The iSOON Disclosure: Exploring the Integrated Operations Platform
Bishop Fox examines the iSoon data disclosure from an offensive security perspective and an analysis of the platform's capabilities, design, features.
Ransomware Recruitment Efforts Following Law Enforcement Disruption
In late 2023 and early 2024, the ransomware ecosystem experienced repeated disruption of its most prolific Ransomware-as-a-Service (RaaS) groups at the hands of international Law Enforcement (LE). Alphv’s dark web data leak site was seized, then unseized, then re-seized in a December 2023 law enforcement operation that seemingly failed to deter the group – until AlphV ultimately claimed to disband via an apparent exit scam, immediately following a high-profile attack against Change Healthcare in March 2024. LockBit experienced a far more dramatic and well-marketed disruption, “Operation Cronos,” in February 2024, leading to the compromise of its infrastructure, internal operational details, and data. While LockBit has ostensibly continued operations, its highly publicized disruption raises the question of whether the group will be able to continue operating and attracting affiliates at the level they once enjoyed.
Trezor X Account Hacked, Shills Fake Crypto
- Trezor’s official X account was compromised, likely due to a SIM swap attack, and used to promote a fake token presale. ZachXBT and crypto security firm Scam Sniffer identified the fraudulent activity, preventing wider user losses. Despite compromising Trezor’s account, the hacker only managed to steal a paltry $8,100.
Apple Sued for Prioritizing Market Dominance Over Security
The U.S. Department of Justice in a lawsuit filed Thursday is accusing Apple of discarding user security and privacy protections as part of a broader effort to
OpenAI's chatbot store is filling up with spam
When OpenAI CEO Sam Altman announced GPTs, custom chatbots powered by OpenAI's generative AI models, onstage at the company's first-ever developer
Exploit released for Fortinet RCE bug used in attacks, patch now
Security researchers have released a proof-of-concept (PoC) exploit for a critical vulnerability in Fortinet's FortiClient Enterprise Management Server (EMS) software, which is now actively exploited in attacks.
Unpatchable vulnerability in Apple chip leaks secret encryption keys
Fixing newly discovered side channel will likely take a major toll on performance.
Hackers Found a Way to Open Any of 3 Million Hotel Keycard Locks in Seconds | WIRED
The company behind the Saflok-brand door locks is offering a fix, but it may take months or years to reach some hotels.
Understanding and Responding to Distributed Denial-Of-Service Attacks
This joint guide, Understanding and Responding to Distributed Denial-Of-Service Attacks, addresses the specific needs and challenges faced by organizations in defending against DDoS attacks. The guidance now includes detailed insight into three different types of DDoS techniques: Volumetric, attacks aiming to consume available bandwidth. Protocol, attacks which exploit vulnerabilities in network protocols. * Application, attacks targeting vulnerabilities in specific applications or running services.
Microsoft Threat Intelligence unveils targets and innovative tactics amidst tax season
Read the new Microsoft Threat Intelligence tax season report to learn about the techniques that threat actors use to mislead taxpayers.
.jpg?width=92&height=&ar=&mode=&format=avif&dpr=2)
Managing Attack Surface | Huntress Blog
Huntress recently detected interesting activity on an endpoint; a threat actor was attempting to establish a foothold on an endpoint by using commands issued via MSSQL to upload a reverse shell accessible from the web server. All attempts were obviated by MAV and process detections, but boy-howdy, did they try!
The Updated APT Playbook: Tales from the Kimsuky threat actor group | Rapid7 Blog
Within Rapid7 Labs we continually track and monitor threat groups. As part of this process, we routinely identify evolving tactics from threat groups in what is an unceasing game of cat and mouse.
Windows 11, Tesla, and Ubuntu Linux hacked at Pwn2Own Vancouver
On the first day of Pwn2Own Vancouver 2024, contestants demoed Windows 11, Tesla, and Ubuntu Linux zero-day vulnerabilities and exploit chains to win $732,500 and a Tesla Model 3 car.
Ivanti fixes critical Standalone Sentry bug reported by NATO
Ivanti warned customers to immediately patch a critical severity Standalone Sentry vulnerability reported by NATO Cyber Security Centre researchers.
AceCryptor malware has surged in Europe, researchers say
Researchers at ESET say they spotted thousands of new infections with AceCryptor, which allows malware to slip into systems without being detected by anti-virus software.
Microsoft Copilot for Security: General Availability details
Microsoft Copilot for Security will be generally available on April 1st. Read this blog to learn about new productivity research, product capabilities,..
Loop DoS: New Denial-of-Service attack targets application-layer protocols
A new Denial-of-Service (DoS) attack targets application-layer protocols that draw on the User Datagram Protocol (UDP) for end-to-end communication. The vulnerability affects both legacy and contemporary protocols. Discovered by Christian Rossow and Yepeng Pan, the attack puts an estimated 300,000 Internet hosts and their networks at risk.
Top 5 Russian-Speaking Dark Web Forums
...Among these, russian-speaking dark web forums hold a unique position due to their extensive user base and the intricate of their operations.
Two Bytes is Plenty: FortiGate RCE with CVE-2024-21762
Early this February, Fortinet released an advisory for an "out-of-bounds write vulnerability" that could lead to remote code execution. The issue affected the SSL VPN component of their FortiGate network appliance and was potentially already being exploited in the wild. In this post we detail the steps we took to identify the patched vulnerability and produce a working exploit.
Tech Giant Linked to France’s Cybersecurity Tumbles in Value
The French government said it would seek “a national solution” to protect Atos, a debt-burdened company that serves nuclear programs and the military.
Misconfigured Firebase instances leaked 19 million plaintext passwords
Three cybersecurity researchers discovered close to 19 million plaintext passwords exposed on the public internet by misconfigured instances of Firebase, a Google platform for hosting databases, cloud computing, and app development.
CEO of Data Privacy Company Onerep.com Founded Dozens of People-Search Firms
The data privacy company Onerep.com bills itself as a Virginia-based service for helping people remove their personal information from almost 200 people-search websites. However, an investigation into the history of onerep.com finds this company is operating out of Belarus and…
New Attack Techniques Bypassing ML Security
Threat actors are exercising new attack techniques to bypass machine learning security controls.
Finland, Germany, Ireland, Japan, Poland, South Korea added to US-led spyware agreement
The signees, which already included about a dozen other nations, agree to establish “robust guardrails and procedures" around spyware, while preventing the export of technology that will be used for malicious cyber activity.
Interesting Multi-Stage StopCrypt Ransomware Variant Propagating in the Wild
Overview The SonicWall Capture Labs threat research team recently observed an interesting variant of StopCrypt ransomware. The ransomware executes its malicious activities by utilizing multi-stage shellcodes before launching a final payload that contains the file […]
Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks | Trend Micro (US)
Since early 2022, we have been monitoring an APT campaign that targets several government entities worldwide, with a strong focus in Southeast Asia, but also seen targeting Europe, America, and Africa.
Researchers spot updated version of malware that hit Viasat
Russian hackers have added new capabilities to the malware used to disable satellite modems at the outset of the invasion of Ukraine.
IT helpdeskers increasingly targeted by cybercriminals
Wave of Okta attacks mark what researchers are calling the biggest security trend of the year
Elon Musk's SpaceX builds spy satellite network for U.S. intelligence
SpaceX’s dominance in the satellite internet market has given Musk enormous power in matters of war and geopolitics
What a Cluster: Local Volumes Vulnerability in Kubernetes
- Akamai security researcher Tomer Peled recently discovered a high-severity vulnerability in Kubernetes that was assigned CVE-2023-5528 with a CVSS score of 7.2. The vulnerability allows remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster. To exploit this vulnerability, the attacker needs to apply malicious YAML files on the cluster. This vulnerability can lead to full takeover on all Windows nodes in a cluster. This vulnerability can be exploited on default installations of Kubernetes (earlier than version 1.28.4), and was tested against both on-prem deployments and Azure Kubernetes Service. In this blog post, we provide a proof-of-concept YAML file as well as an Open Policy Agent (OPA) rule for blocking this vulnerability.