Backdoor Implant on Hacked Cisco Devices Modified to Evade Detection
The backdoor implanted on Cisco devices by exploiting a pair of zero-day flaws in IOS XE software has been modified by the threat actor so as to escape visibility via previous fingerprinting methods. « Investigated network traffic to a compromised device has shown that the threat actor has upgraded the implant to do an extra header […]
1Password Detects Suspicious Activity Following Okta Support Breach
Popular password management solution 1Password said it detected suspicious activity on its Okta instance on September 29 following the support system breach, but reiterated that no user data was accessed. « We immediately terminated the activity, investigated, and found no compromise of user data or other sensitive systems, either employee-facing or user-facing, » Pedro Canahuati, 1Password CTO,
Who’s Experimenting with AI Tools in Your Organization?
With the record-setting growth of consumer-focused AI productivity tools like ChatGPT, artificial intelligence—formerly the realm of data science and engineering teams—has become a resource available to every employee. From a productivity perspective, that’s fantastic. Unfortunately for IT and security teams, it also means you may have hundreds of people in your organization using a new […]
DoNot Team’s New Firebird Backdoor Hits Pakistan and Afghanistan
The threat actor known as DoNot Team has been linked to the use of a novel .NET-based backdoor called Firebird targeting a handful of victims in Pakistan and Afghanistan. Cybersecurity company Kaspersky, which disclosed the findings in its APT trends report Q3 2023, said the attack chains are also configured to deliver a downloader named CSVtyrei, so […]
Quasar RAT Leverages DLL Side-Loading to Fly Under the Radar
The open-source remote access trojan known as Quasar RAT has been observed leveraging DLL side-loading to fly under the radar and stealthily siphon data from compromised Windows hosts. « This technique capitalizes on the inherent trust these files command within the Windows environment, » Uptycs researchers Tejaswini Sandapolla and Karthickkumar Kathiresan said in a report published last week,
CERTFR-2023-ACT-046 : Bulletin d’actualité CERTFR-2023-ACT-046 (23 octobre 2023)
Ce bulletin d’actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas …
Active Directory : les conseils de l’ANSSI en 10 schémas
Le corpus Active Directory de l’ANSSI comprend désormais un guide d’administration sécurisée. En voici un aperçu.
Europol Dismantles Ragnar Locker Ransomware Infrastructure, Nabs Key Developer
Europol on Friday announced the takedown of the infrastructure associated with Ragnar Locker ransomware, alongside the arrest of a « key target » in France. « In an action carried out between 16 and 20 October, searches were conducted in Czechia, Spain, and Latvia, » the agency said. « The main perpetrator, suspected of being a developer of the Ragnar group, […]
Okta’s Support System Breach Exposes Customer Data to Unidentified Threat Actors
Identity services provider Okta on Friday disclosed a new security incident that allowed unidentified threat actors to leverage stolen credentials to access its support case management system. « The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases, » David Bradbury, Okta’s chief security officer, said. « It should […]
Cisco Zero-Day Exploited to Implant Malicious Lua Backdoor on Thousands of Devices
Cisco has warned of a new zero-day flaw in IOS XE that has been actively exploited by an unknown threat actor to deploy a malicious Lua-based implant on susceptible devices. Tracked as CVE-2023-20273 (CVSS score: 7.2), the issue relates to a privilege escalation flaw in the web UI feature and is said to have been used alongside CVE-2023-20198 as […]