Tag: information security

According to recent research on employee offboarding, 70% of IT professionals say they’ve experienced the negative effects of incomplete IT offboarding, whether in the form of a security incident tied to an account that wasn’t deprovisioned, a surprise bill for resources that aren’t in use anymore, or a missed handoff of a critical resource or…

Aug 19, 2024Ravie LakshmananCloud Security / Threat Intelligence Malicious actors are using a cloud attack tool named Xeon Sender to conduct SMS phishing and spam campaigns on a large scale by abusing legitimate services. “Attackers can use Xeon to send messages through multiple software-as-a-service (SaaS) providers using valid credentials for the service providers,” SentinelOne security…

Aug 19, 2024Ravie LakshmananVulnerability / Zero-Day A newly patched security flaw in Microsoft Windows was exploited as a zero-day by Lazarus Group, a prolific state-sponsored actor affiliated with North Korea. The security vulnerability, tracked as CVE-2024-38193 (CVSS score: 7.8), has been described as a privilege escalation bug in the Windows Ancillary Function Driver (AFD.sys) for…

Aug 19, 2024Ravie LakshmananCybercrime / Network Security Cybersecurity researchers have discovered new infrastructure linked to a financially motivated threat actor known as FIN7. The two clusters of potential FIN7 activity “indicate communications inbound to FIN7 infrastructure from IP addresses assigned to Post Ltd (Russia) and SmartApe (Estonia), respectively,” Team Cymru said in a report published…

Aug 16, 2024Ravie LakshmananCloud Security / Application Security A large-scale extortion campaign has compromised various organizations by taking advantage of publicly accessible environment variable files (.env) that contain credentials associated with cloud and social media applications. “Multiple security missteps were present in the course of this campaign, including the following: Exposing environment variables, using long-lived…

Aug 16, 2024Ravie LakshmananDark Web / Data Breach A 27-year-old Russian national has been sentenced to over three years in prison for peddling financial information, login credentials, and other personally identifying information (PII) on a now-defunct dark web marketplace called Slilpp. Georgy Kavzharadze, 27, of Moscow, Russia, pleaded guilty to one count of conspiracy to…

Aug 16, 2024Ravie LakshmananMalware / Data Theft Cybersecurity researchers have shed light on a sophisticated information stealer campaign that impersonates legitimate brands to distribute malware like DanaBot and StealC. The activity cluster, orchestrated by Russian-speaking cybercriminals and collectively codenamed Tusk, is said to encompass several sub-campaigns, leveraging the reputation of the platforms to trick users…

Aug 16, 2024Ravie LakshmananCyber Attack / Malware Chinese-speaking users are the target of an ongoing campaign that distributes malware known as ValleyRAT. “ValleyRAT is a multi-stage malware that utilizes diverse techniques to monitor and control its victims and deploy arbitrary plugins to cause further damage,” Fortinet FortiGuard Labs researchers Eduardo Altares and Joie Salvio said.…

SaaS applications have become indispensable for organizations aiming to enhance productivity and streamline operations. However, the convenience and efficiency these applications offer come with inherent security risks, often leaving hidden gaps that can be exploited. Conducting thorough due diligence on SaaS apps is essential to identify and mitigate these risks, ensuring the protection of your…