Tag: PROXY

Summary: The interaction between web2 client-server architectures and web3 systems presents security challenges. Web3 systems often rely on classic centralized components, which can create unique attack surfaces. In this post, ongoing research on the use of web2 components in web3 systems is summarized, including vulnerabilities found in the Dappnode node management framework.…

Read More

AhnLab SEcurity intelligence Center (ASEC) recently confirmed that the Kimsuky group distributed malware disguised as an installer for domestic public institutions. The malware in question is a dropper, which creates Endoor , a backdoor malware used in the attack discussed in the past article “TrollAgent (Kimsuky group) infected during security program installation” [1] .…

Read More

Since early 2022, we have been monitoring an APT campaign that targets several government entities worldwide, with a strong focus in Southeast Asia, but also seen targeting Europe, America, and Africa.

Introduction

Since early 2022, we have been monitoring an APT campaign that targets several government entities worldwide, with a strong focus in Southeast Asia, but also seen targeting Europe, America, and Africa.…

Read More

The Mobile Security Framework (MobSF) is an open-source research platform for mobile application security, encompassing Android, iOS, and Windows Mobile.

MobSF can be used for mobile app security assessment, penetration testing, malware analysis, and privacy evaluation. The Static Analyzer is adept at handling popular mobile app binaries such as APK, IPA, APPX, and source code.…

Read More

Written by World Watch team from CERT Orange Cyberdefense (Marine PICHON, Vincent HINDERER, Maël SARP and Ziad MASLAH) and Sekoia TDR team (Livia TIBIRNA, Amaury G. and Grégoire CLERMONT)

TL;DRResidential proxies are intermediaries that allow an Internet connection to appear as coming from another host; This method allows a user to hide the real origin and get an enhanced privacy or an access to geo-restricted content; Residential proxies represent a growing threat in cyberspace, frequently used by attacker groups to hide among legitimate traffic, but also in a legitimate way; The ecosystem of these proxies is characterised by a fragmented and deregulated offering in legitimate and cybercrime webmarkets; To obtain an infrastructure up to several million hosts, residential proxies providers use techniques that can mislead users who install third-party software; With millions of IP addresses available, they represent a massive challenge to be detected by contemporary security solutions; Defending against this threat requires increased vigilance over the origin of traffic, which may not be what it seems, underlining the importance of a cautious and informed approach to managing network traffic; This joint report is built on extensive research from Sekoia.io…
Read More

Microsoft 365 (formerly Office 365) is Microsoft’s cloud-based suite of productivity tools, which includes email, collaboration platforms, and office applications. All are integrated with Entra ID (referred to as Azure AD in this post) for identity and access management. M365’s centralized storage of organizational data, combined with its ubiquity and widespread adoption, make it a common target of threat actors.…

Read More

Fortinet patched a critical vulnerability in its FortiClient Enterprise Management Server (EMS) software that can allow attackers to gain remote code execution (RCE) on vulnerable servers.

FortiClient EMS enables admins to manage endpoints connected to an enterprise network, allowing them to deploy FortiClient software and assign security profiles on Windows devices.…

Read More

Roku has disclosed a data breach impacting over 15,000 customers after hacked accounts were used to make fraudulent purchases of hardware and streaming subscriptions.

However, BleepingComputer has learned there is more to this attack, with threat actors selling the stolen accounts for as little as $0.50 per account, allowing purchasers to use stored credit cards to make illegal purchases.…

Read More

Scans on the public web show that approximately 150,000 Fortinet FortiOS and FortiProxy secure web gateway systems are vulnerable to CVE-2024-21762, a critical security issue that allows executing code without authentication.

America’s Cyber Defense Agency CISA confirmed last month that attackers are actively exploiting the flaw by adding it to its Known Exploited Vulnerabilities (KEV) catalog.…

Read More

Mar 08, 2024NewsroomInteroperability / Encryption

Meta has offered details on how it intends to implement interoperability in WhatsApp and Messenger with third-party messaging services as the Digital Markets Act (DMA) went into effect in the European Union.

“This allows users of third-party providers who choose to enable interoperability (interop) to send and receive messages with opted-in users of either Messenger or WhatsApp – both designated by the European Commission (EC) as being required to independently provide interoperability to third-party messaging services,” Meta’s Dick Brouwer said.…

Read More

On February 19, 2024, ConnectWise published a security advisory detailing the discovery of two significant vulnerabilities, CVE-2024-1708 (Path Traversal) and CVE-2024-1709 (Authentication Bypass), affecting ScreenConnect version 23.9.8.

Successful exploitation of these vulnerabilities allowed adversaries to gain unauthorized access and control over affected systems. The exploitation of these vulnerabilities was named “SlashAndGrab” by Huntress, due to the simplicity of adding a single forward slash character to the end of the address of a vulnerable ScreenConnect installation.…

Read More

ESET researchers discovered a cyberespionage campaign that, since at least September 2023, has been victimizing Tibetans through a targeted watering hole (also known as a strategic web compromise), and a supply-chain compromise to deliver trojanized installers of Tibetan language translation software. The attackers aimed to deploy malicious downloaders for Windows and macOS to compromise website visitors with MgBot and a backdoor that, to the best of our knowledge, has not been publicly documented yet; we have named it Nightdoor.…

Read More

Recent discussion around an emerging information-stealing trojan project reinforces the continual need to track intelligence on capabilities adversaries rely on for the collection of sensitive information from victims. In today’s blog InQuest analysts share information that has been publicly documented recently about the newer threat named Planet Stealer, recently offered for sale in underground forums.…

Read More

Sandworm is a highly sophisticated Russian adversary, active since at least 2009, that has been attributed to Russia’s Main Intelligence Directorate (GRU) for Special Technologies (GTsST) military Unit 74455.

Sandworm is characterized by the use of malware families specifically designed to compromise Industrial Control System (ICS) and Supervisory Control and Data Acquisition (SCADA) systems found in entities located in the Energy, Government, and Media sectors.…

Read More