eBook: Fake Diurnals - Malicious Threat Actors Hiding in Plain Sight

eBook Fake Diurnals - Malicious Threat Actors Hiding in Plain Sight   Download

Is your legitimate traffic concealing threat actors? A common tactic employed by malicious actors is the generation of "low and slow" simulated daily traffic. By using this strategy, bad actors try to avoid detection by blending in with genuine user traffic patterns. This eBook will provide you with an understanding of how these malicious threat actors can cause harm to your website and offer effective prevention methods.   Download eBook

You may unsubscribe or change your contact details at any time.

Powered by:

eBook: 4 Steps to Comprehensive Service Account Security

eBook 4 Steps to Comprehensive Service Account Security   Download

There are countless service accounts in any given organization and today, the number of these non-human accounts - and the number of applications that rely on them - is growing each day. These accounts can become high-risk assets that, if left unchecked, may enable threats to propagate throughout the network undetected. In this eBook, we'll explore the challenges of protecting service accounts and offer guidance on how to combat these issues. Topics covered, include:  3 key problems created by service accounts Why current methods of securing service accounts fall short 4 steps to comprehensive service account security And more   Download eBook

You may unsubscribe or change your contact details at any time.

Powered by:

⚡ Stay Informed: Top Cybersecurity News You Can't Afford to Miss

Weekly Roundup Top Cybersecurity Stories

👋 Greetings, cyber warriors! It's time for another weekly roundup of the latest cybersecurity news and updates. 📰 As we navigate through a world that is increasingly digital, it's more important than ever to stay informed and protected against the latest threats. ☕ So sit back, grab a cup of coffee, and let's dive into what's been happening in the world of cybersecurity this week.   Articles 1 — New PoC exploit for PaperCut flaw bypasses all known detections A critical flaw has been discovered in PaperCut servers that could allow an unauthenticated attacker 🔓 to execute arbitrary code 🤖 with SYSTEM privileges. Although the Australian company has already patched the issue, multiple threat groups, including ransomware actors 💰, have weaponized the vulnerability. But what's most concerning 😬 is that cybersecurity researchers have found a way to exploit the flaw in a manner that bypasses all current detections. VulnCheck has published a proof-of-concept (PoC) exploit that leverages PaperCut's "User/Group Sync" feature, enabling attackers to launch arbitrary code execution without activating known detections 🔍. With this new attack method, defenders must produce robust detections that aren't easily bypassed to stay ahead of cybercriminals. Read Details ➤ 2 — AMOS Strikes: New Information Stealer Targets Apple Users Attention all Apple macOS users! 🍎 A new information stealer called Atomic macOS Stealer, or AMOS, is now available for purchase on Telegram for $1,000 per month. This new malware can steal various types of information, including 🔑 passwords, system information, and even the macOS password. AMOS also has the ability to extract data from 🌐 web browsers and cryptocurrency wallets, making it a significant threat to users. The malware takes the form of a bogus prompt, urging the victim to enter their system password, and then carries out its malicious activities. The intrusion vector is not yet clear, but it's possible that users are being manipulated into downloading it under the guise of legitimate software. Read Details ➤       Cyber Security Webinar First and foremost, I'd like to bring to your attention one of our upcoming webinars that is truly unique and has the potential to revolutionize your approach to cybersecurity. Given the limited number of seats available for both webinars, I highly recommend that you register now to secure your spot. This is an opportunity you don't want to miss out on! 💪 Learn how to prevent ransomware from spreading in your environment. Join our webinar to discover why lateral movement is the critical risk you face and how identity-focused protection is the only way to defeat it. 🕵️‍♂️Discover the power of Deception - the proactive security solution that stops advanced threats in their tracks. Join our hour-long webinar to learn how to integrate Deception into your Zero Trust architecture and gain the upper hand against attackers. Sign up now and stay ahead of the game!

3 — PHP software package repository hijacked 📦 Packagist, a PHP software package repository, was attacked on May 1, 2023 . An anonymous penetration tester with the pseudonym "neskafe3v1" hijacked over a dozen packages with more than 500 million installs. Multiple Doctrine packages were impacted. Fortunately, the attacker did not make any malicious changes to the packages, but replaced the package description with their own message. Packagist has taken steps to restore all packages and disabled the accounts involved. To prevent future attacks, users are being urged to enable 🔒 two-factor authentication to secure their accounts. Read Details ➤ 4 — Google's Passkeys: Future of Passwordless Security is Here Google is revolutionizing the way users sign in to their accounts with its new 🔑 passwordless solution, Passkeys! Supported by the FIDO Alliance, Passkeys offer a more secure and convenient way to log in to apps and websites without having to use traditional passwords. 🙌 Users can create Passkeys on their devices and locally store them, unlocking access to their accounts with biometrics or a local PIN. The new solution is resistant to online attacks such as phishing, making it more secure than other login methods like SMS one-time codes. Read Details ➤ 5 — BouldSpy: New Android surveillanceware used by Iranian authorities In a chilling revelation, over 300 minority individuals have been 🕵️‍♂️ spied on by the Iranian government using a new Android surveillanceware called BouldSpy. With moderate confidence, the malware has been linked to the Law Enforcement Command of the Islamic Republic of Iran, which has targeted Iranian Kurds, Baluchis, Azeris, and Armenian Christian groups. The malware abuses 📱 Android's accessibility services and other intrusive permissions to collect sensitive information like web browser history, photos, contact lists, SMS logs, keystrokes, screenshots, clipboard content, microphone audio, and video call recordings. The malware also includes a command-and-control (C2) panel to manage victim devices, create new malicious apps, and run additional code sent from the C2 server. The spyware also disables battery management features to prevent victims' devices from terminating its activities. Read Details ➤ 6 — Industry giants join forces to combat unauthorized tracking Apple and Google are taking a united stand against unauthorized tracking with a first-of-its-kind industry-wide specification designed to enhance safety and alert users of potential tracking risks. The initiative aims to ensure Bluetooth location-tracking devices, such as AirTags, comply with instructions and recommendations to minimize the risk of misuse by bad actors. Key tracking device vendors, including Samsung and Tile, have already signed up to adhere to the new best practices, while the proposal calls for the use of a pairing registry to enhance privacy and enable law enforcement to access verifiable identity information if required. Read Details ➤ 7 — LOBSHOT Malware Spreads Through Google Ads In the latest instance of how threat actors are exploiting Google Ads to deliver malware, a new Windows-based financial trojan and information stealer called LOBSHOT has been discovered. The malware is attributed to a financially motivated e-crime syndicate called TA505, which is associated with the Dridex banking trojan. LOBSHOT is distributed via rogue Google ads for legitimate tools like AnyDesk and can siphon data from over 50 cryptocurrency wallet extensions in web browsers. One of its core capabilities is its hVNC module that allows for direct and unobserved access to the machine. Read Details ➤ 8 — TP-Link, Apache, and Oracle Systems Vulnerable to Attack The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified three critical vulnerabilities that are being actively exploited by malicious actors. The three flaws are CVE-2023-1389, affecting TP-Link Archer AX-21 routers; CVE-2021-45046, affecting Apache Log4j2 logging library; and CVE-2023-21839, affecting Oracle WebLogic Server. With the CVSS scores ranging from 7.5 to 9.0, these vulnerabilities pose a severe threat to systems and sensitive data. Read Details ➤ 9 — Google strikes back at CryptBot malware attackers Google has obtained a temporary court order in the US to halt the spread of the CryptBot malware, which steals sensitive data such as authentication credentials and cryptocurrency wallets from Google Chrome users. The malware is believed to have infected over 670,000 computers in 2022, with major distributors suspected to be based in Pakistan. Google intends to use the order to take down CryptBot-related domains and stems new infections. Read Details ➤ That's all for this week's edition of our cybersecurity newsletter. We hope that our roundup has provided you with valuable insights and information to stay on top of the latest developments in the industry. Remember, cybersecurity is a constantly evolving field, so stay vigilant and keep learning. Until next week, stay safe and secure!

You may unsubscribe or change your contact details at any time.

Powered by: