#CyberThreats

Flying Under the Radar – Security Evasion Techniques

by

November 25, 2024 at 07:33AM Phishing and malware evasion techniques have evolved significantly, becoming more sophisticated over the years. Hackers employ various strategies, including anti-research techniques and complex redirection methods, to bypass security measures. Ongoing adaptation between attackers and defenders highlights the importance of phishing training, credential monitoring, and advanced threat detection solutions. ### Meeting … Read more

THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 18 – Nov 24)

by

November 25, 2024 at 06:27AM This week’s cybersecurity recap emphasizes the pervasive digital risks we face daily, from telecom breaches to critical vulnerabilities in software. Key incidents include attacks by Liminal Panda and exploits of Palo Alto Networks’ flaws. Staying informed and prepared can mitigate risks and enhance cybersecurity, benefiting everyone, not just experts. ### … Read more

Trump taps border hawk to head DHS. Will Noem’s ‘enthusiasm’ extend to digital domain?

by

November 23, 2024 at 12:49PM President-elect Donald Trump nominated South Dakota Governor Kristi Noem as Homeland Security Secretary, emphasizing her hardline immigration policies. Noem’s cybersecurity background will be tested amidst rising threats. Critics worry CISA may shift focus away from disinformation and election security under her leadership, while she promotes state-led cybersecurity initiatives. ### Meeting … Read more

1000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole

by

November 22, 2024 at 04:31PM Attackers exploited two recently patched vulnerabilities in Palo Alto Networks firewalls, compromising around 2,000 devices initially but down to 800 later. They deployed backdoors, malware, and cryptocurrency miners. The vulnerabilities enabled remote code execution, and the vendor continues to reference only a “limited number” of affected systems. ### Meeting Takeaways: … Read more

Hackers breach US firm over Wi-Fi from Russia in ‘Nearest Neighbor Attack’

by

November 22, 2024 at 02:34PM Russian state hackers APT28 breached a U.S. company by executing a “nearest neighbor attack” via its enterprise WiFi, compromising nearby organizations first. Discovered on February 4, 2022, the incident involved credential theft and sophisticated lateral movement within the target network. Enhanced WiFi security is necessary to mitigate such risks. ### … Read more

Chinese APT Gelsemium Deploys ‘Wolfsbane’ Linux Variant

by

November 21, 2024 at 03:32PM Recent modifications to Chinese backdoors, particularly Gelsemium’s new tools Wolfsbane and Firewood, target Linux systems, marking a significant shift in malware development. As organizations increasingly adopt Linux, experts highlight a surge in Linux-based cyber threats, with 54% of endpoint attacks affecting Linux in 2023. ### Meeting Takeaways 1. **Emergence of … Read more

Scattered Spider Cybercrime Members Face Prison Time

by

November 21, 2024 at 01:56PM The Department of Justice has charged five members of the hacking group “Scattered Spider” with various crimes related to cyberattacks on companies like MGM Resorts and Caesar’s Palace. Allegations include phishing and stealing sensitive data, cryptocurrencies, and identity information. They face significant prison sentences if convicted. ### Meeting Takeaways: 1. … Read more

CISA says BianLian ransomware now focuses only on data theft

by

November 21, 2024 at 01:39PM The BianLian ransomware group has transitioned to primarily data theft extortion techniques, as noted in a U.S. and Australian advisory. Since January 2024, they focus exclusively on this method, employing new tactics like exploiting Windows vulnerabilities and using RDP for access. Recent attacks include breaches of notable organizations. ### Meeting … Read more

‘Alarming’ bugs lay low in Ubuntu Server utility for 10 years

by

November 21, 2024 at 10:08AM Qualys researchers revealed five critical vulnerabilities in Ubuntu Server’s needrestart utility that allow unprivileged attackers to gain root access. Though they developed exploit code, they won’t release it due to its alarming nature. Admins are urged to update to version 3.8 or later to mitigate risks. **Meeting Takeaways:** 1. **Vulnerabilities … Read more

Cyber Story Time: The Boy Who Cried “Secure!”

by

November 21, 2024 at 07:15AM Automated Security Validation (ASV) tools provide continuous real-time assessments of cybersecurity defenses. Unlike vulnerability scanners, ASVs validate fixes against threats, preventing false negatives. This article underscores the importance of ASVs in identifying security gaps through real-time testing, illustrated by the fable of “The Boy Who Cried Wolf.” ### Meeting Takeaways: … Read more