October 22, 2024 at 06:18AM Cybersecurity researchers identified suspicious npm registry packages designed to steal Ethereum private keys and gain SSH access to victim machines. These packages impersonate legitimate libraries, requiring developers to use them to trigger malware. Previous similar attacks included a malicious package that exfiltrated keys to a server in China. ### Meeting … Read more
October 22, 2024 at 05:30AM Palo Alto Networks has enhanced its OT Security solution by incorporating new capabilities for remote access, virtual patching, and firewall functionality. **Meeting Takeaways:** 1. **New Capabilities Added**: Palo Alto Networks has enhanced its OT Security solution. 2. **Specific Enhancements**: – New remote access features – Virtual patching capabilities – Improved … Read more
October 19, 2024 at 03:54AM A new threat group named Crypt Ghouls is targeting Russian businesses and government agencies with ransomware attacks aimed at disruption and financial gain. They utilize various tools and exploit contractor credentials via VPNs. The ransomware used includes LockBit 3.0 and Babuk, complicating the identification of specific malicious actors. ### Meeting … Read more
October 16, 2024 at 04:03PM A critical credential vulnerability in SolarWinds’ Web Help Desk (CVE-2024-28987) allows unauthenticated remote access. Although patched in version 12.8.3 HF2, many instances remain vulnerable. The flaw is exploited by criminals, with significant risks of sensitive data exposure. This is SolarWinds’ second critical bug for the product in two months. ### … Read more
October 2, 2024 at 11:24AM Mustang Panda, a Chinese APT group, is conducting a cyber-espionage campaign via malicious emails and the use of Visual Studio Code (VS Code) to distribute Python-based malware. Its tactics include establishing remote access to infected machines, exfiltrating data, and employing legitimate entities like GitHub for unauthorized access. Organizations are advised … Read more
September 20, 2024 at 04:21PM North Korean threat group, Gleaming Pisces, is suspected of covertly embedding remote access malware into open source Python packages for macOS and Linux, targeting developers. The malware, named PondRAT, executes malicious code to download a trojan. The group’s focus on non-Windows systems reflects its audience: developers. Vigilance against phishing attacks … Read more
September 11, 2024 at 10:04AM The exploding demand for remote access has created a vulnerable attack surface for industrial control systems, with many using multiple inadequate remote access tools. Critical infrastructure sectors are at risk, and cyberattackers have already exploited such tools in high-profile breaches. The report emphasizes the need for better management, security standards, … Read more
September 10, 2024 at 10:27AM Cyber-physical systems security firm Claroty warns that excessive use of remote access tools in operational technology (OT) environments can heighten cybersecurity risks. Their analysis reveals that 55% of organizations use four or more remote access tools, with some relying on 15-16, many lacking essential security features. This poses serious security … Read more
August 30, 2024 at 02:42AM Chinese-speaking users are being targeted in a sophisticated cyber espionage campaign called SLOW#TEMPEST, using phishing emails to infect Windows systems with Cobalt Strike payloads. The attackers established persistence within systems, conducted reconnaissance, and set up remote access, allowing them to move laterally across networks undetected. The campaign appears to be … Read more
August 29, 2024 at 02:30PM Middle Eastern organizations are being targeted by threat actors using malware disguised as the legitimate Palo Alto GlobalProtect Tool. This malware can steal data and execute remote PowerShell commands to infiltrate internal networks. Based on the meeting notes, the main takeaway is that threat actors are targeting Middle Eastern organizations … Read more