Key Point : – Phishing attacks targeting login credentials for IAM, cloud resources, and SSO-enabled systems are on the rise. – SMS phishing (smishing) has seen a significant surge in 2024. – The Com, a geographically diverse group of threat actors, is responsible for these attacks.…
Tag: SSO
ABSTRACT
Read More
This document will help and guide you to start your first threat hunting based on MITRE ATT&CK Tactics.
Reconnaissance Objective:Identify potential reconnaissance activity on the network
Description:Reconnaissance is an important phase of an attack, where the attacker gathers information about the target system and network.…
This educational session introduces the concept of Privileged Access Management (PAM), focusing on why securing privileged accounts is crucial in today’s cybersecurity landscape. The session covers the challenges associated with managing privileged accounts, the risks they pose, and how CyberArk, a leader in the PAM solution space, addresses these challenges.…
JPCERT/CC held JSAC2024 on January 25 and 26, 2024. The purpose of this conference is to raise the knowledge and technical level of security analysts, and we aimed to bring them together in one place where they can share technical knowledge related to incident analysis and response.…
Executive Summary
Impersonating North Korea-related questionnaires, manuscript materials, security columns, contributions, monthly magazines, etc.
Delivered by hiding an LNK type malicious file inside a ZIP compressed file
Exploiting cloud storage such as DropBox, pCloud, etc. as a base for attack
APT37 group’s ongoing RoKRAT fileless attacks
Early detection of LNK and PowerShell stages with Genian EDR
1.…
Read More
Introduction
Read More
To enhance our threat intelligence, improve detection and identify new threats, Sekoia analysts engage in continuous hunting to address the main threats affecting our customers. For this, we proactively search and identify emerging threats, using our telemetry data, internal tools and external services.
In October 2023, our daily threat hunting routine led us to uncover a new Adversary-in-The-Middle (AiTM) phishing kit allegedly used by multiple threat actors to carry out widespread and effective attacks.…
Cisco Talos is providing an update on its two recent reports on a new and ongoing campaign where Turla, a Russian espionage group, deployed their TinyTurla-NG (TTNG) implant. We now have new information on the entire kill chain this actor uses, including the tactics, techniques and procedures (TTPs) utilized to steal valuable information from their victims and propagate through their infected enterprises. …
Tenable Research discovered a one-click account takeover vulnerability in the AWS Managed Workflows Apache Airflow service that could have allowed full takeover of a victim’s web management panel of the Airflow instance. The discovery of this now-resolved vulnerability reveals a broader problem of misconfigured shared-parent domains that puts customers of major CSPs at risk.…
Key Points
ReliaQuest has observed 246% more business email compromise (BEC) attempts over the past year; this highlights the growing risk of fraud or other damage caused by cyber attacks, relevant to all sectors and countries. We have developed an advanced detection approach for organizations to identify and counter BEC, surpassing traditional methods by dynamically identifying anomalies.…A new Denial-of-Service (DoS) attack targets application-layer protocols that draw on the User Datagram Protocol (UDP) for end-to-end communication. ‘Application-layer Loop DoS Attacks’ pair servers of these protocols in such a way that they communicate with each other indefinitely. The vulnerability affects both legacy (e.g., QOTD, Chargen, Echo) and contemporary (e.g.,…
THE THREAT
Read More
As the U.S. and Canadian tax season approaches, eSentire has observed a substantial increase in malware being delivered through tax-themed phishing emails. Cybercriminals are exploiting the urgency and importance of tax-related communications to trick individuals into opening malicious email links, leading to malware infections.…
Mar 13, 2024The Hacker NewsSaaS Security / Webinar
Identities are the latest sweet spot for cybercriminals, now heavily targeting SaaS applications that are especially vulnerable in this attack vector.
The use of SaaS applications involves a wide range of identities, including human and non-human, such as service accounts, API keys, and OAuth authorizations.…
Okta denies that its company data was leaked after a threat actor shared files allegedly stolen during an October 2023 cyberattack on a hacker forum.
Okta is a San Fransisco-based cloud identity and access management solutions provider whose Single Sign-On (SSO), multi-factor authentication (MFA), and API access management services are used by thousands of organizations worldwide.…
This post is also available in: 日本語 (Japanese)
Executive SummaryMuddled Libra stands at the intersection of devious social engineering and nimble technology adaptation. With an intimate knowledge of enterprise information technology, this threat group presents a significant risk even to organizations with well-developed legacy cyber defenses.…
In today’s rapidly evolving SaaS environment, the focus is on human users. This is one of the most compromised areas in SaaS security management and requires strict governance of user roles and permissions, monitoring of privileged users, their level of activity (dormant, active, hyperactive), their type (internal/ external), whether they are joiners, movers, or leavers, and more.…
Passwords play a critical role in most organizations’ security. But they can also represent a significant expense. From the countless hours your service desk spends resetting passwords and unlocking accounts, to the massive cost of security incidents or data breaches, passwords cost you money.
While getting rid of passwords completely isn’t a realistic option for most organizations, there are things you can do to make them more secure and cost-effective.…
Federal Communications Commission (FCC) employees and cryptocurrency platforms have been targeted in mobile device phishing attacks employing a novel and advanced kit, cybersecurity firm Lookout warns.
Using the new kit, attackers create carbon copies of single sign-on (SSO) pages that trick victims into sharing their login credentials using a combination of email, SMS and vishing (voice phishing).…
Several phishing campaigns targeting employees of cryptocurrency platforms such as Binance and Coinbase and the Federal Communications Commission (FCC) have been discovered, including one dubbed CryptoChameleon, which targets cryptocurrency platforms and employees. Based on an analysis from Lookout, the victims of this attack primarily use Apple iOS and Google Android devices with SSO solutions, such as Okta, Outlook, and Google, with their Apple and Google accounts with single sign-on. …
Read More
A new phishing kit named CryptoChameleon is being used to target Federal Communications Commission (FCC) employees, using specially crafted single sign-on (SSO) pages for Okta that appear remarkably similar to the originals.
The same campaign also targets users and employees of cryptocurrency platforms, such as Binance, Coinbase, Kraken, and Gemini, using phishing pages that impersonate Okta, Gmail, iCloud, Outlook, Twitter, Yahoo, and AOL.…
A phishing kit dubbed CryptoChameleon has been discovered targeting cryptocurrency platforms, including employees of Binance and Coinbase — as well as the Federal Communications Commission (FCC).
According to an analysis from Lookout, the victims primarily use Apple iOS and Google Android devices with single sign-on (SSO) solutions, including Okta, Outlook, and Google.…