#threatactors

Russian SVR-Linked APT29 Targets JetBrains TeamCity Servers in Ongoing Attacks

by

December 14, 2023 at 06:24AM Russian threat actors linked to APT29 and SVR have been targeting unpatched JetBrains TeamCity servers since September 2023, exploiting CVE-2023-42793. This involves initial access to the compromised network environments and subsequent deployment of backdoors. The attacks aim to compromise source code, signing certificates, and software deployment processes, impacting numerous sectors … Read more

SAP Patches Critical Vulnerability in Business Technology Platform

by

December 12, 2023 at 02:06PM SAP announced 15 new and two updated security notes in its December 2023 Security Patch Day. This includes ‘hot news’ notes addressing vulnerabilities in SAP Business Technology Platform, Business Client, and OS command injection flaws in SAP ECC and SAP S/4HANA. Various other high and medium-priority issues were also resolved. … Read more

New PoolParty Process Injection Techniques Outsmart Top EDR Solutions

by

December 11, 2023 at 01:18AM A new set of process injection techniques called PoolParty was presented at Black Hat Europe 2023. These techniques allow code execution in Windows while evading endpoint detection and response systems. SafeBreach researcher Alon Leviev highlighted their capability to work across all processes, making them more flexible than existing techniques. PoolParty … Read more

Privilege elevation exploits used in over 50% of insider attacks

by

December 8, 2023 at 12:20PM Insider threats using privilege escalation flaws are on the rise, with 55% of incidents relying on privilege escalation exploits and 45% introducing risks through downloading risky tools. Crowdstrike reports that insider attacks cost an average of $648,000 for malicious and $485,000 for non-malicious incidents. Additionally, introducing flaws into networks increases … Read more

General Electric, DARPA Hack Claims Raise National Security Concerns

by

November 28, 2023 at 05:33AM General Electric (GE) and the Defense Advanced Research Projects Agency (DARPA) have experienced a breach, with stolen data reportedly up for sale on the Dark Web. GE confirms knowledge of the stolen data and is investigating the issue. The breach raises concerns about the potential for follow-on cyberattacks targeting federal … Read more

North Korea makes finding a gig even harder by attacking candidates and employers

by

November 22, 2023 at 08:37PM Palo Alto Networks’ Unit 42 has identified two hacking schemes linked to state-sponsored actors in North Korea. The first scheme, called Contagious Interview, involves threat actors posing as job recruiters on job boards and tricking software engineers into downloading malware. The second scheme, Wagemole, sees threat actors pretending to be … Read more

The Week in Ransomware – November 17th 2023 – Citrix in the Crosshairs

by

November 17, 2023 at 06:29PM Ransomware gangs are targeting vulnerable Citrix Netscaler devices using a publicly available exploit to breach large organizations, steal data, and encrypt files. The threat actors exploit the Citrix Bleed vulnerability (CVE-2023-4966). Many recent victims, including Toyota Financial Services, ICBC, DP World, Allen & Overy, and Boeing, were found to have … Read more

Hackers Could Exploit Google Workspace and Cloud Platform for Ransomware Attacks

by

November 16, 2023 at 07:00AM Novel attack methods targeting Google Workspace and the Google Cloud Platform have been demonstrated, posing risks of ransomware, data exfiltration, and password recovery attacks. Threat actors could exploit vulnerabilities in Google Credential Provider for Windows (GCPW) to gain access to machines and bypass multi-factor authentication protections. These attacks highlight the … Read more

Hackers breach healthcare orgs via ScreenConnect remote access

by

November 10, 2023 at 02:59PM Hackers have been targeting healthcare organizations in the U.S. by abusing the ScreenConnect remote access tool. The attacks involve installing additional remote access tools to ensure persistent access to the environments. The attacks were observed between October 28 and November 8, 2023, and the same actor is behind all incidents. … Read more

Data Brokers Expose Sensitive US Military Member Info to Foreign Threat Actors: Study

by

November 7, 2023 at 11:42AM A new study from Duke University reveals that foreign threat actors can easily access sensitive information on US military members through data brokers. These brokers collect and sell a wide range of information, including personal details, financial data, and health information. The study found that it is inexpensive and straightforward … Read more