CircleCI, a DevOps platform, discovered that malware installed on a CircleCI engineer’s laptop was used by an unauthorized third party to steal a legitimate, 2FA-backed SSO session. On December 16, 2022, this device was compromised. The company’s antivirus programme was unable to detect the malware. “Our investigation indicates that the malware was able to execute session cookie...Read More
A “large and resilient infrastructure” comprising over 250 domains is being used to distribute information-stealing malware such as Raccoon and Vidar since early 2020. The infection chain “uses about a hundred of fake cracked software catalogue websites that redirect to several links before downloading the payload hosted on file share platforms, such as GitHub,” cybersecurity firm SEKOIA said in an analysis...Read More
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released several Industrial Control Systems (ICS) advisories warning of critical security flaws affecting products from Sewio, InHand Networks, Sauter Controls, and Siemens. The most severe of the flaws relate to Sewio’s RTLS Studio, which could be exploited by an attacker to “obtain unauthorized access to the server, alter...Read More
The consumer VPN market has seen explosive growth in the last few years due to the increasing popularity of VPN technologies. Users can keep their internet traffic private and anonymous with these ubiquitous utilities while avoiding restrictions or censorship on their usage of the internet. A malware campaign that began in May 2022 involved the...Read More
Customers were notified by NortonLifeLock – Gen Digital that accounts for Norton Password Manager had been successfully breached. They made it clear that the breach was targeted at user accounts rather than the company system. According to the letter given to the Office of the Vermont Attorney General, an unauthorized third party used credential stuffing to carry...Read More
Digital certificates are electronic credential that binds the identity to the owner of the certificate which can also pair the electronic encryption keys that can be public and private. This mainly uses to encrypt the sign information digitally. The main work for the digital certificate is to make sure the public key content, belongs to...Read More
A zero-day vulnerability in FortiOS SSL-VPN that Fortinet addressed last month was exploited by unknown actors in attacks targeting the government and other large organizations. “The complexity of the exploit suggests an advanced actor and that it is highly targeted at governmental or government-related targets,” Fortinet researchers said in a post-mortem analysis published this week. The attacks...Read More
A recent IcedID malware attack enabled the threat actor to compromise the Active Directory domain of an unnamed target less than 24 hours after gaining initial access, while also borrowing techniques from other groups like Conti to meet its goals. “Throughout the attack, the attacker followed a routine of recon commands, credential theft, lateral movement...Read More
Security researchers have disclosed multiple architectural vulnerabilities in Siemens SIMATIC and SIPLUS S7-1500 programmable logic controllers (PLCs) that could be exploited by a malicious actor to stealthily install firmware on affected devices and take control of them. Discovered by Red Balloon Security, the issues are tracked as CVE-2022-38773 (CVSS score: 4.6), with the low severity stemming from the...Read More
A new analysis of Raspberry Robin’s attack infrastructure has revealed that it’s possible for other threat actors to repurpose the infections for their own malicious activities, making it an even more potent threat. Raspberry Robin (aka QNAP worm), attributed to a threat actor dubbed DEV-0856, is a malware that has increasingly come under the radar for being used in attacks...Read More
Nulla vitae elit libero, a pharetra augue. Nulla vitae elit libero, a pharetra augue. Nulla vitae elit libero, a pharetra augue. Donec sed odio dui. Etiam porta sem malesuada.