#CyberThreats

Perfctl malware strikes again as crypto-crooks target Docker Remote API servers

by

October 23, 2024 at 10:36PM Trend Micro researchers report that attackers are exploiting exposed Docker Remote API servers to deploy perfctl cryptomining malware. These vulnerabilities allow unauthorized access and control over Linux servers. To mitigate risks, organizations should implement strong access controls, monitor for suspicious activities, and adhere to container security best practices. ### Meeting … Read more

Samsung phone users under attack, Google warns

by

October 23, 2024 at 08:25PM Google security researchers identified a critical vulnerability (CVE-2024-44068) in Samsung’s Exynos mobile chips, allowing attackers to escalate privileges and remotely execute code. The flaw, rated 8.1 on the CVSS scale, affects multiple processor versions. Samsung issued a patch on October 7, but in-the-wild exploits have already emerged. ### Meeting Notes … Read more

Bumblebee Malware Is Buzzing Back to Life

by

October 23, 2024 at 09:40AM Bumblebee, a malware downloader previously targeted by Europol’s Operation Endgame, has resurfaced, indicating its resilience. New methods make it harder to detect, posing significant risks to corporate networks by enabling credential harvesting. Despite law enforcement efforts, cybercriminals demonstrate adaptability, necessitating robust cybersecurity measures and user training. ### Meeting Takeaways: 1. … Read more

Ransomware Gangs Use LockBit’s Fame to Intimidate Victims in Latest Attacks

by

October 23, 2024 at 06:36AM Threat actors are exploiting Amazon S3’s Transfer Acceleration feature for ransomware attacks to exfiltrate data. They use disguised Golang ransomware and hard-coded AWS credentials, affecting both Windows and macOS. Recent reports show a rise in ransomware incidents, with notable groups adapting their tactics amidst ongoing threats and vulnerabilities. ### Meeting … Read more

SecurityWeek’s 2024 ICS Cybersecurity Conference Kicks Off in Atlanta

by

October 22, 2024 at 08:59AM The 2024 ICS Cybersecurity Conference in Atlanta features over 80 sessions and hands-on training focused on addressing critical infrastructure cyber threats. **Meeting Takeaways:** – **Event Overview**: The Premier Industrial Cybersecurity Conference will feature over 80 sessions focused on critical infrastructure cyber threats. – **Training Opportunities**: The conference includes hands-on training … Read more

Google Warns of Samsung Zero-Day Exploited in the Wild

by

October 22, 2024 at 08:52AM A zero-day vulnerability in Samsung mobile processors has been exploited, enabling arbitrary code execution. Google has issued a warning about this security threat, highlighting the ongoing risks associated with the exploit. **Meeting Notes Takeaways:** 1. **Incident Overview**: A zero-day vulnerability in Samsung mobile processors has been identified and is currently … Read more

Using gRPC and HTTP/2 for Cryptominer Deployment: An Unconventional Approach

by

October 22, 2024 at 05:46AM Trend Micro researchers report a cyberattack targeting Docker remote API servers to deploy the SRBMiner cryptominer for mining XRP cryptocurrency. The attacker exploited the gRPC protocol over h2c to bypass security measures, checked Docker API availability, and deployed the miner, emphasizing the need for improved security configurations in Docker environments. … Read more

Chinese Nation-State Hackers APT41 Hit Gambling Sector for Financial Gain

by

October 21, 2024 at 10:02AM APT41, a Chinese state-sponsored cyber actor, conducted a sophisticated nine-month attack on the gambling and gaming industry, stealthily gathering sensitive data and evading detection by adapting strategies. Utilizing custom malware and exploiting credentials, they established persistence in the compromised network, targeting devices specifically within a designated VPN subnet. ### Meeting … Read more

Cyprus Thwarted a Digital Attack Against the Government’s Main Online Portal

by

October 20, 2024 at 06:29PM Cyprus successfully thwarted a DDoS attack targeting its central online government portal, ensuring continued access for users. **Meeting Takeaways:** 1. **Incident Report**: Cyprus successfully defended against a DDoS (Distributed Denial of Service) attack. 2. **Target**: The attack was aimed at disrupting access to the government’s central online portal. 3. **Outcome**: … Read more

ESET-Branded Wiper Attack Targets Israel; Firm Denies Compromise

by

October 18, 2024 at 01:30PM ESET denies reports of a cyberattack that compromised its platforms to target Israeli customers with wiper malware. The company addressed a recent security incident involving a malicious email campaign, which was blocked quickly. ESET asserts its technology is secure, while continuing to investigate the situation with its partner. ### Meeting … Read more