Feb 27, 2025Ravie LakshmananMalware / Threat Intelligence A new campaign is targeting companies in Taiwan with malware known as Winos 4.0 as part of phishing emails masquerading as the country's National Taxation Bureau. The campaign, detected last month by Fortinet FortiGuard Labs, marks a departure from previous attack chains that have leveraged malicious game-related … [Read more...] about Silver Fox APT Uses Winos 4.0 Malware in Cyber Attacks Against Taiwanese Organizations
attacks
Your Endpoint Is Secure Against AI Supply Chain Attacks
The recent emergence of powerful open-source AI models like DeepSeek has sent many enterprises scrambling to block access per their security policies. While AI teams increasingly turn to open repositories to leverage free and highly capable models like DeepSeek, security teams face mounting pressure to prevent unrestricted downloading of artifacts from untrusted sources. The … [Read more...] about Your Endpoint Is Secure Against AI Supply Chain Attacks
New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks — Patch Now
Feb 18, 2025Ravie LakshmananVulnerability / Network Security Two security vulnerabilities have been discovered in the OpenSSH secure networking utility suite that, if successfully exploited, could result in an active machine-in-the-middle (MitM) and a denial-of-service (DoS) attack, respectively, under certain conditions. The vulnerabilities, detailed by the Qualys Threat … [Read more...] about New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks — Patch Now
Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks
Feb 14, 2025Ravie LakshmananBrowser Security / Cryptocurrency The North Korean threat actor known as the Lazarus Group has been linked to a previously undocumented JavaScript implant named Marstech1 as part of limited targeted attacks against developers. The active operation has been dubbed Marstech Mayhem by SecurityScorecard, with the malware delivered by means of an … [Read more...] about Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks
Microsoft Uncovers Sandworm Subgroup’s Global Cyber Attacks Spanning 15+ Countries
A subgroup within the infamous Russian state-sponsored hacking group known as Sandworm has been attributed to a multi-year initial access operation dubbed BadPilot that stretched across the globe. "This subgroup has conducted globally diverse compromises of Internet-facing infrastructure to enable Seashell Blizzard to persist on high-value targets and support tailored network … [Read more...] about Microsoft Uncovers Sandworm Subgroup’s Global Cyber Attacks Spanning 15+ Countries
Lazarus Group Uses React-Based Admin Panel to Control Global Cyber Attacks
Jan 29, 2025Ravie LakshmananThreat Intelligence / Malware The North Korean threat actor known as the Lazarus Group has been observed leveraging a "web-based administrative platform" to oversee its command-and-control (C2) infrastructure, giving the adversary the ability to centrally supervise all aspects of their campaigns. "Each C2 server hosted a web-based administrative … [Read more...] about Lazarus Group Uses React-Based Admin Panel to Control Global Cyber Attacks
Leveraging CrowdStrike Falcon Next-Gen SIEM Against Attacks Targeting Okta
Detecting MFA Fatigue The following rule looks for instances where multiple MFA push notifications are sent to a given user and identifies scenarios where multiple failed push notifications are sent and a successful push notification followed. Note that when a push notification is sent, it’s also transmitted to each registered device, which may result in a slightly skewed … [Read more...] about Leveraging CrowdStrike Falcon Next-Gen SIEM Against Attacks Targeting Okta
Ruijie Networks’ Cloud Platform Flaws Could Expose 50,000 Devices to Remote Attacks
Dec 25, 2024Ravie LakshmananCloud Security / Vulnerability Cybersecurity researchers have discovered several security flaws in the cloud management platform developed by Ruijie Networks that could permit an attacker to take control of the network appliances. "These vulnerabilities affect both the Reyee platform, as well as Reyee OS network devices," Claroty researchers Noam … [Read more...] about Ruijie Networks’ Cloud Platform Flaws Could Expose 50,000 Devices to Remote Attacks
The Rise of Cross-Domain Attacks Demands a Unified Defense
Modern adversaries are quiet. No longer reliant on clunky malware to breach their targets, they have adopted more subtle and effective methods to infiltrate businesses, move laterally and access critical applications, steal data, impersonate users and more. They are also gaining speed: The average eCrime breakout time, now just 62 minutes, has fallen in recent years as … [Read more...] about The Rise of Cross-Domain Attacks Demands a Unified Defense
CrowdStrike Falcon Prevents Multiple Vulnerable Driver Attacks in Real-World Intrusion
Over the last 18 months, bring your own vulnerable driver (BYOVD) attacks have escalated significantly as adversaries attempt to bypass endpoint detection and response (EDR) products including the CrowdStrike Falcon® sensor. BYOVD attacks involve an adversary writing to disk and loading a kernel driver with known vulnerabilities that is then abused to perform privileged … [Read more...] about CrowdStrike Falcon Prevents Multiple Vulnerable Driver Attacks in Real-World Intrusion