command-and-control - Cloud Security Alliance News Clipping Site

The Register: 1000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole

Nov 22, 2024

—

by

Source URL: https://www.theregister.com/2024/11/22/palo_alto_firewalls_under_exploit/ Source: The Register Title: 1000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole Feedly Summary: PAN-PAN! Intruders inject web shell backdoors, crypto-coin miners, more Thousands of Palo Alto Networks firewalls were compromised by attackers exploiting two recently patched security bugs. The intruders were able to deploy web-accessible backdoors to…

The Register: Swiss cheesed off as postal service used to spread malware

Nov 16, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.theregister.com/2024/11/16/swiss_malware_qr/ Source: The Register Title: Swiss cheesed off as postal service used to spread malware Feedly Summary: QR codes arrive via an age-old delivery system Switzerland’s National Cyber Security Centre (NCSC) has issued an alert about malware being spread via the country’s postal service.… AI Summary and Description: Yes Summary: The National Cyber…

The Register: China’s Volt Typhoon crew and its botnet surge back with a vengeance

Nov 13, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.theregister.com/2024/11/13/china_volt_typhoon_back/ Source: The Register Title: China’s Volt Typhoon crew and its botnet surge back with a vengeance Feedly Summary: Ohm, for flux sake China’s Volt Typhoon crew and its botnet are back, compromising old Cisco routers once again to break into critical infrastructure networks and kick off cyberattacks, according to security researchers.… AI…

The Register: Winos4.0 abuses gaming apps to infect, control Windows machines

Nov 8, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.theregister.com/2024/11/08/winos40_targets_windows/ Source: The Register Title: Winos4.0 abuses gaming apps to infect, control Windows machines Feedly Summary: ‘Multiple’ malware samples likely targeting education orgs Criminals are using game-related applications to infect Windows systems with a malicious software framework called Winos4.0 that gives the attackers full control over compromised machines.… AI Summary and Description: Yes…

Cloud Blog: (In)tuned to Takeovers: Abusing Intune Permissions for Lateral Movement and Privilege Escalation in Entra ID Native Environments

Nov 6, 2024

—

by

system automation

in Uncategorized

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/abusing-intune-permissions-entra-id-environments/ Source: Cloud Blog Title: (In)tuned to Takeovers: Abusing Intune Permissions for Lateral Movement and Privilege Escalation in Entra ID Native Environments Feedly Summary: Written by: Thibault Van Geluwe de Berlaere, Karl Madden, Corné de Jong The Mandiant Red Team recently supported a client to visualize the possible impact of a compromise by…

The Register: Ongoing typosquatting campaign impersonates hundreds of popular npm packages

Nov 5, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.theregister.com/2024/11/05/typosquatting_npm_campaign/ Source: The Register Title: Ongoing typosquatting campaign impersonates hundreds of popular npm packages Feedly Summary: Puppeteer or Pupeter? One of them will snoop around on your machine and steal your credentials An ongoing typosquatting campaign is targeting developers via hundreds of popular JavaScript libraries, whose weekly downloads number in the tens of…

Cloud Blog: Hybrid Russian Espionage and Influence Campaign Aims to Compromise Ukrainian Military Recruits and Deliver Anti-Mobilization Narratives

Oct 28, 2024

—

by

system automation

in Uncategorized

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/russian-espionage-influence-ukrainian-military-recruits-anti-mobilization-narratives/ Source: Cloud Blog Title: Hybrid Russian Espionage and Influence Campaign Aims to Compromise Ukrainian Military Recruits and Deliver Anti-Mobilization Narratives Feedly Summary: In September 2024, Google Threat Intelligence Group (consisting of Google’s Threat Analysis Group (TAG) and Mandiant) discovered UNC5812, a suspected Russian hybrid espionage and influence operation, delivering Windows and Android…

Krebs on Security: Sudanese Brothers Arrested in ‘AnonSudan’ Takedown

Oct 17, 2024

—

by

system automation

in Uncategorized

Source URL: https://krebsonsecurity.com/2024/10/sudanese-brothers-arrested-in-anonsudan-takedown/ Source: Krebs on Security Title: Sudanese Brothers Arrested in ‘AnonSudan’ Takedown Feedly Summary: The U.S. government on Wednesday announced the arrest and charging of two Sudanese brothers accused of running Anonymous Sudan (a.k.a. AnonSudan), a cybercrime business known for launching powerful distributed denial-of-service (DDoS) attacks against a range of targets, including dozens…

The Register: Move over, Cobalt Strike. Splinter’s the new post-exploit menace in town

Sep 23, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.theregister.com/2024/09/23/splinter_red_team_tool/ Source: The Register Title: Move over, Cobalt Strike. Splinter’s the new post-exploit menace in town Feedly Summary: No malware crew linked to this latest red-teaming tool yet Attackers are using Splinter, a new post-exploitation tool, to wreak havoc in victims’ IT environments after initial infiltration, utilizing capabilities such as executing Windows commands,…

Slashdot: SpyAgent Android Malware Steals Your Crypto Recovery Phrases From Images

Sep 7, 2024

—

by

system automation

in Uncategorized

Source URL: https://it.slashdot.org/story/24/09/06/220250/spyagent-android-malware-steals-your-crypto-recovery-phrases-from-images?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: SpyAgent Android Malware Steals Your Crypto Recovery Phrases From Images Feedly Summary: AI Summary and Description: Yes Summary: The text discusses the SpyAgent Android malware, highlighting its use of optical character recognition (OCR) to steal sensitive cryptocurrency wallet information. Notably targeting South Korea, this malware threatens to extend its…

Tag: command-and-control