Multiple threat actors have been found taking advantage of an attack technique called Sitting Ducks to hijack legitimate domains for using them in phishing attacks and investment fraud schemes for years. The findings come from Infoblox, which said it identified nearly 800,000 vulnerable registered domains over the past three months, of which approximately 9% (70,000) have been … [Read more...] about Experts Uncover 70,000 Hijacked Domains in Widespread ‘Sitting Ducks’ Attack Scheme
attack
VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware
Nov 06, 2024Ravie LakshmananSaaS Security / Threat Detection An ongoing threat campaign dubbed VEILDrive has been observed taking advantage of legitimate services from Microsoft, including Teams, SharePoint, Quick Assist, and OneDrive, as part of its modus operandi. "Leveraging Microsoft SaaS services — including Teams, SharePoint, Quick Assist, and OneDrive — the attacker … [Read more...] about VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware
North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack
Oct 30, 2024Ravie LakshmananRansomware / Threat Intelligence Threat actors in North Korea have been implicated in a recent incident that deployed a known ransomware family called Play, underscoring their financial motivations. The activity, observed between May and September 2024, has been attributed to a threat actor tracked as Jumpy Pisces, which is also known as Andariel, … [Read more...] about North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack
17-Year-Old Arrested in Connection with Cyber Attack Affecting Transport for London
Sep 13, 2024Ravie LakshmananCyber Attack / Crime British authorities on Thursday announced the arrest of a 17-year-old male in connection with a cyber attack affecting Transport for London (TfL). "The 17-year-old male was detained on suspicion of Computer Misuse Act offenses in relation to the attack, which was launched on TfL on 1 September," the U.K. National Crime Agency … [Read more...] about 17-Year-Old Arrested in Connection with Cyber Attack Affecting Transport for London
New RAMBO Attack Uses RAM Radio Signals to Steal Data from Air-Gapped Networks
Sep 09, 2024Ravie LakshmananVulnerability / Hardware Security A novel side-channel attack has been found to leverage radio signals emanated by a device's random access memory (RAM) as a data exfiltration mechanism, posing a threat to air-gapped networks. The technique has been codenamed RAMBO by Dr. Mordechai Guri, the head of the Offensive Cyber Research Lab in the … [Read more...] about New RAMBO Attack Uses RAM Radio Signals to Steal Data from Air-Gapped Networks
APT41 Hackers Use ShadowPad, Cobalt Strike in Taiwanese Institute Cyber Attack
Aug 02, 2024Ravie LakshmananCyber Espionage / Malware A Taiwanese government-affiliated research institute that specializes in computing and associated technologies was breached by nation-state threat actors with ties to China, according to new findings from Cisco Talos. The unnamed organization was targeted as early as mid-July 2023 to deliver a variety of backdoors and … [Read more...] about APT41 Hackers Use ShadowPad, Cobalt Strike in Taiwanese Institute Cyber Attack
User Protection Suite Secures Against Talos Top Ransomware Attack Trends
In Cisco Talos’ first episode of Talos Threat Perspective (TTP) episode, two Talos Threat Intelligence experts, Nick Biasini and James Nutland, discuss new research on the most prominent ransomware groups. They also pick three key topics and trends to focus on: initial access, differences among the groups, and the vulnerabilities they most heavily target. In their research, … [Read more...] about User Protection Suite Secures Against Talos Top Ransomware Attack Trends
OVHcloud Hit with Record 840 Million PPS DDoS Attack Using MikroTik Routers
Jul 05, 2024NewsroomNetwork Security / DDoS Attack French cloud computing firm OVHcloud said it mitigated a record-breaking distributed denial-of-service (DDoS) attack in April 2024 that reached a packet rate of 840 million packets per second (Mpps). This is just above the previous record of 809 million Mpps reported by Akamai as targeting a large European bank in June … [Read more...] about OVHcloud Hit with Record 840 Million PPS DDoS Attack Using MikroTik Routers
New Attack Technique Exploits Microsoft Management Console Files
Jun 25, 2024NewsroomVulnerability / Threat Detection Threat actors are exploiting a novel attack technique in the wild that leverages specially crafted management saved console (MSC) files to gain full code execution using Microsoft Management Console (MMC) and evade security defenses. Elastic Security Labs has codenamed the approach GrimResource after identifying an artifact … [Read more...] about New Attack Technique Exploits Microsoft Management Console Files
New Attack Technique ‘Sleepy Pickle’ Targets Machine Learning Models
Jun 13, 2024NewsroomVulnerability / Software Security The security risks posed by the Pickle format have once again come to the fore with the discovery of a new "hybrid machine learning (ML) model exploitation technique" dubbed Sleepy Pickle. The attack method, per Trail of Bits, weaponizes the ubiquitous format used to package and distribute machine learning (ML) models to … [Read more...] about New Attack Technique ‘Sleepy Pickle’ Targets Machine Learning Models