Summary: Security researchers have detected a suspicious email campaign targeting the OpenJS Foundation, similar to the recent XZ Utils backdoor incident, highlighting the need to address vulnerabilities in open source software management.

Threat Actor: Jia Tan | Jia Tan Victim: OpenJS Foundation | OpenJS Foundation

Key Point :

The OpenJS Foundation received suspicious emails requesting to update one of its JavaScript projects without providing specific details, resembling the tactics used by Jia Tan in the XZ Utils backdoor incident.…
Read More

Threat Actor: Unknown | Unknown Victim: Cisco Duo | Cisco Duo Price: Not specified Exfiltrated Data Type: MFA SMS logs

Additional Information :

The data breach occurred on April 1, 2024. The threat actors used a Provider employee’s credentials obtained through a phishing attack. The threat actor downloaded MFA SMS message logs belonging to customers’ Duo accounts.…
Read More

Summary: The threat actor known as Muddled Libra is actively targeting software-as-a-service (SaaS) applications and cloud service provider (CSP) environments to exfiltrate sensitive data, using sophisticated social engineering techniques and reconnaissance tactics.

Threat Actor: Muddled Libra | Muddled Libra Victim: Various organizations using SaaS applications and CSP environments | N/A

Key Points:

Muddled Libra targets SaaS applications and CSP environments to exfiltrate sensitive data.…
Read More

Summary: Test files associated with the XZ Utils backdoor have been found in the Rust crate liblzma-sys, which has been downloaded over 21,000 times. The backdoor was discovered in late March and allowed for remote code execution through manipulation of the Secure Shell Daemon (sshd).

Threat Actor: Unknown | Unknown Victim: Rust developers using the liblzma-sys crate | liblzma-sys

Key Point :

Test files associated with the XZ Utils backdoor were found in the liblzma-sys crate, which has been downloaded over 21,000 times.…
Read More

Summary: This article discusses two sub-techniques that have been exploited by North Korean threat actors: TCC manipulation on Apple’s macOS and “phantom” DLL hijacking on Windows. These techniques allow hackers to gain privileged access and perform espionage activities.

Threat Actor: North Korean threat actors | North Korean threat actors Victim: macOS and Windows environments | macOS and Windows environments

Key Points:

North Korean threat actors have been exploiting TCC manipulation on macOS and “phantom” DLL hijacking on Windows to gain privileged access.…
Read More

Experience Level required: beginner

In this blog we will Learn how to analyze MS Office Macro enabled Documents.

1st sample: 8d15fadf25887c2c974e521914bb7cba762a8f03b1c97a2bc8198e9fb94d45a5 2nd sample: a9f8b7b65e972545591683213bb198c1767424423ecc8269833f6e784aa8bc99

Let’s see the sample in Virus Total

37 of 63 security vendors detected this file as malicious.

Let’s open the file.

It uses a social engineering technique to persuade the user to enable the macros that lead to the infection of the user.…

Read More

Threat Actor: Unknown | Unknown Victim: Académie de Lyon and French Ministry of Education | Académie de Lyon and French Ministry of Education Price: Not specified Exfiltrated Data Type: Identity information, addresses, phone numbers, emails, relationships between middle school students, parents, teachers, and academic staff

Additional Information:

The data breach involves approximately 40,000 users associated with Académie de Lyon and the French Ministry of Education.…
Read More

Summary: This article discusses a recent attack campaign where cybercriminals manipulated GitHub’s search functionality to distribute malware through meticulously crafted repositories.

Threat Actor: Cybercriminals

Victim: GitHub users

Key Points: – Attackers create malicious repositories with popular names and topics, using techniques like automated updates and fake stars to boost search rankings and deceive users.…

Read More

Check out our on-demand Annual Report webinar or read on for a summary of key topics and themes in the report.

2023 was a year in which cybercrime evolved in significant ways. Our 2023 annual report serves as a playbook of adversaries’ tactics, techniques, and procedures (TTPs) in 2023, with the goal of giving your security team a 360-degree view of the threat landscape.…

Read More

Summary: This content discusses the rise of social media as a browser security challenge in the modern workspace, where personal and professional digital spaces are becoming increasingly blurred. It highlights the cybersecurity challenges that arise when employees engage with their personal social media accounts on company devices, making them inadvertent targets for threat actors.…

Read More

Summary: This article discusses the escalating threat of a fake e-shop campaign that targets banking security across various regions. The campaign has expanded from targeting Malaysian banks to financial institutions in Vietnam and Myanmar, using sophisticated tactics and Android malware with screen-sharing capabilities.

Threat Actor: Unknown | fake e-shop campaign Victim: Financial institutions in Malaysia, Vietnam, and Myanmar | Malaysian banks, Vietnam, Myanmar

Key Point :

A fake e-shop campaign has expanded its reach from Malaysian banks to financial institutions in Vietnam and Myanmar.…
Read More

Key Points

In early April 2024, ReliaQuest investigated numerous similar incidents targeting customers in the health care sector.We concluded that these intrusions form part of a new campaign targeting health care organizations with the goal of accessing banking information.The attacks used social engineering techniques against help desk staff to bypass account access controls.…
Read More

In 2022, the DonutLeaks group emerged as a significant player, demonstrating a sophisticated approach to data extortion. Linked to cyber incidents targeting notable enterprises such as Greek natural gas company DESFA, UK architectural firm Sheppard Robson, and multinational construction company Sando, DonutLeaks has swiftly garnered attention for its aggressive tactics and extensive data leaks when it first emerged.…

Read More

Key Point: – Only 3% of organizations have the ‘mature’ level of readiness for cybersecurity risks. – Readiness has decreased significantly from one year ago. – Companies struggle to defend against various cyber attacks. – There is a disparity between confidence and readiness in companies. – Investments in integrated platforms and AI are necessary for effective defense.…

Read More