, which includes critical technical information, was released to promote the group and is believed to be linked to a previously exploited zero-day vulnerability.…

Threat Research

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

January 16, 2025 Malwarebytes

This article discusses a phishing scheme targeting Google Ads advertisers, where criminals impersonate Google Ads through fraudulent ads to steal account credentials. The stolen accounts are likely resold or used for further malicious activities. Affected: Google Ads

Keypoints :

Online criminals are targeting Google Ads advertisers through phishing.…

Info Data Leak

Extension Poisoning Campaign Highlights Gaps in Browser Security

January 16, 2025January 18, 2025 DarkReading

Summary: A Christmas Eve phishing attack led to the takeover of a Cyberhaven employee’s Google Chrome Web Store account, resulting in the publication of a malicious Chrome extension. This incident underscores significant gaps in browser security and the ongoing threat of extension poisoning, which is expected to persist.…

Cyber Security News

Google Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA Codes

January 16, 2025 TheHackerNews

Summary: A new malvertising campaign is targeting Google Ads users by phishing for their credentials through fraudulent ads. The attackers aim to steal advertiser accounts and use the stolen credentials to perpetuate further scams. The campaign has been active since at least mid-November 2024 and employs sophisticated techniques to evade detection.…

Threat Research

Ransomware and Cyber Extortion in Q4 2024

January 15, 2025 Reliaquest

The last quarter of 2024 saw an unprecedented surge in ransomware activity, with significant growth in the number of active groups and notable incidents involving established players like LockBit and emerging threats such as Akira and BlackLock. This report highlights key findings, trends, and recommendations to bolster defenses against ransomware attacks.…

Threat Research

Microsoft Patch Tuesday January 2025 Security Update Review Qualys ThreatPROTECT

January 15, 2025January 15, 2025 iocOne

January 2025 marks the release of Microsoft’s first Patch Tuesday, addressing 159 vulnerabilities, including 10 critical and 149 important. Among these, eight zero-day vulnerabilities have been patched, with three actively exploited. Key updates include fixes for various Microsoft products, notably in Windows and Microsoft Office. Affected: Microsoft Windows, Microsoft Office, .NET,…

Threat Research

Investigating A Web Shell Intrusion With Trend Micro™ Managed XDR

January 15, 2025 TrendMicro

This blog details a web shell intrusion incident where attackers exploited the IIS worker to steal data. The attackers uploaded a web shell, created a reverse TCP shell, and exfiltrated data using various techniques. Affected: IIS worker (w3wp.exe)

Keypoints :

Attackers abused the IIS worker to upload a web shell.…

Info Data Leak

Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks

January 15, 2025January 18, 2025 TheHackerNews

Summary: Cybersecurity researchers have identified multiple vulnerabilities in SimpleHelp remote access software that could lead to serious security breaches, including information disclosure and remote code execution. The flaws, which are easy to exploit, necessitate immediate action from users to apply patches and enhance security measures.

Threat Actor: Unknown | unknown Victim: SimpleHelp | SimpleHelp

Key Point :

CVE-2024-57727: Unauthenticated path traversal vulnerability allowing file downloads, including sensitive configuration files.…

Threat Research

Zombies Never Die: Analysis of the Current Situation of the Large Zombie Network AIRASHI

January 15, 2025 iocOne

A large-scale DDoS attack targeted the Chinese game “Black Myth: Wukong” on the Steam and Perfect World platforms in August 2024. The attackers, using a botnet called AISURU, executed multiple waves of attacks during peak online gaming hours across 13 global regions. The botnet was later updated and renamed AIRASHI, which exhibited advanced capabilities, including exploiting a 0DAY vulnerability in Cambium Networks routers.…

Threat Research

Kimsuky Hacking Group’s Malware Attack on the Korean Defense Industry Association – Defense Industry Digital Innovation Seminar (Planned) (2025.1.12)

January 15, 2025 iocOne

This article discusses the malicious activities of the North Korean hacking group Kimsuky, which targets the Korea Association of Defense Industry Studies. The group is known for its various espionage missions, including the distribution of malware disguised as a seminar invitation. The malware is delivered via email and executes harmful scripts upon opening an attached document.…

Threat Research

Volt Typhoon: Analyzing Espionage Campaigns Against Critical Infrastructure

January 15, 2025January 15, 2025 iocOne

Volt Typhoon, a Chinese state-sponsored APT group, is known for targeting critical infrastructure in the US, UK, Canada, and Australia by exploiting vulnerabilities in outdated SOHO devices. Their stealthy tactics involve using legitimate tools to blend malicious activities with normal network traffic, making detection difficult. Affected: United States, United Kingdom, Canada, Australia

Keypoints :

Volt Typhoon is linked to espionage and information gathering targeting critical infrastructure.…

Threat Research

VMware ESXi Logging and Detection Opportunities

January 15, 2025January 15, 2025 iocOne

This article discusses the unique challenges faced by Detection Engineers in securing ESXi environments, which often lack adequate security controls. It highlights the importance of effective log sources, common adversary techniques, and provides a Python-based CLI tool for automating detection tasks. Affected: ESXi

Keypoints :

ESXi environments are often considered legacy and may lack effective maintenance and security controls.…

Tag: PASSWORD