Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
Fujitsu, the Japanese multinational technology giant, has revealed a data breach resulting from a malware infection within its corporate network. The company disclosed that sensitive files containing both personal and customer information were exposed to the attackers.
Swift Response, Ongoing Investigation
Fujitsu reports that they detected the malware during an internal investigation.…
Since early 2022, we have been monitoring an APT campaign that targets several government entities worldwide, with a strong focus in Southeast Asia, but also seen targeting Europe, America, and Africa.
IntroductionSince early 2022, we have been monitoring an APT campaign that targets several government entities worldwide, with a strong focus in Southeast Asia, but also seen targeting Europe, America, and Africa.…
Within the obscured world of the Deep/Dark Web, where cybercrime flourishes amidst databases, initial access brokers, and a plethora of illegal activities, there exists a group known for leaking various databases and executing high-profile attacks. This group, at first glance, might seem like a benign assembly of Pokémon enthusiasts, given their name.…
The Mobile Security Framework (MobSF) is an open-source research platform for mobile application security, encompassing Android, iOS, and Windows Mobile.
MobSF can be used for mobile app security assessment, penetration testing, malware analysis, and privacy evaluation. The Static Analyzer is adept at handling popular mobile app binaries such as APK, IPA, APPX, and source code.…
GhostSec, a significant member of The Five Families, has garnered substantial attention with the latest research, following their recent twin ransomware attack with Stormous –another Five Families affiliated threat group. Researchers and the group itself allege that this group, supposedly initially linked with Anonymous and often identified as vigilante hackers, had taken on the responsibility of combating extremist content and activities on the internet, explicitly targeting ISIS when they first emerged.…
Summary: Azure Deployment Scripts with User-Assigned Managed Identities can be exploited by attackers to gain unauthorized access and escalate privileges. The Deployment Scripts service allows users to run code in a containerized Azure environment, making it a convenient way to deploy complex resources. However, administrators need to closely monitor the permissions granted to users and Managed Identities to prevent privilege escalation.…
Driven by the promise of new lines of revenue and lower manufacturing costs, automobile manufacturers are enthusiastically turning vehicles into next-gen application platforms. Increasingly, organizations that run fleets or have transport as a key part of their business can opt into “software defined” features that can be turned on and off over the air, offered on a subscription basis.…
You might have heard about the practice of pen test vendor rotation, or even tried it yourself. This is where organizations change their pen test providers annually to avoid complacency and maintain an objective perspective on their security posture.
Pen testing isn’t an exact science – you can never be totally sure all vulnerabilities have been found.…
Mar 12, 2024The Hacker NewsCTEM / Vulnerability Management
In a world of ever-expanding jargon, adding another FLA (Four-Letter Acronym) to your glossary might seem like the last thing you’d want to do. But if you are looking for ways to continuously reduce risk across your environment while making significant and consistent improvements to security posture, in our opinion, you probably want to consider establishing a Continuous Threat Exposure Management (CTEM) program.…
Security researchers have created a knowledge base repository for attack and defense techniques based on improperly setting up Microsoft’s Configuration Manager, which could allow an attacker to execute payloads or become a domain controller.
Configuration Manager (MCM), formerly known as System Center Configuration Manager (SCCM, ConfigMgr), has been around since 1994 and is present in many Active Directory environments, helping administrators manage servers and workstations on a Windows network.…
Microsoft has confirmed a new, significant intrusion by the persistent Russia-based hacking group Midnight Blizzard (NOBELIUM). The threat actors leveraged information exfiltrated during a January cyberattack to gain recent, unauthorized access to Microsoft’s internal network, including source code repositories.
Microsoft traced the breach back to a January cyberattack where Midnight Blizzard leveraged a common but dangerous method – a password spray attack.…
This post is also available in: 日本語 (Japanese)
Executive SummaryMuddled Libra stands at the intersection of devious social engineering and nimble technology adaptation. With an intimate knowledge of enterprise information technology, this threat group presents a significant risk even to organizations with well-developed legacy cyber defenses.…
The fallout from the devastating hacker attack on IT provider Xplain continues as the Swiss National Cyber Security Centre (NCSC) publishes a detailed report on the leaked data. The report reveals both the scope of the breach and the complex challenges faced by authorities in analyzing the massive trove of stolen information.…
Japanese school uniform retailer Kanko Online Shop has disclosed a significant data breach affecting its “Kanko Online Shop Harajuku Select Square” e-commerce site. Up to 3,827 customers who made purchases between April 2021 and August 2023 may have had their credit card information compromised.
What Happened?…
Open-source tool that can legitimately be used to manage content in the cloud, but has been seen being abused by ransomware actors to exfiltrate data from victim machines. For an example of how Rclone may be used, see case study below.
AnyDesk: A legitimate remote desktop application. By installing it, attackers can obtain remote access to computers on a network. Malicious…
PRESS RELEASE
SAN FRANCISCO, March 5, 2024 – Horizon3.ai, a pioneer in autonomous security solutions, today announced the availability of the Horizon3.ai Pentesting Services for Compliance. Horizon3.airecognizes that demand for pentesting expertise is at an all-time high, and organizations may be struggling to meet their compliance-driven pentesting needs. This advanced, tailored service is designed to fulfill the internal and external pentesting requirements for rigorous regulatory standards that require manual penetration testing to uncover complex logic errors and unknown vulnerabilities.…
With enterprise applications defaulting to cloud infrastructure, application security testing increasingly resembles penetration testing across an distributed attack surface area of the application — a similarity that is opening new markets for penetration-testing-as-a-service (PTaaS).
Rather than focusing on the edges of the network, PTaaS providers are focusing on cloud applications, which typically have three vectors of vulnerability: the application itself, the interconnections between applications, and the way the application changes over time.…
Daikin Industries, a global leader in air conditioning systems, recently faced a challenging situation – a data breach compromising the personal data of its suppliers. The incident highlights the intricate web of business relationships that characterize modern supply chains and the inherent risks that come with them.…
The folder also contained an LNK file and a __MACOS folder with payload, this time timestamped Dec. 22, 2023.
Similar to the previously analyzed archive, several stages lead to this last stage (namely Cobalt Strike), only with different configurations. The C&C server name abuses the name of the cybersecurity company Cybereason.…