March 20, 2024 at 01:09PM Ivanti urges customers to patch Standalone Sentry and Ivanti Neurons for ITSM for critical vulnerabilities (CVE-2023-41724 and CVE-2023-46808). Neurons cloud landscapes are secure, while on-premises deployments remain vulnerable. Although there’s no evidence of exploitation, the urgency to apply the patch is stressed. Nation-state actors and other threat groups have exploited … Read more
March 20, 2024 at 08:54AM Permiso’s open-source tool aids security teams in pinpointing threat actors within their AWS and Azure environments. Based on the meeting notes, the open-source tool from Permiso can be used by security teams to identify threat actors within their AWS and Azure environments. Full Article
March 20, 2024 at 06:24AM Cybersecurity researchers have identified the advanced BunnyLoader 3.0 malware, capable of stealing information and cryptocurrency, while delivering additional malware to victims. The malware, developed by Player, has seen frequent updates aimed at evading detection and expanding its functionalities. It is part of the evolving landscape of malware-as-a-service. Based on the … Read more
March 19, 2024 at 10:12AM Generative AI, used in cyber threats, can create self-augmenting malware to evade YARA rules. This allows for the modification of malware code to bypass detection, posing risks in impersonation and reconnaissance operations. Organizations are urged to be cautious with publicly accessible images and videos to mitigate such threats. Additionally, there … Read more
March 19, 2024 at 06:48AM Threat actors are exploiting digital document publishing (DDP) sites like FlipSnack and Issuu for phishing attacks. These legitimate platforms allow the hosting of malicious documents, evading email security controls. The attackers create multiple accounts using free trial periods, and the DDP sites’ features make it challenging to detect and extract … Read more
March 18, 2024 at 06:15PM Machine-learning model platforms, such as Hugging Face, are vulnerable to attacks similar to those experienced by npm, PyPI, and other open source repositories. These attacks have been successfully executed by threat actors for years. It seems from the meeting notes that the discussion highlighted the susceptibility of machine-learning model platforms … Read more
March 18, 2024 at 04:53PM Summary: A sophisticated hacking campaign by the Chinese APT group Earth Krahang has targeted 70 organizations in 45 countries since early 2022, primarily focusing on government entities. The attackers exploit vulnerabilities and use spear-phishing to deploy custom backdoors for cyber espionage, abusing breached government infrastructure to target other governments and … Read more
March 16, 2024 at 09:21AM Cybersecurity researchers discovered several GitHub repositories containing cracked software used to distribute the RisePro information stealer. The campaign, named gitgub, included 17 repositories taken down by Microsoft-owned subsidiary due to the threat. The RAR archive in the software contains an installer file that deploys the RisePro, a C++-based malware targeting … Read more
March 13, 2024 at 06:33AM Fortinet announced patches for critical vulnerabilities in its network security and management products. The flaws, including CVE-2023-42789 and CVE-2023-48788, could lead to code execution and were resolved in various product versions. Additionally, high-severity and medium-severity bugs were also patched. Users are urged to apply the patches promptly to avoid potential … Read more
March 12, 2024 at 04:11PM Threat actors targeted Ivanti edge devices earlier this year. One-day exploit CVE-2024-21887 in Ivanti Connect Secure and Policy Secure gateways, rated 9.1/10, was quickly capitalized on by “Magnet Goblin.” Known for exploiting one-days in public-facing services, this group deploys malware capable of flying under the radar, emphasizing the need for … Read more