ReversingLabs researchers recently discovered a malicious, open source package: xFileSyncerx on the Python Package Index (PyPI). The package, with close to 300 registered downloads, contained separate malicious “wiper” components. Is it an open source supply chain threat? Kind of. Further investigation by our team uncovered the fact that the downloader and wipers were created by a cybersecurity pro doing “red team” penetration testing of a client’s SOC. …
Tag: PENETRATION
Summary
Read More On May 2, 2024, Arctic Wolf Labs began monitoring deployment of a new ransomware variant referred to as Fog. The ransomware activity was observed in several Arctic Wolf Incident Response cases, each exhibiting similar elements. All victim organizations were located in the United States, 80% of which were in the education sector and 20% in the recreation sector.…
Threat Actor: Unknown | Unknown Victim: Hugging Face | Hugging Face Price: Not specified Exfiltrated Data Type: Spaces secrets
Additional Information:
The security breach affected Hugging Face’s Spaces platform. Unauthorized access to Spaces secrets was detected. A subset of Spaces’ secrets may have been compromised. Hugging Face revoked many HF tokens associated with the potentially accessed secrets.…Published On : 2024-06-03
Executive SummaryAt CYFIRMA, we are dedicated to providing current insights into prevalent threats and strategies utilized by malicious entities, targeting both organizations and individuals. This in-depth examination focuses on the Vidar Stealer, an information stealer operating as a malware-as-a-service. The research explores the tactics employed by threat actor(s) to evade detection on the system and over the network, as well as their techniques for concealing malicious code and activities.…
Why AI Will Not Fully Replace Humans in Web Penetration TestingContextual Understanding:AI handles large data volumes and identifies patterns.
Human testers understand the business context, industry specifics, user behavior, and regulatory requirements.
They prioritize findings based on potential impact on organizational objectives.Adaptability to Novel Threats:AI detects known vulnerabilities but may struggle with novel attack vectors or zero-day exploits.…
Read More Threat Actor: Unknown | Unknown Victim: Cryptocurrency platform | Cryptocurrency platform Price: $50,000 Exfiltrated Data Type: User portfolios, email addresses, phone numbers, and other sensitive information
Additional Information :
System Administrator Panel: Full access to the platform’s administrative panel, granting extensive control over platform operations. RDP via VPN: Remote Desktop Protocol access facilitated through a Virtual Private Network, potentially allowing remote control over system devices.…Key Points
The cyber threat landscape has seen a significant increase in information-stealing (infostealer) malware activity, with a 30.5% rise in marketplace listings for “stealer logs” from Q3 to Q4 of 2023. This malware type has evolved to encompass more sophisticated tools that aim to harvest sensitive information such as usernames, passwords, and credit card details.…During a recent red team operation, NetSPI discovered a local privilege escalation path in the default installation of Microsoft Service Fabric Runtime, a software commonly used for local application development. This vulnerability would allow a low privilege user, with a foothold on a host running the service fabric deployment, to elevate their privileges up to System. …
In so many penetration tests or assessments, the client gives you a set of subnets and says “go for it”. This all seems reasonable, until you realize that if you have a website, there might be dozens or hundreds of websites hosted there, each only accessible by their DNS name.…
Summary: Bugcrowd, a cybersecurity company, has made its first purchase by acquiring an external attack surface management vendor to enhance visibility and management of potential attack surfaces.
Threat Actor: N/A Victim: N/A
Key Point :
Bugcrowd has acquired an external attack surface management vendor, Informer, to improve its attack surface management capabilities.…
Introduction
Read More Artificial Intelligence (AI) is increasingly being integrated into various industries, and cybersecurity is no exception. This article delves into the potential of AI to transform the cybersecurity landscape, addressing common concerns and highlighting the areas where AI is already making significant contributions.
AI’s Impact on Cybersecurity JobsWill AI Overtake Cybersecurity in the Next Five Years?…This post is also available in: 日本語 (Japanese)
Executive SummaryA Chinese advanced persistent threat (APT) group has been conducting an ongoing campaign, which we call Operation Diplomatic Specter. This campaign has been targeting political entities in the Middle East, Africa and Asia since at least late 2022.…
Summary: This article discusses Hackbat, an open-source penetration testing tool that is built around a custom PCB and a RP2040 microcontroller from the Raspberry Pi Pico W.
Threat Actor: Hackbat | Hackbat Victim: N/A
Key Point:
Hackbat is a pocket-sized tool designed for high-end penetration testing duties.…Summary: This content discusses the challenges organizations face in developing responsible AI while balancing technological advancement and compliance with ethical standards and regulatory requirements.
Threat Actor: N/A
Victim: N/A
Key Point :
Organizations need to employ a standardized approach to AI development to ensure compliance and competitiveness in the market.…Summary: This content discusses the limitations of password protection for files sent via email and explores the effectiveness of software and hardware encryption in protecting personal and business files from theft, loss, or hacking.
Threat Actor: N/A
Victim: N/A
Key Point:
Password protection on files sent via email is not as secure as it may seem, as it can be easily circumvented.…Summary: Telus has acquired Vumetric Cybersecurity, a Toronto-based cybersecurity provider, to enhance its security services portfolio and offer advanced penetration testing to identify vulnerabilities and threats for companies in North America.
Threat Actor: N/A
Victim: N/A
Key Point :
Telus has acquired Vumetric Cybersecurity to strengthen its security services portfolio.…
SUMMARY
Read More Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.…
Summary: This content discusses reNgine, an open-source automated reconnaissance framework for web applications that aims to streamline the recon process.
Threat Actor: N/A Victim: N/A
Key Point :
reNgine was developed to address the limitations of traditional reconnaissance tools and is useful for bug bounty hunters, penetration testers, and corporate security teams.…An increasing number of threats have begun to leverage the Microsoft Graph API, usually to facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services.
The technique was most recently used in an attack against an organization in Ukraine, where a previously undocumented piece of malware used the Graph API to leverage Microsoft OneDrive for C&C purposes.…
Threat Actor: Czech Republic’s Office for Personal Data Protection (ÚOOÚ) | ÚOOÚ Victim: Avast | Avast Price: $14.8 million Exfiltrated Data Type: Sensitive personal data, including browsing habits, interests, location, and financial status
Additional Information:
The fine was imposed by the Czech Republic’s Office for Personal Data Protection (ÚOOÚ) on Avast for alleged violations of the European Union’s General Data Protection Regulation (GDPR).…