Cybersecurity experts at Trend Micro have discovered a critical remote code execution (RCE) vulnerability, identified as CVE-2024-38112, within the Microsoft MHTML protocol handler. This vulnerability, dubbed ZDI-CAN-24433, was reported to Microsoft and later patched. However, the advanced persistent threat (APT) group Void Banshee actively exploited it. Exploitation by Void Banshee Void Banshee, known for targeting […]
Exim, the widely used Mail Transfer Agent (MTA) on Unix-like operating systems, faces a critical vulnerability, CVE-2024-39929, with a CVSS score of 9.1. This vulnerability affects Exim releases up to and including version 4.97.1. It allows remote attackers to bypass security filters, delivering malicious executable attachments directly to user inboxes. Immediate action is required to […]
In June 2024, eSentire’s Threat Response Unit (TRU) identified a significant case involving a Vidar Stealer infection. This infection began when a victim searched online for solutions to a Windows Update Error code such as 0x80070643. During their search, they landed on a site named PCHelper Wizards, which offered a supposedly simple fix through a […]
In early June 2024, a hacker known as “Sp1d3r” listed a database for sale on the dark web, claiming it contained data from the Los Angeles Unified School District (LAUSD) stolen from their Snowflake account. Pricing the database at $150,000, Sp1d3r included sensitive information such as student names, addresses, family details, demographics, financial records, grades, […]
Crown Equipment Corporation, one of the largest forklift manufacturers in the world, employing 19,600 people and having 24 manufacturing plants in 14 locations worldwide, recently confirmed a significant cyberattack that disrupted its operations for weeks. The Attack and Immediate Response On June 9th, Crown Equipment’s network was breached by an international cybercriminal organization. The company’s […]
A recent cyberattack on CDK Global has caused a significant disruption in car dealerships across the United States. This cyber incident has brought thousands of car dealerships to a standstill, impacting their operations severely. Here is a detailed account of what transpired and the implications for the affected businesses. The Scope of the Attack CDK […]
In February 2024, EclecticIQ cybersecurity researchers discovered phishing campaigns targeting financial institutions using embedded QR codes in PDF attachments to redirect victims to phishing URLs. Recently, these campaigns have begun using a Phishing-as-a-Service (PhaaS) platform known as ONNX Store, which now targets both Microsoft 365 and Office 365 email accounts. The platform enables phishing attacks […]
Overview of BadSpace Malware BadSpace is a sophisticated Windows backdoor malware that attackers deliver through compromised websites, especially those built on WordPress. This malware uses a multi-stage attack chain involving infected websites, command-and-control (C2) servers, fake browser updates, and a JScript downloader to infiltrate victims’ systems. Infection Chain: How BadSpace Infiltrates Systems According to German […]
A new, highly sophisticated phishing campaign has been detected by Trustwave that leverages HTML attachments to exploit the Windows search protocol, delivering malware through batch files hosted on remote servers. This article summarizes the mechanisms of the attack, mitigation measures, and insights into preventing such threats. Phishing Campaign Overview Researchers at Trustwave cybersecurity firm have […]
Cybersecurity researchers at eSentire have uncovered a sophisticated phishing attack leveraging the More_Eggs malware, disguised as job resumes. This tactic, identified over two years ago, continues to threaten organizations significantly. Recently, attackers targeted an unnamed company in the industrial services sector, underscoring the ongoing evolution of cyber threats and the need for heightened vigilance among […]
Cybersecurity researchers at ThreatFabric have uncovered a macOS variant of the LightSpy spyware, previously known for targeting iOS and Android devices. This development highlights the extensive reach and sophistication of this surveillance tool. LightSpy, a modular framework, has evolved to infiltrate various platforms, posing significant threats to user privacy and security. Origins and Evolution First reported […]
Advance Auto Parts, a major U.S. automotive aftermarket parts provider, has fallen victim to a significant data breach. Cybercriminals, operating under the handle “Sp1d3r,” claim to have stolen 3 terabytes of data from the company’s Snowflake cloud storage account. The stolen dataset, now being offered for sale at $1.5 million, includes vast amounts of sensitive […]
RansomHub, a nascent yet prolific ransomware-as-a-service (RaaS) operation, has recently come into the limelight due to its rapid rise and significant impacts. Cybersecurity researchers have traced its origins back to the now-defunct Knight ransomware, itself a rebrand of the Cyclops ransomware. RansomHub has a short history and operated mainly as a data theft and extortion […]
In today’s interconnected digital world, cyber attacks have become an ever-present threat targeting individuals, businesses, and governments alike. Understanding the different types of cyber attacks is crucial for organizations and individuals to effectively mitigate risks and protect themselves against potential breaches. Here, we delve into 20 of the most common types of cyber attacks with […]
Okta, a leading cybersecurity company specializing in identity and access management, has issued a warning about ongoing credential stuffing attacks targeting its Customer Identity Cloud (CIC) feature, particularly its cross-origin authentication. These attacks have been observed since April 15, 2024, affecting numerous customers. Credential stuffing is a type of cyber attack where threat actors use […]
Microsoft has recently unveiled a new North Korean state-aligned threat actor named Moonstone Sleet, previously known as Storm-1789. This group is implicated in a series of sophisticated cyber attacks, blending traditional techniques with innovative methodologies to target various sectors, including software, IT, education, and defense. Moonstone Sleet’s operations highlight the evolving landscape of cyber threats […]
The digital landscape is rapidly evolving, bringing both unprecedented opportunities and new threats. Among the most concerning of these threats is the Distributed Denial of Service (DDoS) attack, particularly a novel variant known as DNSBomb discovered by researchers from the Tsinghua University in Beijing, China. This powerful and practical pulsing DoS attack exploits DNS queries […]
In February 2024, U.S. pharmaceutical giant Cencora, formerly known as AmerisourceBergen, suffered a significant cyberattack leading to a major data breach. The attack compromised the personal and highly sensitive medical information of individuals associated with eight prominent drug companies that partner with Cencora for pharmaceutical and business services. Details of the Data Breach The data […]
A malicious crypto mining campaign codenamed ‘REF4578,’ has been discovered deploying a malicious payload named GhostEngine that uses vulnerable drivers to turn off security products and deploy an XMRig miner. Researchers at the cybersecurity firms Elastic Security Labs and Antiy have underlined the unusual sophistication of these crypto-mining attacks in separate reports and shared detection rules to help […]
With the rise of artificial intelligence, new features are continually being introduced to enhance user experience. The new Microsoft’s Recall feature, which captures screenshots of your active screen every few seconds and analyzes them using AI, exemplifies this trend by promising to enhance productivity with innovative AI-driven functionalities. However, despite its groundbreaking potential, this technology […]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently added a significant security flaw impacting NextGen Healthcare Mirth Connect to its Known Exploited Vulnerabilities (KEV) catalog. This action underscores the critical nature of the vulnerability, which has already seen active exploitation in the wild. The flaw, identified as CVE-2023-43208, has a serious impact due to […]
In a landmark case, The U.S. Department of State and U.S. Department of Justice have charged an Arizona woman, Christina Chapman, and an Ukranian man who, along with three unidentified foreign nationals, allegedly assisted North Korean IT workers in remotely working for US companies under false US identities. This scheme facilitated foreign IT workers in […]
A newly discovered vulnerability in the IEEE 802.11 WiFi standard, known as CVE-2023-52424, poses significant risks to network security. This flaw, dubbed the SSID Confusion attack, allows malicious actors to trick devices into connecting to less secure networks, thereby enabling eavesdropping type of attacks. The SSID Confusion Attack Researchers have identified a critical design flaw […]
Cybercriminals have now identified a new vector for ransomware attacks by leveraging the Windows Quick Assist feature. Consequently, this emerging threat, primarily driven by a group known as Storm-1811, employs sophisticated social engineering techniques to deploy the notorious Black Basta ransomware. Therefore, understanding these tactics and implementing effective cybersecurity measures are crucial to mitigating these […]
As digital transformation accelerates, the sophistication of cyber threats has also increased. Recent discoveries by Check Point Research have brought to light a significant vulnerability in Foxit PDF Reader, a popular software used by over 700 million users worldwide. This flaw has been exploited by threat actors to deliver malware via booby-trapped PDF documents. Overview […]
In today’s digital landscape, cybercriminals continuously adapt their tactics to exploit vulnerabilities and gain unauthorized access to sensitive information. One emerging threat is AI-powered vishing (voice phishing) and deepfake phishing attacks. Utilizing machine learning algorithms, these sophisticated attacks can deceive even the most cautious individuals. AI-Powered Phishing Attacks Phishing traditionally involves deceptive emails, messages, or […]
Federal agencies and cybersecurity experts have issued urgent warnings about the Black Basta ransomware group, which has targeted over 500 organizations across North America, Europe, and Australia since April 2022. This ransomware-as-a-service (RaaS) operation has breached numerous private industry and critical infrastructure sectors, causing severe disruptions and significant financial losses. One of the most notable […]
The increasing prevalence of identity document fraud, especially in today’s digital landscape, has made it essential for the implementation of advanced verification systems to thwart fraudulent activities. As of 2023, the most prevalent method of such fraud was the “document image-of-image” technique, identified in 63% of all rejected IDs. This type of fraud involves using […]
The security flaw known as “TunnelVision,” officially registered under CVE-2024-3661, represents a significant threat to the integrity of VPN (Virtual Private Network) communications. This vulnerability leverages a DHCP (Dynamic Host Configuration Protocol) option, specifically the classless static route option 121, to manipulate VPN traffic. This manipulation occurs when an attacker sets up a rogue DHCP […]
Ascension, one of the largest private healthcare systems in the United States, experienced significant disruptions in its clinical operations due to a suspected cybersecurity incident. This major nonprofit health system, which operates 140 hospitals and 40 senior care facilities across 19 states including the District of Columbia, reported unusual activity on its technology networks on […]
Nearly 52,000 instances of Tinyproxy, a popular open-source HTTP and HTTPS proxy server, are currently exposed to a severe security threat identified as CVE-2023-49606. This critical remote code execution (RCE) vulnerability affects primarily Tinyproxy services that are widely used by small businesses, public WiFi providers, and individual users who favor its efficiency and minimal resource […]
Cybersecurity researchers at the Symantec Threat Hunter Team, part of Broadcom, have noticed a troubling trend where multiple hacking collectives, including APT28, REF2924, Red Stinger, Flea, APT29, and OilRig, are increasingly exploiting Microsoft Graph API for malicious activities. These groups have been using Microsoft’s cloud services, like OneDrive, to host their command-and-control (C2) infrastructure, effectively […]
Dropbox has confirmed a significant breach of its Dropbox Sign service (formerly HelloSign), which compromised a wide range of customer information, including emails, usernames, phone numbers, hashed passwords, and various authentication details like API keys, OAuth tokens, and multi-factor authentication setups. The breach, identified on April 24, 2024, also exposed the email addresses and names […]
In a new research, SafeBreach’s Or Yair has unveiled significant security vulnerabilities in the Windows DOS-to-NT path conversion process. These findings, which Yair presented at the Black Hat Asia conference, illustrate how attackers could potentially achieve rootkit-like capabilities without requiring administrative permissions. Understanding the DOS-to-NT Path Conversion Vulnerability During a typical operation where a Windows […]
LastPass is alerting its users to a malicious campaign employing the CryptoChameleon phishing kit, notorious for cryptocurrency theft. Researchers have identified CryptoChameleon as a sophisticated phishing kit initially used against Federal Communications Commission (FCC) employees through counterfeit Okta single sign-on (SSO) pages. Security experts at Lookout have found that this phishing kit has also compromised […]
Since June 2023, cybersecurity observers have detected a surge in affordable ransomware offerings, termed “junk gun” ransomware, on the dark web. These tools are the product of independent developers and represent a shift away from the decade-long dominance of the ransomware-as-a-service (RaaS) model in the cybercriminal ecosystem. Sophos X-Ops has documented 19 distinct junk gun […]
Cisco Talos has issued a warning about a massive credential brute-force campaign that targets VPN and SSH services on devices worldwide. The campaign, which started on March 18, 2024, uses a mix of valid and generic employee usernames to crack the correct login credentials. Once the attackers gain access, they can hijack devices or infiltrate […]
Cisco Duo recently warned that hackers breached the security of their telephony provider on April 1, 2024, stealing some customers’ VoIP and SMS logs used for multi-factor authentication (MFA) messages. This cyberattack targeted an unnamed provider that handles Cisco Duo’s SMS and VOIP MFA message services. Cisco Duo, a major multi-factor authentication and Single Sign-On […]
Apple has issued a warning to iPhone users across 92 countries about a mercenary spyware attack targeting their devices remotely. The company expresses high confidence in the warning and urges users to take immediate action. According to a notification shared, the spyware attempts to compromise iPhones linked to specific Apple IDs. The notification also refers […]
Researchers have discovered a critical vulnerability in the Rust standard library, posing a significant threat to Windows users. The flaw, identified as CVE-2024-24576, could potentially allow attackers to stage command injection attacks on unsuspecting users. With a CVSS score of 10.0, the vulnerability’s severity is at its maximum, highlighting the urgent need for attention and […]
Cybersecurity researchers recently uncovered a complex multi-stage attack that targets users with invoice-themed phishing emails to deploy a variety of malware, including Venom RAT, Remcos RAT, XWorm, NanoCore RAT, and a crypto wallet stealer. Attackers attach Scalable Vector Graphics (SVG) files to emails, which initiate the malware infection process upon opening, according to a technical […]
The U.S. Department of Health and Human Services (HHS) has raised an alarm over an ongoing assault by cybercriminals targeting IT help desks in the Healthcare and Public Health (HPH) sector. These attackers, observed by the Health Sector Cybersecurity Coordination Center (HC3), wield sophisticated social engineering tactics to infiltrate the health sector’s defenses. Their strategy […]
Cybercriminals are distributing a new multi-functional malware named Byakugan through fake Adobe Acrobat Reader installers. The attack begins with a PDF file in Portuguese that displays a blurry image and prompts users to download a fake Reader application to see the content more clearly. Fortinet FortiGuard Labs reported that clicking on the provided link downloads […]
In the constantly changing world of cyber threats, thread hijacking stands out as a clever strategy that uses human curiosity to trap its victims. This advanced phishing technique takes control of ongoing email conversations, becoming a sinister threat that requires our immediate attention. By learning how these cyber predators operate, we can defend ourselves against […]
The data broker market specializing in location tracking is a booming industry valued at over $12 billion annually. However, this lucrative market is fraught with significant privacy concerns that affect consumers in ways that go beyond the convenience of booking rides or checking weather forecasts. Once your data is sold to a data broker, the […]
Designing and delivering an effective cybersecurity exercise demands meticulous planning, strategic execution, and a deep understanding of an organization’s vulnerabilities. These exercises test an organization’s ability to detect, investigate, and respond to cyber threats promptly and securely, helping to mitigate potential damages from real-life incidents. Here’s how to ensure your cybersecurity exercise makes a real […]
In today’s technologically advanced healthcare environment, the digitization of patient records and the growth of telemedicine have significantly improved efficiency and accessibility. However, these innovations have also introduced new vulnerabilities, exposing healthcare providers to numerous cyber threats. Healthcare organizations must not only comply with stringent regulatory requirements but also ensure the protection of patient data […]
In today’s digital age, where data breaches and cyber threats are increasingly common, law firms find themselves in a critical position. Entrusted with sensitive client information, ranging from personal data to corporate secrets, these firms are prime targets for cybercriminals. The implications of a security breach are not just financial but can severely damage a […]
At Purple Shield Security, our years of experience in penetration testing have unveiled five primary vulnerabilities that persist across companies of every scale. This article breaks down these critical security issues, providing businesses with insights to better protect their digital infrastructure. Recurrent Vulnerabilities Uncovered n our ongoing efforts to enhance business cybersecurity, we’ve identified several […]
In the evolving landscape of cyber security, a sophisticated phishing-as-a-service (PhaaS) platform, Tycoon 2FA, is posing significant threats to Microsoft 365 and Gmail accounts, effectively bypassing two-factor authentication (2FA) mechanisms. Discovered by Sekoia analysts in October 2023, Tycoon 2FA has been making waves in the cybercriminal community since August 2023, targeting unsuspecting users through advanced […]
