April 19, 2024 at 02:10PM The UNDP is investigating a cyberattack in which threat actors stole human resources data from its IT systems in Copenhagen. The organization is assessing the incident’s impact and working with affected individuals to protect their personal information. While the specific threat group has not been identified, a ransomware gang claims … Read more
April 19, 2024 at 10:48AM BlackTech has targeted technology, research, and government sectors in the Asia-Pacific region with cyber attacks. They have updated their modular backdoor called Waterbear and introduced its enhanced successor, Deuterbear. Trend Micro researchers describe the complexity of Waterbear and its evasive techniques. Earth Hundun, the threat actor, has been active since … Read more
April 18, 2024 at 12:40PM Hackers are increasingly targeting SAP applications and data in organizations, driven by migration to the cloud and improved ability to exploit security gaps. Ransomware attacks on SAP systems have risen by 400%, with pricing for SAP exploits following suit. Threat actors, including APT10 and FIN7, are exploiting vulnerabilities in various … Read more
April 18, 2024 at 08:42AM Over 32 years in cybersecurity, managing risks related to service accounts has been a constant challenge. Service accounts should have limited access and perform specific functions. However, managing and securing them is often overlooked. Common gaps in knowledge include lack of visibility and understanding of the necessity and ownership of … Read more
April 18, 2024 at 01:10AM A new malvertising campaign by Google uses multiple fake domains to distribute the backdoor “MadMxShell,” targeting users searching for IP scanning and IT management software. The Windows backdoor is distributed through JavaScript code and DLL side-loading, using DNS MX queries for command-and-control. The threat actor’s origins and motivations are currently … Read more
April 17, 2024 at 01:13PM Russian military intelligence-linked group Sandworm, also known as APT44, has been conducting cyber attacks by posing as hacktivist groups on multiple Telegram channels. The group employs various methods, including phishing and supply-chain compromise, to target Ukraine and other countries, with potential plans to interfere in national elections. Sandworm has transitioned … Read more
April 17, 2024 at 10:25AM The term “dark web” refers to websites ending in .onion accessed through a special browser, Tor. Monitoring such sites can provide value in identifying leaked credentials, understanding cybercrime, and stopping attacks. Flare’s TEM solution scans the dark web and illicit Telegram channels to identify and prioritize risks, replacing multiple tools. … Read more
April 17, 2024 at 07:12AM Threat actors exploit an unpatched Atlassian server vulnerability (CVE-2023-22518) to deploy Linux Cerber ransomware. This creates a critical security risk, leading to loss of system control. Ransomware payloads are executed using a web shell, encrypting files and dropping ransom notes. The use of C++ payloads is noted, and new ransomware … Read more
April 15, 2024 at 03:50PM Palo Alto Networks released hotfixes to address a zero-day bug (CVE-2024-3400) in PAN-OS software, allowing threat actors to deploy a Python backdoor on affected firewalls. The attacks were limited, but the potential for further exploitation exists. The US CISA has prioritized addressing the flaw, and security experts warn of the … Read more
April 15, 2024 at 09:39AM The cyber threat actor “Muddled Libra” is targeting SaaS applications and cloud service provider environments to exfiltrate sensitive data. They leverage sophisticated techniques, such as social engineering and reconnaissance, to gain unauthorized access and utilize various tactics for data exfiltration. Their activities pose new challenges, requiring organizations to enhance their … Read more