Article Summary:
Discover how cybersecurity researchers uncover vulnerabilities in Zephyr OS, a real-time operating system used in IoT and embedded devices.
Learn about the risks of IP address spoofing and denial-of-service attacks and the importance of maintaining strong security measures in connected device environments.…
Tag: SPOOFING
A new Denial-of-Service (DoS) attack targets application-layer protocols that draw on the User Datagram Protocol (UDP) for end-to-end communication. ‘Application-layer Loop DoS Attacks’ pair servers of these protocols in such a way that they communicate with each other indefinitely. The vulnerability affects both legacy (e.g., QOTD, Chargen, Echo) and contemporary (e.g.,…
An analysis of 100,000+ Windows malware samples has revealed the most prevalent techniques used by malware developers to successfully evade defenses, escalate privileges, execute the malware, and assure its persistence.
Malware tactics and techniquesThe analyzed malware samples were most often delivered via malicious email attachments featuring macro-enabled documents, Windows shortcut files (LNK), ISO/VHD containers, and MSI installers.…
A new denial-of-service attack dubbed ‘Loop DoS’ targeting application layer protocols can pair network services into an indefinite communication loop that creates large volumes of traffic.
Devised by researchers at the CISPA Helmholtz-Center for Information Security, the attack uses the User Datagram Protocol (UDP) and impacts an estimated 300,000 host and their networks.…
Akamai security researcher Tomer Peled discovered a spoofing vulnerability in Microsoft Themes, allowing an attacker to coerce NTLM credentials.
The vulnerability affects all Windows versions and was fixed in January’s Patch Tuesday 2024.
Exploiting the vulnerability requires the victim to download a theme file, triggering an automatic authentication coercion attack.…Cyber threats are growing at an unprecedented pace, and the year ahead is fraught with cybercrime and incidents anticipated ahead of the busy election year where over 50 countries head to the polls, according to Mimecast.
With new threats like AI and deepfake technology, the stakes are higher than ever to execute a strong cyber defense.…
SummaryOver the past month, Hunt has tracked an ongoing phishing campaign by a likely North Korean threat actor focused on stealing Google and Naver credentials.
The actor first registered a domain spoofing cryptocurrency exchange Binance, then began to set up targeted phishing pages using iframes once Google Safe Browsing tagged the site as malicious.…
Read More Microsoft 365 (formerly Office 365) is Microsoft’s cloud-based suite of productivity tools, which includes email, collaboration platforms, and office applications. All are integrated with Entra ID (referred to as Azure AD in this post) for identity and access management. M365’s centralized storage of organizational data, combined with its ubiquity and widespread adoption, make it a common target of threat actors.…
Microsoft issued patches for 60 unique CVEs in its Patch Tuesday security update for March, only two of which are rated as “critical” and needing priority attention. Both affect the Windows Hyper-V virtualization technology: CVE-2024-21407, a remote code execution (RCE) bug; and CVE-2024-21408, which is a denial-of-service (DoS) vulnerability. …
Today is Microsoft’s March 2024 Patch Tuesday, and security updates have been released for 60 vulnerabilities, including eighteen remote code execution flaws.
This Patch Tuesday fixes only two critical vulnerabilities: Hyper-V remote code execution and denial of service flaws.
The number of bugs in each vulnerability category is listed below
24 Elevation of Privilege Vulnerabilities 3 Security Feature Bypass Vulnerabilities 18 Remote Code Execution Vulnerabilities 6 Information Disclosure Vulnerabilities 6 Denial of Service Vulnerabilities 2 Spoofing VulnerabilitiesThe total count of 60 flaws does not include 4 Microsoft Edge flaws fixed on March 7th.…
Organizations in the US have been targeted since at least 2021 in various phishing and business email compromise (BEC) campaigns spoofing government and private businesses, Proofpoint reports.
The attacks, attributed to a threat actor tracked as TA4903, were focused on harvesting corporate credentials to enable BEC activities such as invoice fraud or payroll redirect.…
Mar 07, 2024NewsroomMalware / Network Security
Threat actors have been leveraging fake websites advertising popular video conferencing software such as Google Meet, Skype, and Zoom to deliver a variety of malware targeting both Android and Windows users since December 2023.
“The threat actor is distributing Remote Access Trojans (RATs) including SpyNote RAT for Android platforms, and NjRAT and DCRat for Windows systems,” Zscaler ThreatLabz researchers said.…
A gang of hackers specialized in business email compromise (BEC) attacks and tracked as TA4903 has been impersonating various U.S. government entities to lure targets into opening malicious files carrying links to fake bidding processes.
According to Proofpoint, whose analysts have been tracking the campaign, the threat actors impersonate the U.S.…
March 06, 2024
Selena Larson, Jake G. and Dusty Miller
Key takeaways TA4903 is a unique threat actor that demonstrates at least two distinct objectives: (1) credential phishing and (2) business email compromise (BEC). TA4903 routinely conducts campaigns spoofing various U.S. government entities to steal corporate credentials. …COMMENTARY
Although it wasn’t called biometrics at the time, a rudimentary form of the technology emerged in 1901 when Scotland Yard adopted fingerprint classification to identify criminal suspects. The biometrics field has come a long way in the more than 120 years since then.
Public and private sector organizations now use it to identify and authenticate individuals to grant access to computer systems, such as laptops and tablets, and enterprise applications such as human resources or customer relationship management systems.…
A team of researchers has developed malware designed to target modern programmable logic controllers (PLCs) in an effort to demonstrate that remote Stuxnet-style attacks can be launched against such industrial control systems (ICS).
The researchers are from the Georgia Institute of Technology and they have published a paper detailing this ICS security project.…
Executive summary
Read More In 2023, Account Takeover (ATO) was confirmed to be among the most harmful types of fraud for online banking customers. At Cleafy, we have seen that 90% of fraud attempts are still conducted via Account Takeover, and our forecasts expect this number to stay flat in 2024.…
Mar 02, 2024NewsroomSpyware / Privacy
A U.S. judge has ordered NSO Group to hand over its source code for Pegasus and other products to Meta as part of the social media giant’s ongoing litigation against the Israeli spyware vendor.
The decision, which marks a major legal victory for Meta, which filed the lawsuit in October 2019 for using its infrastructure to distribute the spyware to approximately 1,400 mobile devices between April and May.…
Overview
SonicWall Capture Labs Threat Research Team became aware of the MonikerLink Remote Code Execution vulnerability (CVE-2024-21413) in Microsoft Outlook, assessed its impact and developed mitigation measures for the vulnerability.
Microsoft Outlook is a globally acclaimed personal information management software from Microsoft. A MonikerLink vulnerability was observed in the Microsoft Outlook email client.…
More than 8,000 domains and 13,000 subdomains belonging to legitimate brands and institutions have been hijacked as part of a sophisticated distribution architecture for spam proliferation and click monetization.
Guardio Labs is tracking the coordinated malicious activity, which has been ongoing since at least September 2022, under the name SubdoMailing.…