Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cyberattacks

The 443 Podcast - Episode 248 - RepoJacking

Jun 27, 2023 By WatchGuard In WatchGuard
On this week's podcast we discuss a recent analysis on the risks of GitHub RepoJacking. After that, we dive in to the Barracuda 0-day that China-based threat actors are actively exploiting as well as a novel command and control distribution method for a separate China-based APT. You can view more information on the CISA guidance as well as Blaze Lab's full blog post at the links below: The 443 Security Simplified is a weekly podcast that gets inside the minds of leading white-hat hackers and security researchers, covering the latest cybersecurity headlines and trends.
View Video
alienvault

Blacktail: Unveiling the tactics of a notorious cybercrime group

Jun 26, 2023 By Arjun Patel In AT&T Cybersecurity

In recent months, a cybercrime group known as Blacktail has begun to make headlines as they continue to target organizations around the globe. The group was first spotted by the Unit 42 Team at Palo Alto Networks earlier this year. Since February, the group has launched multiple attacks based on their latest ransomware campaign labeled Buhti.

Read Post
noname security

Noname Public Service Announcement: Moveit attack involving API abuse

Jun 26, 2023 By Daren Presbitero In Noname Security

A recent onslaught of attacks targeting the MoveIT application have affected several US Government agencies including Department of Energy (DOE); the Oak Ridge National Laboratory (ORNL) and several State governments such as Minnesota, Missouri, and Illinois. Media coverage of the vulnerabilities (CVE-2023-34362, CVE-2023-35036, and most recently CVE-2023-35708) involving a SQL injection are front and center.

Read Post

CrowdStrike Takes On Spyboy's "Terminator"

Jun 26, 2023 By CrowdStrike In CrowdStrike
On May 21, 2023, a new threat actor named Spyboy emerged, advertising a tool known as “Terminator” in a Russian-language forum, claiming the software could bypass over 20 common AV and EDR controls. CrowdStrike automatically blocked this executable, categorizing this as a high-severity detection, enabled by our AI-powered indicators of attack.
View Video
knowbe4

SolarWinds' Head Refuses to Back Down Amid Potential US Regulatory Action over Russian hack

Jun 24, 2023 By Stu Sjouwerman In KnowBe4

According to an internal email obtained by CNN, the CEO of SolarWinds informed employees on Friday that the company plans to vigorously defend itself against potential legal action from US regulators over its handling of the 2020 breach by alleged Russian hackers.

Read Post
tripwire

BlackLotus bootkit patch may bring "false sense of security", warns NSA

Jun 23, 2023 By Graham Cluley In Tripwire

The NSA has published a guide about how to mitigate against attacks involving the BlackLotus bootkit malware, amid fears that system administrators may not be adequately protected against the threat. The BlackLotus UEFI bootkit made a name for itself in October 2022, when it was seen being sold on cybercrime underground forums for $5,000.

Read Post
Featured Post
cato networks

Exploiting ancient vulnerabilities: How did the 3CX supply chain attack occur and what can we learn from it?

Jun 22, 2023 By Etay Maor, Senior Director of Security Strategy In Cato Networks
On March 29th, North-Korean linked threat-actors targeted 3CX, a VoIP IPX developer, exploiting a 10-year-old vulnerability (CVE-2013-3900) that made executables appear to be legitimately signed by Microsoft when, in fact, they were being used to distribute malware. The 3CX attack is just the latest in a series of high-profile supply chain attacks over the past year. The SolarWinds attack compromised the Orion system, affecting thousands of organizations, and the Kaseya VSA attack that was used to deliver REvil ransomware also to thousands of organizations and is considered one of the largest security breaches of the 21st century.
Read Post
keeper

How Cybercriminals Are Using AI for Cyberattacks

Jun 21, 2023 By Aranza Trevino In Keeper

Cybercriminals are using AI to carry out various cyberattacks including password cracking, phishing emails, impersonation and deepfakes. It’s important you understand how cybercriminals are using AI to their advantage so you can better protect yourself and family, as well as your accounts and data. Continue reading to learn about AI-enabled cyberattacks and what you can do to keep yourself safe.

Read Post

Account Takeover attacks: the viewpoint of a threat intelligence expert

Jun 21, 2023 By Datadog In Datadog
Account takeover happens when someone tries to steal a user account. Any service offering authentication can face it since an attacker just has to test pairs of users and passwords. Zack Allen joins us to share his experience protecting organizations that faced massive account take over, describes the criminal and financial motivation of attackers, their methods to hide, and how they move from a database leak to a compromised account. We show the tools that attackers most commonly use. Eventually, we discuss how to detect and protect your organization around account take over.
View Video
Spectral

A step-by-step guide to preventing credit card skimming attacks

Jun 16, 2023 By Eyal Katz In Spectral

If you read the news, you’ve encountered the term “Magecart” multiple times in recent years. The term refers to several hacker organizations that use online skimming methods to steal personal information from websites, most frequently customer information and credit card details on websites that take online payments.

Read Post
Subscribe to Cyberattacks

Copyright © 2024 OpsMatters™. All rights reserved.