October 21, 2024 at 05:08PM Cisco has disabled public access to its DevHub after threat actors stole and listed sensitive customer data for sale, including source code and credentials from major companies. Investigations revealed no personal data was compromised, but the incident highlights the importance of securing public-facing environments against potential vulnerabilities. ### Meeting Takeaways: … Read more
October 20, 2024 at 10:58AM The Internet Archive experienced another breach, exposing user data and Zendesk emails due to failure in properly rotating stolen GitLab authentication tokens. A threat actor claimed credit for the breach, asserting they stole 7TB of data, not for profit but to gain notoriety among cybercriminals. ### Meeting Takeaways 1. **Breach … Read more
October 20, 2024 at 10:50AM The Internet Archive suffered a security breach on its Zendesk support platform, leading to the exposure of over 800,000 support tickets and a stolen user database of 33 million individuals. Despite prior warnings about exposed GitLab tokens, security measures were not implemented, allowing the breach to occur for notoriety among … Read more
October 19, 2024 at 03:54AM A new threat group named Crypt Ghouls is targeting Russian businesses and government agencies with ransomware attacks aimed at disruption and financial gain. They utilize various tools and exploit contractor credentials via VPNs. The ransomware used includes LockBit 3.0 and Babuk, complicating the identification of specific malicious actors. ### Meeting … Read more
October 18, 2024 at 08:00AM Australian, Canadian, and U.S. cybersecurity agencies revealed a year-long Iranian cyber campaign targeting critical infrastructure, employing brute-force and password spraying attacks. Techniques like MFA prompt bombing were used for infiltrating systems in healthcare, government, and energy sectors, aiming to acquire credentials for further cybercriminal activities. ### Meeting Takeaways – October … Read more
October 16, 2024 at 07:06AM The article examines variations in AI models regarding security measures and reveals tactics employed by threat actors. It discusses the implications of AI in cybersecurity, highlighting the transition from misuse to more harmful abuse of these technologies. **Meeting Takeaways:** 1. **Discussion Topic:** The meeting focused on exploring the differences in … Read more
October 14, 2024 at 06:23PM Researchers reported that a sophisticated cyberattacker, likely a nation-state actor, exploited three zero-day vulnerabilities in Ivanti’s Cloud Service Appliance to infiltrate networks. This involved command and SQL injection flaws, enabling them to maintain access and potentially execute advanced techniques like DNS tunneling and deploying rootkits. Organizations must apply patches urgently. … Read more
October 11, 2024 at 02:00PM A new malware campaign targets the finance and insurance sectors using GitHub links in phishing emails to deliver Remcos RAT, exploiting trusted repositories. This technique, involving malware uploads to GitHub issues, allows attackers to bypass security. Recent research reveals expanded phishing tactics targeting accommodation platforms, improving scam effectiveness through automation. … Read more
October 3, 2024 at 01:20PM Adobe Commerce and Magento online stores are under threat from CosmicSting attacks, leading to approximately 5% of stores being hacked. Vulnerability CVE-2024-32102 enables remote code execution and impacts various Adobe Commerce and Magento versions. Sansec reported 4,275 breached stores, with upcoming attacks projected due to slow patching response. Multiple threat … Read more
October 3, 2024 at 02:33AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Ivanti Endpoint Manager (EPM) to its Known Exploited Vulnerabilities catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-29824, allows for remote code execution and is actively targeted by threat actors. Federal agencies are … Read more