Modern adversaries are quiet. No longer reliant on clunky malware to breach their targets, they have adopted more subtle and effective methods to infiltrate businesses, move laterally and access critical applications, steal data, impersonate users and more. They are also gaining speed: The average eCrime breakout time, now just 62 minutes, has fallen in recent years as … [Read more...] about The Rise of Cross-Domain Attacks Demands a Unified Defense
attacks
CrowdStrike Falcon Prevents Multiple Vulnerable Driver Attacks in Real-World Intrusion
Over the last 18 months, bring your own vulnerable driver (BYOVD) attacks have escalated significantly as adversaries attempt to bypass endpoint detection and response (EDR) products including the CrowdStrike Falcon® sensor. BYOVD attacks involve an adversary writing to disk and loading a kernel driver with known vulnerabilities that is then abused to perform privileged … [Read more...] about CrowdStrike Falcon Prevents Multiple Vulnerable Driver Attacks in Real-World Intrusion
Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks
Nov 26, 2024Ravie LakshmananVulnerability / Website Security Two critical security flaws impacting the Spam protection, Anti-Spam, and FireWall plugin WordPress could allow an unauthenticated attacker to install and enable malicious plugins on susceptible sites and potentially achieve remote code execution. The vulnerabilities, tracked as CVE-2024-10542 and CVE-2024-10781, … [Read more...] about Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks
Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations
Nov 15, 2024Ravie LakshmananCyber Espionage / Malware Cybersecurity researchers have shed light on a new remote access trojan and information stealer used by Iranian state-sponsored actors to conduct reconnaissance of compromised endpoints and execute malicious commands. Cybersecurity company Check Point has codenamed the malware WezRat, stating it has been detected in the … [Read more...] about Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations
Hamas-Affiliated WIRTE Employs SameCoin Wiper in Disruptive Attacks Against Israel
Nov 13, 2024Ravie LakshmananThreat Intelligence / Cyber Espionage A threat actor affiliated with Hamas has expanded its malicious cyber operations beyond espionage to carry out disruptive attacks that exclusively target Israeli entities. The activity, linked to a group called WIRTE, has also targeted the Palestinian Authority, Jordan, Iraq, Saudi Arabia, and Egypt, Check … [Read more...] about Hamas-Affiliated WIRTE Employs SameCoin Wiper in Disruptive Attacks Against Israel
New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration
Nov 12, 2024Ravie LakshmananVirtualization / Vulnerability Cybersecurity researchers have disclosed new security flaws impacting Citrix Virtual Apps and Desktop that could be exploited to achieve unauthenticated remote code execution (RCE) The issue, per findings from watchTowr, is rooted in the Session Recording component that allows system administrators to capture user … [Read more...] about New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration
Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining
Oct 26, 2024Ravie LakshmananCloud Security / Cryptocurrency The infamous cryptojacking group known as TeamTNT appears to be readying for a new large-scale campaign targeting cloud-native environments for mining cryptocurrencies and renting out breached servers to third-parties. "The group is currently targeting exposed Docker daemons to deploy Sliver malware, a cyber worm, … [Read more...] about Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining
New Account Linking Capabilities Use AI to Thwart Identity-Based Attacks
As networks become increasingly distributed, user identities are becoming a top adversary target. CrowdStrike’s 2024 Threat Hunting Report and 2024 Global Threat Report state 5 of the top 10 MITRE tactics we observed in 2023 were identity-based, and the CrowdStrike 2023 Threat Hunting Report noted a 583% year-over-year increase in Kerberoasting attacks. These findings … [Read more...] about New Account Linking Capabilities Use AI to Thwart Identity-Based Attacks
U.S. DOJ Indicts Hacktivist Group for DDoS Attacks
Collaboration is critical to take down today’s most advanced adversaries. CrowdStrike regularly works with law enforcement agencies and industry leaders to identify, track and stop cyber threats. We recently cooperated with the Department of Justice as part of a broader effort to disrupt two individuals heavily involved in operating Anonymous Sudan. In this blog, we discuss the … [Read more...] about U.S. DOJ Indicts Hacktivist Group for DDoS Attacks
Russian RomCom Attacks Target Ukrainian Government with New SingleCamper RAT Variant
Oct 17, 2024Ravie LakshmananThreat Intelligence / Malware The Russian threat actor known as RomCom has been linked to a new wave of cyber attacks aimed at Ukrainian government agencies and unknown Polish entities since at least late 2023. The intrusions are characterized by the use of a variant of the RomCom RAT dubbed SingleCamper (aka SnipBot or RomCom 5.0), said Cisco … [Read more...] about Russian RomCom Attacks Target Ukrainian Government with New SingleCamper RAT Variant