May 18, 2024 at 02:27PM A ransomware operation targeted Windows system administrators by using Google ads to promote fake download sites for WinSCP and PuTTY. The counterfeit sites hosted trojanized installers and exploited DLL sideloading to install the Sliver post-exploitation toolkit, allowing remote access and potential deployment of ransomware. This campaign utilized typosquatting and displayed … Read more
May 17, 2024 at 08:09AM Seven Windows privilege escalation vulnerabilities discovered at Pwn2Own 2024 remain unpatched by Microsoft, with only one fix issued so far. Trend Micro’s Zero Day Initiative, which oversees Pwn2Own, notes the potential threat these bugs pose. Microsoft’s lag in resolving these issues contrasts with prompt actions by other tech companies, prompting … Read more
May 14, 2024 at 08:35AM Threat actors are using DNS tunneling to track email delivery and victim interaction with malicious domains, scan networks, and perform reflection attacks. Palo Alto Networks has identified three campaigns employing this technique, tracking over 700 victims with 75 IP addresses resolving 658 domains. Organizations should update resolver software to mitigate … Read more
May 13, 2024 at 01:56PM Threat actors use DNS tunneling to track targets’ interactions with phishing emails, scan networks for vulnerabilities, and bypass firewalls. They encode data in DNS queries using algorithms like Base16 or Base64. “TrkCdn” and “SecShow” campaigns demonstrate how attackers track victims and scan networks using DNS tunneling. Unit 42 recommends DNS … Read more
May 13, 2024 at 10:07AM Authentication tokens, crucial for cybersecurity, allow secure logins and app access. However, they pose risks if compromised. Threat actors exploit unexpired tokens, leading to breaches. Companies should adopt aggressive token management, including expiring tokens every seven days and limiting access from personal devices. These actions can significantly mitigate the risk … Read more
May 1, 2024 at 02:58PM Identity management startup Oasis Security secured $35 million in a Series A extension round, totaling $75 million raised. The round, led by Accel, Cyberstarts, and Sequoia Capital, aims to help organizations manage Non-Human Identities (NHI) securely. Their software offers agentless connection, built-in analytics, severity scoring, and tailored remediation. The funding … Read more
April 30, 2024 at 01:37PM Industrial cyber attackers are increasingly utilizing USB devices to breach operational technology (OT) networks, employing old malware and vulnerabilities. USBs enable attackers to cross air gaps that separate OT and IT networks, making them an effective threat vector. Defenses against these threats include strict USB policies, scanning stations, and file … Read more
April 26, 2024 at 10:04AM In the IT security space, even small issues can lead to serious threats, causing stress and burnout for security professionals. Chief information security officers (CISOs) face personal liability for their organizations’ security. While other areas prioritize speed and minimal viable products, security teams must consider regulations. The MVC approach focuses … Read more
April 26, 2024 at 06:12AM Threat actors are exploiting a critical-severity vulnerability (CVE-2024-27956, CVSS score 9.8) in WordPress Automatic plugin, allowing them to inject malicious code, gain admin privileges, create new accounts, and maintain access to compromised sites. Over 5 million exploit attempts have been seen. Users are advised to update to version 3.92.1 to … Read more
April 25, 2024 at 05:42PM Microsoft conducts extensive analysis of cybersecurity trends, identifying five key attack trends: stealth using existing tools, combining cyber and influence operations, targeting SOHO network edge devices, adopting publicly disclosed POCs for access, and specializing within the ransomware economy. Understanding these trends can help organizations prevent future breaches by staying vigilant. … Read more