IntelBroker, a notorious figure known for orchestrating high-profile cyberattacks, operates within BreachForums. Specializing in identifying and selling access to compromised systems, sensitive data leaks, and possibly extortion, IntelBroker facilitates various …
Tag: SSO
Summary: This article discusses a cybercrime incident where a terminated worker unlawfully accessed patient information at Geisinger, a healthcare organization.
Threat Actor: Former employee of Nuance Communications Inc. | Nuance …
Threat Actor: Unknown | Unknown Victim: Atlassian Jira | Atlassian Jira Price: 800,000 XMR (Monero) Exfiltrated Data Type: Not specified
Additional Information:
The threat actor is selling a zero-day Remote…Summary: The Scattered Spider gang has shifted their focus to stealing data from software-as-a-service (SaaS) applications and creating new virtual machines for persistence.
Threat Actor: Scattered Spider | Scattered Spider …
UNC3944 is a financially motivated threat group that carries significant overlap with public reporting of “0ktapus,” “Octo Tempest,” “Scatter Swine,” and “Scattered Spider,” and has been observed adapting its …
Summary: A proof-of-concept exploit for a Veeam Backup Enterprise Manager authentication bypass flaw has been publicly released, highlighting the need for immediate security updates.
Threat Actor: Remote unauthenticated attackers
Victim: …
Summary: Microsoft has officially deprecated NTLM authentication on Windows and Windows servers, urging developers to transition to more secure alternatives like Kerberos or Negotiation authentication.
Threat Actor: N/A
Victim: N/A…
Summary: The content discusses the prevalence of account takeover attacks and their impact on organizations, based on a survey conducted by Abnormal Security.
Threat Actor: Account takeover attacks
Victim: Organizations…
Summary: Cloudflare acquires a zero trust infrastructure access startup to enhance remote access security for critical infrastructure.
Threat Actor: Cloudflare | Cloudflare Victim: N/A
Key Point :
Cloudflare has purchased…In so many penetration tests or assessments, the client gives you a set of subnets and says “go for it”. This all seems reasonable, until you realize that if you …
Huntress uncovered the infrastructure of a mass phishing campaign including potentially novel tradecraft that combines HTML smuggling, injected iframes, and session theft via transparent proxy. This technique allows an …
Summary: This content discusses an authentication bypass vulnerability (CVE-2024-4985) recently fixed by GitHub, which impacts GitHub Enterprise Server instances using SAML single sign-on authentication.
Threat Actor: N/A Victim: GitHub Enterprise …
Summary: This content discusses the features and functionality of Authelia, an open-source authentication and authorization server that offers 2FA and SSO for applications through a web portal.
Threat Actor: N/A…
Summary: This content discusses the importance of having adequate identity access management (IAM) policies in place, specifically focusing on authentication and authorization, in order to ensure the security of applications …
Threat Actor: Unknown | Unknown Victim: Department of International Trade Promotion (DITP) | Department of International Trade Promotion Price: Not specified Exfiltrated Data Type: Personally Identifiable Information (PII)
Additional Information …
Summary: This content discusses the risks associated with authentication tokens and their importance in cybersecurity.
Threat Actor: N/A
Victim: N/A
Key Point :
Authentication tokens, also known as session tokens,…Summary: Scattered Spider, a threat actor group, is targeting companies in the finance and insurance industries using convincing lookalike domains and login pages, as well as sim swapping attacks to …
Summary: This article discusses the FIDO2 authentication method, its purpose, and how it protects against various attacks. It also explores the vulnerability of FIDO2 to man-in-the-middle attacks and provides mitigation …
This post is also available in: 日本語 (Japanese)
Executive SummaryUnit 42 researchers have discovered that the Muddled Libra group now actively targets software-as-a-service (SaaS) applications and cloud service provider …
Summary: This article discusses LSA Whisperer, an open-source tool designed to interact with authentication packages and recover credentials from the Local Security Authority Subsystem Service (LSASS) without accessing its memory.…
Organizations are increasingly turning to cloud computing for IT agility, resilience and scalability. Amazon Web Services (AWS) stands at the forefront of this digital transformation, offering a robust, flexible and …
Summary: LastPass users are being targeted by a malicious campaign using the CryptoChameleon phishing kit, which is associated with cryptocurrency theft.
Threat Actor: CryptoChameleon | CryptoChameleon Victim: LastPass users | …
Summary: The threat actor known as Muddled Libra is actively targeting software-as-a-service (SaaS) applications and cloud service provider (CSP) environments to exfiltrate sensitive data, using sophisticated social engineering techniques and …
A proxy server is an intermediary system that sits between end users and the websites or services they access online. It provides functions like web filtering, enhanced security, and data …
Key Point : – Phishing attacks targeting login credentials for IAM, cloud resources, and SSO-enabled systems are on the rise. – SMS phishing (smishing) has seen a significant surge in …
This document will help and guide you to start your first threat hunting based on MITRE ATT&CK Tactics.
Reconnaissance Objective:Identify potential reconnaissance activity on the network
Description:Reconnaissance …
This educational session introduces the concept of Privileged Access Management (PAM), focusing on why securing privileged accounts is crucial in today’s cybersecurity landscape. The session covers the challenges associated with …
JPCERT/CC held JSAC2024 on January 25 and 26, 2024. The purpose of this conference is to raise the knowledge and technical level of security analysts, and we aimed to bring …
To enhance our threat intelligence, improve detection and identify new threats, Sekoia analysts engage in continuous hunting to address the main threats affecting our customers. For this, we proactively …
Cisco Talos is providing an update on its two recent reports on a new and ongoing campaign where Turla, a Russian espionage group, deployed their TinyTurla-NG (TTNG) implant. We now have new information on …
Tenable Research discovered a one-click account takeover vulnerability in the AWS Managed Workflows Apache Airflow service that could have allowed full takeover of a victim’s web management panel of the …
Key Points
ReliaQuest has observed 246% more business email compromise (BEC) attempts over the past year; this highlights the growing risk of fraud or other damage caused by cyber attacks,…A new Denial-of-Service (DoS) attack targets application-layer protocols that draw on the User Datagram Protocol (UDP) for end-to-end communication. ‘Application-layer Loop DoS Attacks’ pair servers of these protocols in such …
As the U.S. and Canadian tax season approaches, eSentire has observed a substantial increase in malware being delivered through tax-themed phishing emails. Cybercriminals are exploiting the urgency and …
Mar 13, 2024The Hacker NewsSaaS Security / Webinar
Identities are the latest sweet spot for cybercriminals, now heavily targeting SaaS applications that are especially vulnerable in this attack vector.
The …
Okta denies that its company data was leaked after a threat actor shared files allegedly stolen during an October 2023 cyberattack on a hacker forum.
Okta is a San Fransisco-based …
This post is also available in: 日本語 (Japanese)
Executive SummaryMuddled Libra stands at the intersection of devious social engineering and nimble technology adaptation. With an intimate knowledge of enterprise …
In today’s rapidly evolving SaaS environment, the focus is on human users. This is one of the most compromised areas in SaaS security management and requires strict governance of user …
Passwords play a critical role in most organizations’ security. But they can also represent a significant expense. From the countless hours your service desk spends resetting passwords and unlocking accounts, …
Federal Communications Commission (FCC) employees and cryptocurrency platforms have been targeted in mobile device phishing attacks employing a novel and advanced kit, cybersecurity firm Lookout warns.
Using the new kit, …
A new phishing kit named CryptoChameleon is being used to target Federal Communications Commission (FCC) employees, using specially crafted single sign-on (SSO) pages for Okta that appear remarkably similar to the …
A phishing kit dubbed CryptoChameleon has been discovered targeting cryptocurrency platforms, including employees of Binance and Coinbase — as well as the Federal Communications Commission (FCC).
According to an analysis …
A novel phishing kit has been observed impersonating the login pages of well-known cryptocurrency services as part of an attack cluster designed to primarily target mobile devices. “This kit enables …
Lookout recently discovered an advanced phishing kit exhibiting novel tactics to target cryptocurrency platforms as well as the Federal Communications Commission (FCC) via mobile devices. Following the tactics of …
On December 19, 2023, the Justice Department Office of Public Affairs issued a press release indicating that the FBI had “disrupted the ALPHV/BlackCat ransomware variant.” This variant of ransomware is offered …
Mandiant and Ivanti’s investigations into widespread Ivanti zero-day exploitation have continued across a variety of industry verticals, including the U.S. defense industrial base sector. Following the initial publication on Jan. 10, …
Scattered Spider (aka UNC3944, Scatter Swine, Muddled Libra, Octo Tempest, Oktapus, StarFraud) is a lucrative intrusion set active since at least May 2022, primarily engaged in …
Today’s attackers are taking advantage of changing business dynamics to target people everywhere they work. Staying current on the latest cybersecurity attack vectors and threats is an essential part of …