Summary: The UK’s National Cyber Security Centre (NCSC) has issued a warning about Iranian cyber threats, specifically a spear phishing campaign attributed to Iran’s Islamic Revolutionary Guard Corps (IRGC). This campaign targets individuals involved in Iranian and Middle Eastern affairs, including US political campaigns, to further their information operations.…
Tag: SSO
Summary: GitLab has released a critical security update to address a severe vulnerability (CVE-2024-45409) affecting its Community and Enterprise Editions, which could allow unauthorized access through SAML authentication flaws. Administrators are urged to upgrade to the latest patched versions to mitigate potential exploitation risks.
Threat Actor: Unknown | unknown Victim: GitLab users | GitLab
Key Point :
GitLab’s vulnerability arises from improper validation of SAML responses, allowing attackers to bypass authentication.…Short Summary:
This article discusses a sophisticated phishing attack that impersonates a company’s human resources department. It highlights the tactics used by threat actors to deceive employees into clicking malicious links and entering their credentials on fake login pages. The article emphasizes the importance of vigilance and robust cybersecurity measures to combat such threats.…
Summary: Scattered Spider, a notorious ransomware group, has been executing sophisticated phishing attacks targeting financial and insurance companies to steal credentials and launch ransomware attacks on cloud environments. Their tactics include social engineering techniques such as smishing and vishing, which allow them to manipulate high-privileged accounts and bypass multifactor authentication.…
Short Summary:
EclecticIQ analysts have researched ransomware operations, particularly focusing on SCATTERED SPIDER, a group targeting cloud infrastructures in the insurance and financial sectors. They employ social engineering tactics, including phishing and smishing, to compromise high-privileged accounts. The group utilizes various methods to maintain persistent access and evade detection, leveraging cloud-native tools and exploiting vulnerabilities in cloud services.…
Summary: Lowe’s employees are being targeted by phishing attacks through malicious Google ads that mimic the company’s employee portal, MyLowesLife. These typosquatting websites are designed to steal employee credentials by presenting a convincing facade of the legitimate site.
Threat Actor: Unknown | unknown Victim: Lowe’s employees | Lowe’s employees
Key Point :
Malicious websites closely mimic the MyLowesLife portal, tricking employees into entering sensitive information.…Summary: A recent report by AppOmni reveals that 31% of global organizations experienced data breaches in their SaaS applications last year, highlighting significant gaps in cybersecurity awareness and accountability. The report emphasizes the need for improved visibility, policy enforcement, and proactive security measures to mitigate risks associated with SaaS environments.…
Summary: SolarWinds has released a hotfix for a critical vulnerability (CVE-2024-28987) in its Web Help Desk software, which involves hardcoded credentials that can be exploited by remote attackers. This follows a previous fix for another critical vulnerability (CVE-2024-28986) that is currently being exploited in the wild.…
Short Summary:
Recently, an employee received a phishing email attempting to steal AWS login credentials. The email contained a link that redirected to a credential harvesting page mimicking the legitimate AWS sign-in page. While the employee recognized the phishing attempt, the investigation revealed several indicators of compromise and emphasized the importance of AWS security measures.…
Threat Actor: Unknown | Unknown Victim: Major Casino Software Provider | Major Casino Software Provider Price: $80,000 Exfiltrated Data Type: Unauthorized access to casino software
Key Points :
The threat actor is selling unauthorized access to a major casino software provider with an annual revenue of $3 billion.…Threat Actor: Unknown | unknown Victim: US Gambling Company | US Gambling Company Price: $40,000 Exfiltrated Data Type: SSH, API, SafePay, SSO, CI/CD, Slack, Gitlab & Docker
Key Points :
The alleged access is for a US-based gambling company with a revenue of $2.6 Billion. The threat actor offers various access types including SSH, API, SafePay, SSO, CI/CD, Slack, Gitlab & Docker.…“`html Short Summary:
The article discusses the rise of Account-in-the-Middle (AiTM) phishing attacks, particularly focusing on the NakedPages phishing toolkit. It outlines various techniques used by attackers to evade detection, including the use of legitimate SaaS services, Cloudflare Workers, and sophisticated redirection methods. The article emphasizes the challenges in detecting these attacks and suggests that traditional MFA methods are often insufficient against such tactics.…
Published On : 2024-07-26
EXECUTIVE SUMMARYA recent update from CrowdStrike caused the Blue Screen of Death (BSOD) on many Windows computers globally, leading to widespread disruption. Cybercriminals quickly exploited the chaos, using phishing campaigns and malicious domains to deceive users.
The CYFIRMA Research team is continuously monitoring the ongoing situation and has carried out an analysis of the tactics, techniques & procedures (TTPs) on deployed malware and malicious campaigns of the threat actors.…
Published On : 2024-07-21
EXECUTIVE SUMMARYA recent update from cybersecurity firm CrowdStrike caused the Blue Screen of Death (BSOD) on many Windows computers due to a faulty update to the Falcon Sensor agent. Millions of Windows-based systems across the globe experienced the dreaded Blue Screen of Death (BSOD), causing total system crashes.…
Summary: This blog post discusses a recent phishing attempt that impersonates a company’s HR department and provides insights to help recognize and avoid falling victim to such scams.
Threat Actor: Unknown | Unknown Victim: Employees | Employees
Key Point :
The phishing email impersonates the company’s HR department and arrives in the victim’s inbox with a subject line urging them to review the employee handbook.…IntelBroker, a notorious figure known for orchestrating high-profile cyberattacks, operates within BreachForums. Specializing in identifying and selling access to compromised systems, sensitive data leaks, and possibly extortion, IntelBroker facilitates various malicious activities.
Most known profile picture of IntelBroker
BreachForums, IntelBroker’s long-time base, was recently taken down once again in an operation.…
Summary: This article discusses a cybercrime incident where a terminated worker unlawfully accessed patient information at Geisinger, a healthcare organization.
Threat Actor: Former employee of Nuance Communications Inc. | Nuance Communications Inc. Victim: Geisinger | Geisinger
Key Point :
An ex-employee of Nuance Communications Inc. has been indicted for unlawfully accessing patient information at Geisinger, a healthcare organization.…Threat Actor: Unknown | Unknown Victim: Atlassian Jira | Atlassian Jira Price: 800,000 XMR (Monero) Exfiltrated Data Type: Not specified
Additional Information:
The threat actor is selling a zero-day Remote Code Execution (RCE) exploit targeting Atlassian’s Jira. The exploit works on the latest version of the Jira desktop app and Jira integrated with Confluence.…Summary: The Scattered Spider gang has shifted their focus to stealing data from software-as-a-service (SaaS) applications and creating new virtual machines for persistence.
Threat Actor: Scattered Spider | Scattered Spider Victim: Various targets | Various targets
Key Point :
The Scattered Spider gang is known for engaging in social engineering attacks such as SMS phishing, SIM swapping, and account hijacking.…
Introduction
Read More
UNC3944 is a financially motivated threat group that carries significant overlap with public reporting of “0ktapus,” “Octo Tempest,” “Scatter Swine,” and “Scattered Spider,” and has been observed adapting its tactics to include data theft from software-as-a-service (SaaS) applications to attacker-owned cloud storage objects (using cloud synchronization tools), persistence mechanisms against virtualization platforms, and lateral movement via SaaS permissions abuse.…