September 24, 2024 at 11:54AM Mandiant’s report uncovers UNC1860 as an Iranian APT group gaining initial access to Middle Eastern networks, potentially sponsored by the Iranian government. The group employs specialized tools like TemplePlay and ViroGreen to gain access and maintain long-term control, presenting a significant threat to Middle Eastern entities. From the meeting notes, … Read more
September 24, 2024 at 01:37AM An advanced persistent threat (APT) linked to Iran’s Ministry of Intelligence and Security (MOIS) provides initial access to Iranian state hacking groups, targeting valuable networks across sectors like government, media, and telecommunications. UNC1860 deploys a range of custom malware tools and backdoors to establish a foothold, staying undetected by focusing … Read more
September 23, 2024 at 01:30PM An American collaborator helped fake North Korean IT workers secure jobs at US companies, generating $7 million in revenue over three years. The scheme impacted 300 companies, with one facilitator compromising over 60 identities. This operation aims to fund North Korea’s nuclear and ballistic missile programs while using sophisticated evasion … Read more
August 21, 2024 at 07:42AM A privilege escalation vulnerability in Microsoft Azure Kubernetes Services allowed attackers to access sensitive information, including cluster credentials. The flaw impacted clusters using Azure CNI and Azure for network policy. Exploiting this flaw, attackers could access secrets, compromise clusters, and abuse cloud services and metadata servers, potentially leading to network … Read more
August 20, 2024 at 05:14PM Microsoft addressed a critical privilege escalation vulnerability in its Azure Kubernetes Service (AKS). Attackers could gain access to credentials and perform malicious actions in affected AKS clusters. The vulnerability, which did not require special privileges, led to unauthorized access to cluster contents. Security teams should audit AKS configurations and take … Read more
July 19, 2024 at 04:33AM Summary: Global shipping, logistics, media, technology, and automotive organizations in various countries are targeted by China-based APT41 hacking group, using web shells, custom droppers, and publicly available tools for unauthorized access and data exfiltration. Meanwhile, another threat group, GhostEmperor, is using a variant of the Demodex rootkit in a cyber … Read more
June 19, 2024 at 11:21AM A China-based cyber espionage group, UNC3886, has been using zero-day exploits to target Fortinet, Ivanti, and VMware systems, gaining access to sensitive information in various industries. The group has developed techniques to avoid detection, including using rootkits and backdoors to maintain access. Organizations are advised to follow security recommendations from … Read more
June 18, 2024 at 09:08AM The recent attacks on customer accounts hosted on the Snowflake data warehousing platform may indicate a shift towards targeting SaaS application environments by threat actors. A threat group, UNC3944, has broadened its focus to enterprise SaaS applications and uses tactics like ransomware attacks, credential phishing, social engineering, and creating new … Read more
May 14, 2024 at 07:40AM Google has patched a second zero-day vulnerability, CVE-2024-4761, in Chrome just days after fixing CVE-2024-4671. Both flaws were exploited in attacks, with CVE-2024-4761 described as a high-severity issue. An anonymous researcher reported the vulnerability, and an exploit for it has been developed, but its effectiveness is unknown. Eight zero-days targeted … Read more
April 23, 2024 at 10:13AM Mandiant’s M-Trends 2024 report indicates improved defenses, but attackers still hold the advantage, despite enhanced detection capabilities. This is highlighted in SecurityWeek’s article “The Battle Continues: Mandiant Report Shows Improved Detection But Persistent Adversarial Success.” Based on the meeting notes, the key takeaway is that Mandiant’s M-Trends 2024 report indicates … Read more