Security Information and Event Management (SIEM) systems play a crucial role in modern cybersecurity strategies. These powerful tools collect, analyze, and correlate data from various sources across an organization’s IT infrastructure to detect and respond to security threats. However, the effectiveness of a SIEM solution heavily depends on how well an organization manages and retains…
Read More
Oct 28, 2024Ravie LakshmananVulnerability / Windows Security A new attack technique could be used to bypass Microsoft’s Driver Signature Enforcement (DSE) on fully patched Windows systems, leading to operating system (OS) downgrade attacks. “This bypass allows loading unsigned kernel drivers, enabling attackers to deploy custom rootkits that can neutralize security controls, hide processes and network…
Read More
Fog and Akira ransomware operators are increasingly breaching corporate networks through SonicWall VPN accounts, with the threat actors believed to be exploiting CVE-2024-40766, a critical SSL VPN access control flaw. SonicWall fixed the SonicOS flaw in late August 2024, and roughly a week later, it warned that it was already under active exploitation. At the…
Read More
Windows 11 24H2 is unavailable for thousands of users due to safeguard or compatibility holds Microsoft has placed on specific device and software configurations. Microsoft places compatibility holds on specific devices using hardware or applications that may conflict with Windows 11 24H2, causing crashes, performance issues, freezes, or other unusual behavior. These holds will prevent…
Read More
A threat actor claimed that they have and are selling 280 million U.S. citizens’ personal data on dark web. According to the post of the threat actor, the data includes; First_Name、Last_Name Address、City、State、ZIP Ind_Date_Of_Birth_Year、Ind_Age Home_Value_Code、Home_Median_Value_Code、Median_Income_Code Email、Phone They are also claiming that they can provide sample data to the prospects. Meanwhile, they did not mention the source…
Read More
Cisco has added new security features that significantly mitigate brute-force and password spray attacks on Cisco ASA and Firepower Threat Defense (FTD), helping protect the network from breaches and reducing resource utilization on devices. Password spray and brute force attacks are similar in that they both attempt to gain unauthorized access to an online account by guessing…
Read More
Attackers can downgrade Windows kernel components to bypass security features such as Driver Signature Enforcement and deploy rootkits on fully patched systems. This is possible by taking control of the Windows Update process to introduce outdated, vulnerable software components on an up-to-date machine without the operating system changing the fully patched status. Downgrading Windows SafeBreach…
Read More
The fourth day of Pwn2Own Ireland 2024 marked the end of the hacking competition with more than $1 million in prizes for over 70 unique zero-day vulnerabilities in fully patched devices. The hacking contest pits security researchers against various software and hardware products, in an attempt earn the “Master of Pwn” title by compromising targets in eight categories…
Read More
Oct 26, 2024Ravie LakshmananCybercrime / Malware Four members of the now-defunct REvil ransomware operation have been sentenced to several years in prison in Russia, marking one of the rare instances where cybercriminals from the country have been convicted of hacking and money laundering charges. Russian news publication Kommersant reported that a court in St. Petersburg…
Read More
Oct 26, 2024Ravie LakshmananCloud Security / Cryptocurrency The infamous cryptojacking group known as TeamTNT appears to be readying for a new large-scale campaign targeting cloud-native environments for mining cryptocurrencies and renting out breached servers to third-parties. “The group is currently targeting exposed Docker daemons to deploy Sliver malware, a cyber worm, and cryptominers, using compromised…
Read More