LOLBAS in the Wild: 11 Living-Off-The-Land Binaries Used for Malicious Purposes

Cybersecurity researchers have discovered a set of 11 living-off-the-land binaries-and-scripts (LOLBAS) that could be maliciously abused by threat actors to conduct post-exploitation activities.  « LOLBAS is an attack method that uses binaries and scripts that are already part of the system for malicious purposes, » Pentera security researcher Nir Chako said. « This makes it hard for security teams

New Malware Campaign Targets Inexperienced Cyber Criminals with OpenBullet Configs

A new malware campaign has been observed making use of malicious OpenBullet configuration files to target inexperienced cyber criminals with the goal of delivering a remote access trojan (RAT) capable of stealing sensitive information. Bot mitigation company Kasada said the activity is designed to « exploit trusted criminal networks, » describing it as an instance of advanced threat actors […]

CERTFR-2023-ACT-034 : Bulletin d’actualité CERTFR-2023-ACT-034 (07 août 2023)

Ce bulletin d’actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas …

North Korean Hackers Targets Russian Missile Engineering Firm

Two different North Korean nation-state actors have been linked to a cyber intrusion against the major Russian missile engineering company NPO Mashinostroyeniya. Cybersecurity firm SentinelOne said it identified « two instances of North Korea related compromise of sensitive internal IT infrastructure, » including a case of an email server compromise and the deployment of a Windows backdoor dubbed

Enhancing Security Operations Using Wazuh: Open Source XDR and SIEM

In today’s interconnected world, evolving security solutions to meet growing demand is more critical than ever. Collaboration across multiple solutions for intelligence gathering and information sharing is indispensable. The idea of multiple-source intelligence gathering stems from the concept that threats are rarely isolated. Hence, their detection and prevention require a comprehensive

New SkidMap Redis Malware Variant Targeting Vulnerable Redis Servers

Vulnerable Redis services have been targeted by a « new, improved, dangerous » variant of a malware called SkidMap that’s engineered to target a wide range of Linux distributions. « The malicious nature of this malware is to adapt to the system on which it is executed, » Trustwave security researcher Radoslaw Zdonczyk said in an analysis published last week. Some of the […]

FBI Alert: Crypto Scammers are Masquerading as NFT Developers

The U.S. Federal Bureau of Investigation (FBI) is warning about cyber crooks masquerading as legitimate non-fungible token (NFT) developers to steal cryptocurrency and other digital assets from unsuspecting users. In these fraudulent schemes, criminals either obtain direct access to NFT developer social media accounts or create look-alike accounts to promote « exclusive » new NFT releases, often

MDR: Empowering Organizations with Enhanced Security

Managed Detection and Response (MDR) has emerged as a crucial solution for organizations looking to bolster their security measures. MDR allows businesses to outsource the management of Endpoint Detection and Response (EDR) products deployed across their network domain. With real-time threat-hunting capabilities, MDR services detect and mitigate malicious activities on individual endpoints while

Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems

Threat actors are using an open-source rootkit called Reptile to target Linux systems in South Korea. « Unlike other rootkit malware that typically only provide concealment capabilities, Reptile goes a step further by offering a reverse shell, allowing threat actors to easily take control of systems, » the AhnLab Security Emergency Response Center (ASEC) said in a report published this week. […]

Microsoft Addresses Critical Power Platform Flaw After Delays and Criticism

Microsoft on Friday disclosed that it has addressed a critical security flaw impacting Power Platform, but not before it came under criticism for its failure to swiftly act on it. « The vulnerability could lead to unauthorized access to Custom Code functions used for Power Platform custom connectors, » the tech giant said. « The potential impact could be […]