Sep 07, 2024Ravie LakshmananCyber Security / Malware Threat actors affiliated with North Korea have been observed leveraging LinkedIn as a way to target developers as part of a fake job recruiting operation. These attacks employ coding tests as a common initial infection vector, Google-owned Mandiant said in a new report about threats faced by the Web3 sector. "After an … [Read more...] about North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams
actors
Nation-State Actors Weaponize Ivanti VPN Zero-Days, Deploying 5 Malware Families
Jan 12, 2024NewsroomVulnerability / Threat Intelligence As many as five different malware families were deployed by suspected nation-state actors as part of post-exploitation activities leveraging two zero-day vulnerabilities in Ivanti Connect Secure (ICS) VPN appliances since early December 2023. "These families allow the threat actors to circumvent authentication and … [Read more...] about Nation-State Actors Weaponize Ivanti VPN Zero-Days, Deploying 5 Malware Families
Threat Actors Can Leverage AWS STS to Infiltrate Cloud Accounts
Dec 06, 2023NewsroomAccess Management / Cloud Security Threat actors can take advantage of Amazon Web Services Security Token Service (AWS STS) as a way to infiltrate cloud accounts and conduct follow-on attacks. The service enables threat actors to impersonate user identities and roles in cloud environments, Red Canary researchers Thomas Gardner and Cody Betsworth said in a … [Read more...] about Threat Actors Can Leverage AWS STS to Infiltrate Cloud Accounts
Kinsing Actors Exploiting Recent Linux Flaw to Breach Cloud Environments
Nov 03, 2023NewsroomCloud Security / Linux The threat actors linked to Kinsing have been observed attempting to exploit the recently disclosed Linux privilege escalation flaw called Looney Tunables as part of a "new experimental campaign" designed to breach cloud environments. "Intriguingly, the attacker is also broadening the horizons of their cloud-native attacks by … [Read more...] about Kinsing Actors Exploiting Recent Linux Flaw to Breach Cloud Environments
Okta’s Support System Breach Exposes Customer Data to Unidentified Threat Actors
Oct 21, 2023NewsroomData Breach / Cyber Attack Identity services provider Okta on Friday disclosed a new security incident that allowed unidentified threat actors to leverage stolen credentials to access its support case management system. "The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases," David Bradbury, Okta's … [Read more...] about Okta’s Support System Breach Exposes Customer Data to Unidentified Threat Actors
Threat Actors Adopt Havoc Framework for Post-Exploitation in Targeted Attacks
Feb 22, 2023Ravie LakshmananExploitation Framework / Cyber Threat An open source command-and-control (C2) framework known as Havoc is being adopted by threat actors as an alternative to other well-known legitimate toolkits like Cobalt Strike, Sliver, and Brute Ratel. Cybersecurity firm Zscaler said it observed a new campaign in the beginning of January 2023 targeting an … [Read more...] about Threat Actors Adopt Havoc Framework for Post-Exploitation in Targeted Attacks
Cyber Actors Bypassing Two-Factor Authentication Implementations
On March 15, 2022, a government flash bulletin was published describing how state-sponsored cyber actors were able to use the PrintNightmare vulnerability (CVE-2021-34527) in addition to bypassing Duo 2FA to compromise an unpatched Windows machine and gain administrative privileges. This scenario did not leverage or reveal a vulnerability in Duo software or infrastructure, but … [Read more...] about Cyber Actors Bypassing Two-Factor Authentication Implementations