Month: August 2024
Versa Networks has released an advisory for a vulnerability (CVE-2024-39717) in Versa Director, a key component in managing SD-WAN networks, used by some Internet Service Providers (ISPs) and Managed Service Providers (MSPs). A cyber threat actor could exploit this vulnerability to take control of an affected system. CISA urges organizations to apply necessary updates, hunt…
Read MoreToday, CISA—in partnership with the Federal Bureau of Investigation (FBI) and the Department of Defense Cyber Crime Center (DC3)—released Iran-based Cyber Actors Enabling Ransomware Attacks on U.S. Organizations. This joint advisory warns of cyber actors, known in the private sector as Pioneer Kitten, UNC757, Parisite, Rubidium, and Lemon Sandstorm, targeting and exploiting U.S. and foreign…
Read More
A joint Cybersecurity Advisory highlights Iran-based cyber actor ransomware activity targeting U.S. organizations. The advisory includes CVEs exploited, alongside techniques, tactics and procedures used by the threat actors. Background On August 28, the Cybersecurity and Infrastructure Security Agency (CISA) published a joint Cybersecurity advisory (CSA) in coordination with The Federal Bureau of Investigation (FBI) and…
Read More
DSPM solutions provide a comprehensive, up-to-date view into cloud-based data and risk. An integrated CNAPP and DSPM solution elevates this analysis to expose toxic combinations and security gaps across cloud environments. As organizations ramp up their use of cloud-native applications, the amount of sensitive data stored in the cloud grows – as does the difficulty…
Read More
By ARC Labs contributor, Dylan Michalak, Threat Research Intern Sleep obfuscation is a term encompassing malware that waits for some time period to avoid detection. It could include extended sleeping, where malware will wait an extended time (10+ minutes) to start executing to evade shorter sandbox analysis. It could also encompass logic bombs, malicious code that is…
Read MoreSummary The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Defense Cyber Crime Center (DC3) are releasing this joint Cybersecurity Advisory (CSA) to warn network defenders that, as of August 2024, a group of Iran-based cyber actors continues to exploit U.S. and foreign organizations. This includes organizations across…
Read More
The combination will also strengthen threat protection for AI applications and models: “This includes mitigating risks like prompt injection, data poisoning, jailbreaking, and unintentional model outcomes. All detections and tests are mapped to industry and regulatory standards like OWASP and MITRE ATLAS,” Gillis wrote. Among the benefits of the Robust Intelligence platform are simplified configuration,…
Read More
RCE through Twig SSTI Twig server-side template injection (SSTI) is a type of security vulnerability that occurs when user input is improperly handled and directly inserted into a Twig template, a popular PHP templating engine. Remote code execution can be achieved when a web application allows the user (an attacker) to inject malicious payloads into…
Read More
Aug 28, 2024Ravie LakshmananPhishing Attack / Data Breach Cybersecurity researchers are calling attention to a new QR code phishing (aka quishing) campaign that leverages Microsoft Sway infrastructure to host fake pages, once again highlighting the abuse of legitimate cloud offerings for malicious purposes. “By using legitimate cloud applications, attackers provide credibility to victims, helping them…
Read More
The threat actors behind the BlackByte ransomware group have been observed likely exploiting a recently patched security flaw impacting VMware ESXi hypervisors, while also leveraging various vulnerable drivers to disarm security protections. “The BlackByte ransomware group continues to leverage tactics, techniques, and procedures (TTPs) that have formed the foundation of its tradecraft since its inception,…
Read More