'

Microsoft Defender Experts for XDR recognized in the latest MITRE Engenuity ATT&CK® Evaluation for Managed Services

Microsoft Defender Experts for XDR recognized in the latest MITRE Engenuity ATT&CK® Evaluation for Managed Services

Microsoft Defender Experts for XDR demonstrated excellent managed extended detection and response (MXDR) by unifying our human-driven services and Microsoft Defender XDR in the MITRE Engenuity ATT&CK® Evaluations: Managed Services menuPass + ALPHV BlackCat.    Defender Experts for XDR offers a range of capabilities:  Managed detection and response: Let our expert analysts manage your Microsoft Defender … Read more

VMware Warns of Critical vCenter Server Flaws

VMware Warns of Critical vCenter Server Flaws

VMware is urging customers to apply patches for two critical vulnerabilities in its vCenter Server centralized management utility, which if exploited could allow remote code execution. The heap overflow flaws (CVE-2024-37079 and CVE-2024-37080) exist in the vCenter Server’s implementation of the DCE/RPC protocol, which enables remote procedure calls. VMware said it is not aware of … Read more

Categories duo

CISA Conducts First-Ever Tabletop Exercise Focused on AI Cyber Incident Response

On June 13, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) made history by conducting the federal government’s inaugural tabletop exercise focused on artificial intelligence (AI) security incidents. This groundbreaking event, led by the Joint Cyber Defense Collaborative (JCDC), brought together key stakeholders from the private sector to address the unique challenges posed by AI … Read more

Europol Taken Down 13 Websites Linked to Terrorist Operations

Europol and law enforcement agencies from ten countries have taken down 13 websites linked to terrorist operations. The joint operation, known as Operation HOPPER II, targeted online platforms used by religious and politically motivated terrorist organizations to spread propaganda and recruit members. Targeting Key Assets in Online Terrorist Propaganda Operation HOPPER II focused on disrupting … Read more

New ARM ‘TIKTAG’ Attack Impacts Google Chrome, Linux Systems

New ARM ‘TIKTAG’ Attack Impacts Google Chrome, Linux Systems

Memory corruption lets attackers hijack control flow, execute code, elevate privileges, and leak data. ARM’s Memory Tagging Extension (MTE) aims to mitigate by tagging memory and checking tags on access.  The following researchers found speculative execution attacks can leak MTE tags via new TIKTAG gadgets exploiting branch prediction, prefetchers, and store-to-load forwarding.  Juhee Kim from … Read more

Latest EU Proposal ‘Fundamentally Undermines Encryption’

Latest EU Proposal ‘Fundamentally Undermines Encryption’

A recent revision to a proposal in the European Union Council that would require the operators of communications services to develop a method for “upload moderation” of content such as pictures and videos has drawn sharp criticism from the president of Signal, one of the more popular secure messaging apps. EU legislators have been considering … Read more

Categories duo

Fake Error Messages Used in Lumma Stealer, RAT Attacks

Fake Error Messages Used in Lumma Stealer, RAT Attacks

Several threat actors are leveraging a “unique social engineering” tactic in order to infect users with various information stealers and remote access trojans like Lumma Stealer, DarkGate and NetSupport. The technique has been observed in attacks that started in early March and that are ongoing. Attackers show victims a pop-up textbox, which they either send … Read more

Categories duo

Operation Celestial Force Employing Android And Windows Malware To Attack Indian Users

Operation Celestial Force Employing Android And Windows Malware To Attack Indian Users

A Pakistani threat actor group, Cosmic Leopard, has been conducting a multi-year cyber espionage campaign named Operation Celestial Force, targeting Indian entities. Since 2018, they have used GravityRAT malware, initially for Windows and later for Android, which has been deployed through malicious documents and social engineering.  In 2019, they expanded their toolkit with HeavyLift, a … Read more

Hackers Employing New Techniques To Attack Docker API

Hackers Employing New Techniques To Attack Docker API

Attackers behind Spinning YARN launched a new cryptojacking campaign targeting publicly exposed Docker Engine hosts by using new binaries chkstart (remote access with payload execution), exeremo (lateral movement through SSH), and vurld (Go downloader for malware retrieval) and a persistence mechanism that modifies systemd services with ExecStartPost for malicious commands.  It targets Docker API endpoints … Read more

Hidden Backdoor in D-Link Routers Let Attacker Login as Admin

A critical vulnerability has been discovered in several models of D-Link wireless routers, allowing unauthenticated attackers to gain administrative access to the devices. The CVE-2024-6045 vulnerability has a CVSS score of 8.8, indicating a high severity level. CVE-2024-6045 – Vulnerability Details: According to the Twcert blogs, the vulnerability stems from an undisclosed factory testing backdoor … Read more