October 19, 2024 at 03:54AM A new threat group named Crypt Ghouls is targeting Russian businesses and government agencies with ransomware attacks aimed at disruption and financial gain. They utilize various tools and exploit contractor credentials via VPNs. The ransomware used includes LockBit 3.0 and Babuk, complicating the identification of specific malicious actors. ### Meeting … Read more
October 18, 2024 at 08:00AM Australian, Canadian, and U.S. cybersecurity agencies revealed a year-long Iranian cyber campaign targeting critical infrastructure, employing brute-force and password spraying attacks. Techniques like MFA prompt bombing were used for infiltrating systems in healthcare, government, and energy sectors, aiming to acquire credentials for further cybercriminal activities. ### Meeting Takeaways – October … Read more
October 16, 2024 at 07:06AM The article examines variations in AI models regarding security measures and reveals tactics employed by threat actors. It discusses the implications of AI in cybersecurity, highlighting the transition from misuse to more harmful abuse of these technologies. **Meeting Takeaways:** 1. **Discussion Topic:** The meeting focused on exploring the differences in … Read more
October 14, 2024 at 06:23PM Researchers reported that a sophisticated cyberattacker, likely a nation-state actor, exploited three zero-day vulnerabilities in Ivanti’s Cloud Service Appliance to infiltrate networks. This involved command and SQL injection flaws, enabling them to maintain access and potentially execute advanced techniques like DNS tunneling and deploying rootkits. Organizations must apply patches urgently. … Read more
October 11, 2024 at 02:00PM A new malware campaign targets the finance and insurance sectors using GitHub links in phishing emails to deliver Remcos RAT, exploiting trusted repositories. This technique, involving malware uploads to GitHub issues, allows attackers to bypass security. Recent research reveals expanded phishing tactics targeting accommodation platforms, improving scam effectiveness through automation. … Read more
October 3, 2024 at 01:20PM Adobe Commerce and Magento online stores are under threat from CosmicSting attacks, leading to approximately 5% of stores being hacked. Vulnerability CVE-2024-32102 enables remote code execution and impacts various Adobe Commerce and Magento versions. Sansec reported 4,275 breached stores, with upcoming attacks projected due to slow patching response. Multiple threat … Read more
October 3, 2024 at 02:33AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Ivanti Endpoint Manager (EPM) to its Known Exploited Vulnerabilities catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-29824, allows for remote code execution and is actively targeted by threat actors. Federal agencies are … Read more
October 2, 2024 at 10:10AM The global rise of sophisticated cybercrimes presents daily challenges for the cybersecurity industry, driving the integration of AI into security measures. However, the belief in AI as the sole solution for cybersecurity is debunked through various myths, emphasizing the importance of a balanced approach that combines AI with traditional security … Read more
October 1, 2024 at 01:24PM A threat group targeting multinational financial organizations impersonates job seekers to execute a spear-phishing campaign spreading the “more_eggs” backdoor. Trend Micro researchers linked this campaign to FIN6 and cautioned that the malware’s MaaS nature blurs threat actor lines. Vigilance and robust security measures are needed to combat this evolving threat. … Read more
October 1, 2024 at 12:51PM The Rhadamanthys information stealer has incorporated AI for optical character recognition, enabling it to extract cryptocurrency wallet seed phrases from images and sell the sensitive information for $250 per month. Despite facing bans, the malicious software continues to evolve, releasing a new version in June 2024 with enhanced features to … Read more