Apr 28, 2024NewsroomCredential Stuffing / Data Breach Identity and access management (IAM) services provider Okta has warned of a spike in the "frequency and scale" of credential stuffing attacks aimed at online services. These unprecedented attacks, observed over the last month, are said to be facilitated by "the broad availability of residential proxy services, lists of … [Read more...] about Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks
software vulnerability
Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw
Apr 27, 2024NewsroomCyber Attack / Malware Cybersecurity researchers have discovered a targeted operation against Ukraine that has been found leveraging a nearly seven-year-old flaw in Microsoft Office to deliver Cobalt Strike on compromised systems. The attack chain, which took place at the end of 2023 according to Deep Instinct, employs a PowerPoint slideshow file … [Read more...] about Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw
Severe Flaws Disclosed in Brocade SANnav SAN Management Software
Apr 26, 2024NewsroomSupply Chain Attack / Software Security Several security vulnerabilities disclosed in Brocade SANnav storage area network (SAN) management application could be exploited to compromise susceptible appliances. The 18 flaws impact all versions up to and including 2.3.0, according to independent security researcher Pierre Barre, who discovered and reported … [Read more...] about Severe Flaws Disclosed in Brocade SANnav SAN Management Software
Network Threats: A Step-by-Step Attack Demonstration
Follow this real-life network attack simulation, covering 6 steps from Initial Access to Data Exfiltration. See how attackers remain undetected with the simplest tools and why you need multiple choke points in your defense strategy. Surprisingly, most network attacks are not exceptionally sophisticated, technologically advanced, or reliant on zero-day tools that exploit … [Read more...] about Network Threats: A Step-by-Step Attack Demonstration
U.S. Treasury Sanctions Iranian Firms and Individuals Tied to Cyber Attacks
Apr 24, 2024NewsroomCyber Attack / Cyber Espionage The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Monday sanctioned two firms and four individuals for their involvement in malicious cyber activities on behalf of the Iranian Islamic Revolutionary Guard Corps Cyber Electronic Command (IRGC-CEC) from at least 2016 to April 2021. This includes the front … [Read more...] about U.S. Treasury Sanctions Iranian Firms and Individuals Tied to Cyber Attacks
Apache Cordova App Harness Targeted in Dependency Confusion Attack
Apr 23, 2024NewsroomSupply Chain Attack / Application Security Researchers have identified a dependency confusion vulnerability impacting an archived Apache project called Cordova App Harness. Dependency confusion attacks take place owing to the fact that package managers check the public repositories before private registries, thus allowing a threat actor to publish a … [Read more...] about Apache Cordova App Harness Targeted in Dependency Confusion Attack
Russian Hacker Group ToddyCat Uses Advanced Tools for Industrial-Scale Data Theft
Apr 22, 2024NewsroomNetwork Security / Endpoint Security The threat actor known as ToddyCat has been observed using a wide range of tools to retain access to compromised environments and steal valuable data. Russian cybersecurity firm Kaspersky characterized the adversary as relying on various programs to harvest data on an "industrial scale" from primarily governmental … [Read more...] about Russian Hacker Group ToddyCat Uses Advanced Tools for Industrial-Scale Data Theft
New RedLine Stealer Variant Disguised as Game Cheats Using Lua Bytecode for Stealth
A new information stealer has been found leveraging Lua bytecode for added stealth and sophistication, findings from McAfee Labs reveal. The cybersecurity firm has assessed it to be a variant of a known malware called RedLine Stealer owing to the fact that the command-and-control (C2) server IP address has been previously identified as associated with the malware. RedLine … [Read more...] about New RedLine Stealer Variant Disguised as Game Cheats Using Lua Bytecode for Stealth
Palo Alto Networks Discloses More Details on Critical PAN-OS Flaw Under Attack
Apr 20, 2024NewsroomVulnerability / Network Security Palo Alto Networks has shared more details of a critical security flaw impacting PAN-OS that has come under active exploitation in the wild by malicious actors. The company described the vulnerability, tracked as CVE-2024-3400 (CVSS score: 10.0), as "intricate" and a combination of two bugs in versions PAN-OS 10.2, PAN-OS … [Read more...] about Palo Alto Networks Discloses More Details on Critical PAN-OS Flaw Under Attack
BlackTech Targets Tech, Research, and Gov Sectors New ‘Deuterbear’ Tool
Apr 19, 2024NewsroomNetwork Security / Firmware Security Technology, research, and government sectors in the Asia-Pacific region have been targeted by a threat actor called BlackTech as part of a recent cyber attack wave. The intrusions pave the way for an updated version of modular backdoor dubbed Waterbear as well as its enhanced successor referred to as … [Read more...] about BlackTech Targets Tech, Research, and Gov Sectors New ‘Deuterbear’ Tool