FIN7 Group Advertises Security-Bypassing Tool on Dark Web Forums
The financially motivated threat actor known as FIN7 has been observed using multiple pseudonyms across several underground forums to likely advertise a tool known to be used by ransomware groups like Black Basta. « AvNeutralizer (aka AuKill), a highly specialized tool developed by FIN7 to tamper with security solutions, has been marketed in the criminal underground […]
Navigating Insider Risks: Are your Employees Enabling External Threats?
Attacks on your network are often meticulously planned operations launched by sophisticated threats. Sometimes your technical fortifications provide a formidable challenge, and the attack requires assistance from the inside to succeed. For example, in 2022, the FBI issued a warning1 that SIM swap attacks are growing: gain control of the phone and earn a gateway […]
China-linked APT17 Targets Italian Companies with 9002 RAT Malware
A China-linked threat actor called APT17 has been observed targeting Italian companies and government entities using a variant of a known malware referred to as 9002 RAT. The two targeted attacks took place on June 24 and July 2, 2024, Italian cybersecurity company TG Soft said in an analysis published last week. « The first campaign […]
Scattered Spider Adopts RansomHub and Qilin Ransomware for Cyber Attacks
The infamous cybercrime group known as Scattered Spider has incorporated ransomware strains such as RansomHub and Qilin into its arsenal, Microsoft has revealed. Scattered Spider is the designation given to a threat actor that’s known for its sophisticated social engineering schemes to breach targets and establish persistence for follow-on exploitation and data theft. It also […]
Critical Apache HugeGraph Vulnerability Under Attack – Patch ASAP
Threat actors are actively exploiting a recently disclosed critical security flaw impacting Apache HugeGraph-Server that could lead to remote code execution attacks. Tracked as CVE-2024-27348 (CVSS score: 9.8), the vulnerability impacts all versions of the software before 1.3.0. It has been described as a remote command execution flaw in the Gremlin graph traversal language API. […]
‘Konfety’ Ad Fraud Uses 250+ Google Play Decoy Apps to Hide Malicious Twins
Details have emerged about a « massive ad fraud operation » that leverages hundreds of apps on the Google Play Store to perform a host of nefarious activities. The campaign has been codenamed Konfety – the Russian word for Candy – owing to its abuse of a mobile advertising software development kit (SDK) associated with a Russia-based […]
Threat Prevention & Detection in SaaS Environments – 101
Identity-based threats on SaaS applications are a growing concern among security professionals, although few have the capabilities to detect and respond to them. According to the US Cybersecurity and Infrastructure Security Agency (CISA), 90% of all cyberattacks begin with phishing, an identity-based threat. Throw in attacks that use stolen credentials, over-provisioned accounts, and
Le Negative Trust ou l’évolution du concept de Zero Trust
Le concept de Negative Trust ne vise pas à se méfier de ses propres collaborateurs, mais à dérouter les attaquants ayant infiltré le système avec des identités usurpées.
Iranian Hackers Deploy New BugSleep Backdoor in Middle East Cyber Attacks
The Iranian nation-state actor known as MuddyWater has been observed using a never-before-seen backdoor as part of a recent attack campaign, shifting away from its well-known tactic of deploying legitimate remote monitoring and management (RMM) software for maintaining persistent access. That’s according to independent findings from cybersecurity firms Check Point and Sekoia, which have
Void Banshee APT Exploits Microsoft MHTML Flaw to Spread Atlantida Stealer
An advanced persistent threat (APT) group called Void Banshee has been observed exploiting a recently disclosed security flaw in the Microsoft MHTML browser engine as a zero-day to deliver an information stealer called Atlantida. Cybersecurity firm Trend Micro, which observed the activity in mid-May 2024, the vulnerability – tracked as CVE-2024-38112 – was used as […]