Detecting MFA Fatigue The following rule looks for instances where multiple MFA push notifications are sent to a given user and identifies scenarios where multiple failed push notifications are sent and a successful push notification followed. Note that when a push notification is sent, it’s also transmitted to each registered device, which may result in a slightly skewed … [Read more...] about Leveraging CrowdStrike Falcon Next-Gen SIEM Against Attacks Targeting Okta
attacks
Ruijie Networks’ Cloud Platform Flaws Could Expose 50,000 Devices to Remote Attacks
Dec 25, 2024Ravie LakshmananCloud Security / Vulnerability Cybersecurity researchers have discovered several security flaws in the cloud management platform developed by Ruijie Networks that could permit an attacker to take control of the network appliances. "These vulnerabilities affect both the Reyee platform, as well as Reyee OS network devices," Claroty researchers Noam … [Read more...] about Ruijie Networks’ Cloud Platform Flaws Could Expose 50,000 Devices to Remote Attacks
The Rise of Cross-Domain Attacks Demands a Unified Defense
Modern adversaries are quiet. No longer reliant on clunky malware to breach their targets, they have adopted more subtle and effective methods to infiltrate businesses, move laterally and access critical applications, steal data, impersonate users and more. They are also gaining speed: The average eCrime breakout time, now just 62 minutes, has fallen in recent years as … [Read more...] about The Rise of Cross-Domain Attacks Demands a Unified Defense
CrowdStrike Falcon Prevents Multiple Vulnerable Driver Attacks in Real-World Intrusion
Over the last 18 months, bring your own vulnerable driver (BYOVD) attacks have escalated significantly as adversaries attempt to bypass endpoint detection and response (EDR) products including the CrowdStrike Falcon® sensor. BYOVD attacks involve an adversary writing to disk and loading a kernel driver with known vulnerabilities that is then abused to perform privileged … [Read more...] about CrowdStrike Falcon Prevents Multiple Vulnerable Driver Attacks in Real-World Intrusion
Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks
Nov 26, 2024Ravie LakshmananVulnerability / Website Security Two critical security flaws impacting the Spam protection, Anti-Spam, and FireWall plugin WordPress could allow an unauthenticated attacker to install and enable malicious plugins on susceptible sites and potentially achieve remote code execution. The vulnerabilities, tracked as CVE-2024-10542 and CVE-2024-10781, … [Read more...] about Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks
Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations
Nov 15, 2024Ravie LakshmananCyber Espionage / Malware Cybersecurity researchers have shed light on a new remote access trojan and information stealer used by Iranian state-sponsored actors to conduct reconnaissance of compromised endpoints and execute malicious commands. Cybersecurity company Check Point has codenamed the malware WezRat, stating it has been detected in the … [Read more...] about Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations
Hamas-Affiliated WIRTE Employs SameCoin Wiper in Disruptive Attacks Against Israel
Nov 13, 2024Ravie LakshmananThreat Intelligence / Cyber Espionage A threat actor affiliated with Hamas has expanded its malicious cyber operations beyond espionage to carry out disruptive attacks that exclusively target Israeli entities. The activity, linked to a group called WIRTE, has also targeted the Palestinian Authority, Jordan, Iraq, Saudi Arabia, and Egypt, Check … [Read more...] about Hamas-Affiliated WIRTE Employs SameCoin Wiper in Disruptive Attacks Against Israel
New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration
Nov 12, 2024Ravie LakshmananVirtualization / Vulnerability Cybersecurity researchers have disclosed new security flaws impacting Citrix Virtual Apps and Desktop that could be exploited to achieve unauthenticated remote code execution (RCE) The issue, per findings from watchTowr, is rooted in the Session Recording component that allows system administrators to capture user … [Read more...] about New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration
Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining
Oct 26, 2024Ravie LakshmananCloud Security / Cryptocurrency The infamous cryptojacking group known as TeamTNT appears to be readying for a new large-scale campaign targeting cloud-native environments for mining cryptocurrencies and renting out breached servers to third-parties. "The group is currently targeting exposed Docker daemons to deploy Sliver malware, a cyber worm, … [Read more...] about Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining
New Account Linking Capabilities Use AI to Thwart Identity-Based Attacks
As networks become increasingly distributed, user identities are becoming a top adversary target. CrowdStrike’s 2024 Threat Hunting Report and 2024 Global Threat Report state 5 of the top 10 MITRE tactics we observed in 2023 were identity-based, and the CrowdStrike 2023 Threat Hunting Report noted a 583% year-over-year increase in Kerberoasting attacks. These findings … [Read more...] about New Account Linking Capabilities Use AI to Thwart Identity-Based Attacks