November 15, 2024 at 06:58AM Threat actors have seized over 70,000 domains, targeting well-known brands and government entities due to inadequate domain ownership verification. This highlights vulnerabilities in domain management and the risks associated with lax security measures. The information was reported by SecurityWeek. **Meeting Takeaways:** 1. **Incident Overview:** Over 70,000 domains have been hijacked … Read more
November 13, 2024 at 05:36PM The Cybersecurity and Infrastructure Security Agency’s report reveals that zero-day vulnerabilities were the most exploited in 2023, a shift from 2022. Key exploits stemmed from Citrix and Cisco. CISA recommends organizations enhance defenses with EDR, web application firewalls, and network tools to mitigate ongoing risks. ### Meeting Takeaways 1. **CISA … Read more
November 11, 2024 at 04:18AM Trend Micro, in collaboration with various Japanese organizations, analyzed SEO malware relationships and their role in fake e-commerce scams. They identified distinct threat actor groups using specific and multiple malware families, showcasing how these malwares share infrastructure to optimize SEO poisoning attacks. Findings were presented at the 2024 IEEE Conference. … Read more
November 6, 2024 at 02:04PM Nokia is investigating a potential cyberattack by the group IntelBroker, which claims to have stolen internal data. So far, Nokia reports no evidence of system breaches. The incident highlights risks from third-party contractors accessing sensitive data. Experts suggest enhancing identity management to prevent similar breaches in the future. ### Meeting … Read more
November 5, 2024 at 03:58PM Hackers known as “Hellcat” claim to have stolen over 40GB of sensitive data from Schneider Electric, demanding a $125,000 ransom. They breached the company’s Jira system and threatened to release the data if their demands are unmet. Schneider Electric is investigating, acknowledging unauthorized access but not confirming the theft. ### … Read more
November 4, 2024 at 03:26PM Threat actors are exploiting DocuSign’s Envelopes API to send fake invoices impersonating brands like Norton and PayPal. By using a legitimate DocuSign domain, they bypass email security measures, misleading targets into e-signing documents that authorize fraudulent payments. This abuse has been reported extensively by concerned users. ### Meeting Takeaways 1. … Read more
November 4, 2024 at 12:49PM The UK’s NCSC analyzed “Pygmy Goat,” a Linux malware targeting Sophos XG firewalls used in attacks by Chinese threat actors. It employs advanced techniques for maintaining persistence and remote access. The report offers detection strategies and highlights similarities with “Castletap” malware linked to state-sponsored actors. ### Meeting Takeaways 1. **Malware … Read more
October 31, 2024 at 06:21PM Sophos revealed its “Pacific Rim” reports detailing ongoing conflicts with Chinese threat actors over five years. These groups exploit vulnerabilities in networking devices to deploy malware, monitor communications, and facilitate attacks. Sophos has investigated multiple incidents, attributing them to actors like Volt Typhoon, APT31, and APT41/Winnti. ### Meeting Takeaways: Sophos … Read more
October 31, 2024 at 04:10PM Microsoft has reported that Chinese threat actors utilize the Quad7 botnet, composed of hacked SOHO routers, for password-spray attacks to steal credentials. The botnet employs custom malware for remote access and evades detection using a SOCKS5 proxy. Once credentials are obtained, networks are compromised to exfiltrate data. ### Meeting Takeaways … Read more
October 21, 2024 at 05:20PM Threat actors exploited CVE-2024-37383, a stored XSS vulnerability in Roundcube Webmail, targeting CIS government organizations. This medium-severity flaw allows malicious JavaScript execution via crafted emails to steal credentials. System administrators are urged to update to version 1.6.9, as earlier versions remain vulnerable to attacks. ### Meeting Takeaways 1. **Threat Overview**: … Read more