November 19, 2024 at 06:11PM Chinese government-affiliated hackers are exploiting a zero-day vulnerability in Fortinet’s Windows VPN client to steal sensitive information, including credentials. Volexity identified the issue and reported it to Fortinet, which has yet to release a fix. The attackers use a tool called DeepData, capable of extensive data theft. ### Meeting Takeaways … Read more
November 15, 2024 at 06:51AM A Vietnamese-speaking threat actor is using a new malware, PXA Stealer, to target government and educational institutions in Europe and Asia, stealing sensitive information, including credentials and financial data. The malware is delivered via phishing emails and is associated with a Telegram group selling compromised account credentials. ### Meeting Takeaways … Read more
November 13, 2024 at 07:15AM The rise of SaaS and cloud environments has increased cybersecurity threats, particularly through browsers. LayerX released a guide, “Kickstarting Your Browser Security Program,” outlining steps for implementing browser security, including threat mapping, stakeholder collaboration, and gradual rollouts. Successful programs adapt to evolving risks, focusing on data protection and credential safety. … Read more
November 12, 2024 at 12:52PM Researchers identified a tool named GoIssue on a cybercrime forum aimed at GitHub users for bulk credential theft and malicious activities. It automates email harvesting from GitHub profiles for phishing campaigns. Potentially linked to an earlier extortion campaign, it enhances risks for developers, urging vigilance against suspicious communications. ### Meeting … Read more
November 8, 2024 at 04:49AM Earth Estries utilizes two distinct attack chains, exploiting vulnerabilities especially in Microsoft Exchange servers. The first chain employs CAB-delivered tools like PsExec and Cobalt Strike for lateral movement. The second chain uses web shells and backdoors like Zingdoor for data exfiltration. Continuous updates confirm their persistent threat. ### Meeting Takeaways … Read more
November 7, 2024 at 05:04AM A malicious package named “fabrice” on PyPI has stealthily stolen AWS credentials from developers for over three years, with over 37,100 downloads. It exploits trust in the legitimate library “fabric,” using various payloads to execute attacks on both Linux and Windows systems, facilitating credential theft. ### Meeting Takeaways – Nov … Read more
November 4, 2024 at 04:01AM Barracuda has identified a widespread phishing campaign impersonating OpenAI, aiming to steal ChatGPT credentials from businesses globally. This large-scale effort poses significant security risks as it targets various organizations. **Meeting Takeaways:** 1. **Observation of Campaign**: Barracuda has identified a significant impersonation campaign targeting OpenAI. 2. **Objective of the Campaign**: The … Read more
November 1, 2024 at 07:33AM Cybersecurity researchers have uncovered a campaign, EMERALDWHALE, targeting exposed Git configurations to steal credentials from over 10,000 private repositories. The operation exploits tools to access sensitive files and collect data, leading to extensive credential theft for phishing purposes. A list of 67,000 exposed URLs is being sold online. ### Meeting … Read more
October 31, 2024 at 08:04PM Security researchers uncovered a criminal operation named Emeraldwhale, which exposed over 15,000 cloud service and email credentials in an unsecured AWS S3 bucket. The attackers used sophisticated tools to exploit misconfigured servers, targeting Git directories. Although linked to French-speaking malware, Emeraldwhale’s affiliation with a specific criminal group remains unclear. ### … Read more
October 31, 2024 at 08:37AM Sysdig researchers discovered a misconfigured S3 bucket linked to EmeraldWhale, revealing 1.5 terabytes of stolen credentials and scripts. This incident led to the exposure of 15,000 stolen credentials, highlighting significant security vulnerabilities. ### Meeting Notes Summary: 1. **Incident Detected**: Sysdig researchers identified a significant misconfiguration in an S3 bucket linked … Read more