Microsoft NTLM Zero-Day to Remain Unpatched Until April

December 9, 2024 at 05:44PM Microsoft issued guidance to mitigate NTLM relay attacks following the discovery of a zero-day bug affecting all Windows versions, enabling credential theft through malicious files. The bug’s fix is anticipated in April. Organizations are advised to enable Extended Protection for Authentication (EPA) to strengthen defenses against these vulnerabilities. ### Meeting … Read more

Crooks stole AWS credentials from misconfigured sites then kept them in open S3 bucket

December 9, 2024 at 11:20AM Security researchers report an ongoing massive online heist targeting AWS customers, exploiting public website misconfigurations to steal source codes, credentials, and secrets. The criminal operation, linked to the Nemesis and ShinyHunters gangs, remains active. Misconfigurations allowing these breaches are attributed to customer oversight, not AWS itself. ### Meeting Takeaways 1. … Read more

Micropatchers share 1-instruction fix for NTLM hash leak flaw in Windows 7+

December 6, 2024 at 06:47PM Acros Security has identified an unpatched NTLM vulnerability in Windows 7 and later versions, allowing potential theft of user credentials through malicious files. Acros plans to release a free micropatch while awaiting Microsoft’s response. The vulnerability affects a wide range of Windows systems, prompting concerns about security amid upcoming OS … Read more

New Windows zero-day exposes NTLM credentials, gets unofficial patch

December 6, 2024 at 11:37AM A new zero-day vulnerability allows attackers to capture NTLM credentials via malicious files in Windows Explorer, affecting all Windows versions from 7 to 11. Discovered by 0patch, the flaw lacks an official fix from Microsoft. 0patch will provide a free micropatch while users can also disable NTLM authentication. ### Meeting … Read more

North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks

December 3, 2024 at 04:52AM North Korea-aligned Kimsuky is linked to phishing attacks using Russian sender addresses to steal credentials. These attacks, primarily targeting South Korean users, exploit email services and impersonate institutions like Naver. Kimsuky utilizes compromised servers and tools for spoofing to evade security, aiming for account hijacking and further attacks. ### Meeting … Read more

New Rockstar 2FA phishing service targets Microsoft 365 accounts

November 29, 2024 at 02:09PM A new phishing-as-a-service platform called ‘Rockstar 2FA’ has been launched, enabling large-scale adversary-in-the-middle (AiTM) attacks to compromise Microsoft 365 credentials. This service makes it easier for criminals to conduct phishing attacks on a broader scale. ### Meeting Takeaways: 1. **Introduction of ‘Rockstar 2FA’**: A new phishing-as-a-service (PhaaS) platform has been … Read more

Hackers abuse popular Godot game engine to infect thousands of PCs

November 27, 2024 at 04:19PM Hackers have leveraged the GodLoader malware to exploit the Godot game engine, infecting over 17,000 systems in under three months. Utilizing GDScript, they bypass detection and deliver malicious payloads via GitHub repositories. The attackers operate through the Stargazers Ghost Network, targeting gamers across multiple platforms while evading antivirus tools. ### … Read more

China-linked group abuses Fortinet 0-day with post-exploit VPN-credential stealer

November 19, 2024 at 06:11PM Chinese government-affiliated hackers are exploiting a zero-day vulnerability in Fortinet’s Windows VPN client to steal sensitive information, including credentials. Volexity identified the issue and reported it to Fortinet, which has yet to release a fix. The attackers use a tool called DeepData, capable of extensive data theft. ### Meeting Takeaways … Read more

Vietnamese Hacker Group Deploys New PXA Stealer Targeting Europe and Asia

November 15, 2024 at 06:51AM A Vietnamese-speaking threat actor is using a new malware, PXA Stealer, to target government and educational institutions in Europe and Asia, stealing sensitive information, including credentials and financial data. The malware is delivered via phishing emails and is associated with a Telegram group selling compromised account credentials. ### Meeting Takeaways … Read more

Comprehensive Guide to Building a Strong Browser Security Program

November 13, 2024 at 07:15AM The rise of SaaS and cloud environments has increased cybersecurity threats, particularly through browsers. LayerX released a guide, “Kickstarting Your Browser Security Program,” outlining steps for implementing browser security, including threat mapping, stakeholder collaboration, and gradual rollouts. Successful programs adapt to evolving risks, focusing on data protection and credential safety. … Read more