Oct 22, 2024Ravie LakshmananIdentity Management / Security Automation Service accounts are vital in any enterprise, running automated processes like managing applications or scripts. However, without proper monitoring, they can pose a significant security risk due to their elevated privileges. This guide will walk you through how to locate and secure these accounts within Active Directory…
Read More
Oct 22, 2024Ravie LakshmananVulnerability / Supply Chain Cybersecurity researchers have discovered a number of suspicious packages published to the npm registry that are designed to harvest Ethereum private keys and gain remote access to the machine via the secure shell (SSH) protocol. The packages attempt to “gain SSH access to the victim’s machine by writing…
Read More
Oct 22, 2024Ravie LakshmananMalware / Threat Intelligence Two malware families that suffered setbacks in the aftermath of a coordinated law enforcement operation called Endgame have resurfaced as part of new phishing campaigns. Bumblebee and Latrodectus, which are both malware loaders, are designed to steal personal data, along with downloading and executing additional payloads onto compromised…
Read More
Clickjacking (Clickfix), also known as a “UI redress attack,” is a malicious technique where an attacker tricks a user into clicking on something different from what they perceive they are clicking on. This is often achieved by layering invisible or disguised elements over legitimate website content. For example, an attacker might place an invisible button…
Read More
Recently, we published an intel about data leakage from some U.S. local authorities. It was about two different local authorities in U.S. and was showing us how threat actors share information between them. To put it very briefly, a threat actor claimed they have data of these authorities and they captured these data with using…
Read More
Oct 22, 2024Ravie LakshmananVulnerability / Enterprise Security VMware has released software updates to address an already patched security flaw in vCenter Server that could pave the way for remote code execution. The vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), concerns a case of heap-overflow vulnerability in the implementation of the DCE/RPC protocol. “A malicious actor…
Read More
Oct 22, 2024Ravie LakshmananVulnerability / Cyber Threat The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting ScienceLogic SL1 to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation as a zero-day. The vulnerability in question, tracked as CVE-2024-9537 (CVSS v4 score: 9.3), refers to a bug…
Read More
Solution providers applauded Sophos’ planned acquisition of Secureworks, an XDR specialist with 1,500 employees. Solution providers applauded the announcement Monday that cybersecurity giant Sophos plans to acquire Secureworks, a specialist in extended detection and response (XDR), for $859 million in a major industry consolidation deal. Calling the acquisition deal a “very positive” move for Sophos,…
Read More
Threat actors have been exploiting a vulnerability in the Roundcube Webmail client to target government organizations in the Commonwealth of Independent States (CIS) region, the successor of the former Soviet Union. An attack was discovered by Russian cybersecurity company Positive Technologies in September, but the researchers determined that the threat actor activity had started in…
Read More
Cyber-resilience has become more crucial than ever, as demonstrated by the recent CrowdStrike incident that led to widespread IT outages. This event, deemed “the largest IT outage in history,” disrupted critical services like air traffic control and government departments, showing how even a small percentage of offline devices can cause global chaos. Microsoft estimated that…
Read More