#dataexfiltration – Page 2

China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks

November 20, 2024 by Xynik

November 20, 2024 at 02:27AM A new China-linked cyber espionage group named Liminal Panda targets telecommunications entities in South Asia and Africa, employing advanced tools for unauthorized access and data extraction. CrowdStrike highlights prior misattribution and notes that these activities exploit trust relationships among telecom providers, underscoring vulnerabilities in critical infrastructure to state-sponsored attacks. ### … Read more

Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials

November 16, 2024 by Xynik

November 16, 2024 at 02:24AM A threat actor named BrazenBamboo has exploited a zero-day vulnerability in Fortinet’s FortiClient for Windows to extract VPN credentials using a tool called DEEPDATA. Discovered by Volexity, this malware, used in cyber espionage, is part of a broader framework encompassing various communication platforms and data exfiltration capabilities. ### Meeting Takeaways … Read more

Researchers Warn of Privilege Escalation Risks in Google’s Vertex AI ML Platform

November 15, 2024 by Xynik

November 15, 2024 at 08:30AM Cybersecurity researchers uncovered two vulnerabilities in Google’s Vertex AI platform that could allow exploitation for privilege escalation and data exfiltration. Attackers could manipulate job permissions to access restricted resources and deploy malicious models to extract sensitive information. Google has addressed these issues, urging organizations to implement stricter model deployment controls. … Read more

Cloud Ransomware Flexes Fresh Scripts Against Web Apps

November 14, 2024 by Xynik

November 14, 2024 at 12:48PM Cloud-targeting ransomware is shifting focus to unprotected web applications, particularly PHP, exploiting vulnerabilities to encrypt data. New scripts, like “Pandora,” use advanced tactics for attack and data exfiltration. Protecting against these threats requires assessing cloud environments, managing permissions, and enforcing strong identity management practices, including MFA. ### Takeaways from the … Read more

Breaking Down Earth Estries’ Persistent TTPs in Prolonged Cyber Operations

November 8, 2024 by Xynik

November 8, 2024 at 04:49AM Earth Estries utilizes two distinct attack chains, exploiting vulnerabilities especially in Microsoft Exchange servers. The first chain employs CAB-delivered tools like PsExec and Cobalt Strike for lateral movement. The second chain uses web shells and backdoors like Zingdoor for data exfiltration. Continuous updates confirm their persistent threat. ### Meeting Takeaways … Read more

Hackers increasingly use Winos4.0 post-exploitation kit in attacks

November 6, 2024 by Xynik

November 6, 2024 at 04:28PM Hackers are increasingly using the Winos4.0 framework to target Windows users, especially in China, through game-related apps. The malware executes a multi-step infection process, collects system data, and can evade security tools. Fortinet and Trend Micro have noted its potent capabilities, indicating a rise in malicious campaigns. ### Meeting Takeaways … Read more

Attacker Hides Malicious Activity in Emulated Linux Environment

November 5, 2024 by Xynik

November 5, 2024 at 05:34PM Securonix identified a novel cyberattack campaign, CRON#TRAP, where attackers use an emulated Linux environment to stage malware undetected. This technique, utilizing QEMU and Tiny Core Linux, allows covert data harvesting. Targeting North America, the campaign highlights the need for stronger phishing defenses and endpoint monitoring by organizations. ### Meeting Takeaways … Read more

FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions

November 5, 2024 by Xynik

November 5, 2024 at 12:36PM The FBI is investigating cyber intrusions involving malware targeting sensitive data from companies and government networks by Chinese state-sponsored groups. Reports by Sophos reveal attacks leveraging multiple vulnerabilities, shifting from widespread to targeted attacks since 2021, compromising critical infrastructure mainly in South and Southeast Asia. ### Meeting Takeaways: 1. **FBI … Read more

Fake LockBit, Real Damage: Ransomware Samples Abuse Amazon S3 to Steal Data

November 5, 2024 by Xynik

November 5, 2024 at 02:48AM Golang ransomware abuses Amazon S3 Transfer Acceleration to exfiltrate victim files to attacker-controlled buckets, leveraging hard-coded AWS credentials. It disguises itself as LockBit ransomware to manipulate victims. AWS confirmed that this activity violates their policy, leading to account suspensions, highlighting the importance of monitoring cloud security. ### Key Takeaways from … Read more

APT36 Refines Tools in Attacks on Indian Targets

November 4, 2024 by Xynik

November 4, 2024 at 05:50PM Pakistan’s APT36 group has enhanced its ElizaRAT malware, targeting Indian government and military entities. The latest variant features improved evasion techniques, ApoloStealer for data collection, and utilizes legitimate services for command-and-control. Recent campaigns show a shift to cloud-based communication and a modular approach to malware deployment, emphasizing intelligence gathering. **Meeting … Read more