Intellawatch

Russian BlueAlpha APT Exploits Cloudflare Tunnels to Distribute Custom Malware cyber

from

GBHackers On Security

BlueAlpha, a Russian state-sponsored group, is actively targeting Ukrainian individuals and organizations by using spearphishing emails with malicious HTML attachments to deliver GammaLoad malware. This technique is gaining popularity among attackers due to its ease of use and low cost. GammaLoad then beacons to the C2 server, sending victim information and retrieving encoded VBScript for further malicious actions.....

Cybersecurity in the European Union 2024: ENISA’s Insights and Recommendations for Strengthening Resilience cyber

from

The Cyber Express

The EU’s cybersecurity risk assessment indicates that cyber threats remain substantial, with adversaries ranging from cybercriminals to state-aligned groups targeting critical sectors and governmental systems. Updating the EU’s framework for managing large-scale cyber incidents is crucial, particularly in terms of improving situational awareness and operational cooperation during crises. NISA stresses the importance of coordinated risk assessments to develop comprehensive policies that address ....

Automated Network Security with Rust: Detecting and Blocking Port Scanners cyber

from

Synacktiv

Netfilter is composed of 5 main hooks which are specific points in the kernel’s networking stack where packets can be intercepted. This ordering allows different components to process packets in a specific sequence, enabling complex filtering, logging, and NAT operations while ensuring that critical tasks are performed before less urgent ones. By following this example, you can build upon these concepts to develop more sophisticated and specialized tools for your network security needs.....

Neue EU-Gesetze zur Cyberabwehr cyber

from

CSO Online

Ziel dieser koordinierten Infrastruktur ist es, Warnungen und praktikable Erkenntnisse über Grenzen hinweg auszutauschen sowie zu gewährleisten, dass einheitlich auf Cybervorfälle reagiert werden kann. Experten merkten an, dass das Gesetz zwar ein positiver Schritt sei, die EU jedoch nicht bei der regionalen Zusammenarbeit stehen bleiben sollte. Die Zusammenarbeit im Rahmen des Gesetzes als ein einziger Block könnte solche Bemühungen innerhalb der EU straffen und beschleunigen, aber für eine gl....

Rapid7 Extends Cloud Security Capabilities with Updates to Exposure Command cyber

from

Rapid7 Blog

These workloads also introduce unique risks, such as model poisoning attacks or vulnerabilities in APIs, creating new vectors for data exfiltration and service disruption. Additionally, the dynamic nature of cloud-hosted AI services presents challenges in maintaining secure configurations as resources scale elastically, potentially exposing sensitive endpoints or misconfigured setups. Exposure Command addresses this with features like custom registry keys for golden images, ensuring you can tra....

Sophisticated Celestial Stealer Targets Browsers to Steal Login Credentials cyber

from

GBHackers On Security

It operates as an Electron or NodeJS application, injecting code into vulnerable apps and communicating with C2 servers. Celestial Stealer, a JavaScript-based information stealer, is packaged as either an Electron application or a standalone NodeJS executable, which employs various anti-analysis techniques, such as obfuscation and runtime checks, to evade detection and hinder analysis. By stealing information from a user’s device, it can steal files containing certain keywords, take screenshots....

End-of-Year PTO: Days Off and Data Exfiltration with Formbook cyber

from

Cofense

Error....

Russian Hackers Hijacked Pakistani Actor Servers For C2 Communication cyber

from

GBHackers On Security

It is a sophisticated nation-state actor that leverages the infrastructure of other threat actors to conduct stealthy and persistent cyberattacks. While the group’s operations, spanning from late 2022 to mid-2023, involved extensive data exfiltration and potential espionage activities targeting sensitive government information. To mitigate this risk, organizations should implement robust security measures, including a well-tuned EDR solution, monitoring for large data transfers, and considering....

​​8 years as a Leader in the Gartner® Magic Quadrant™ for Access Management​​ cyber

from

Microsoft Security

In mid-October, we released our 2024 Microsoft Digital Defense Report, which revealed over 600 million identity attacks per day. It empowers customers to protect their digital everything with a simplified user experience that makes identity and access management (IAM) easier than ever before. Read more about the prerequisites and set up requirements for Face Check with Microsoft Entra Verified ID.....

Why security leaders trust Microsoft Sentinel to modernize their SOC​​ cyber

from

Microsoft Security

Several well-established, traditional SIEMs have been acquired by bigger vendors, raising uncertainty around their future product roadmap and long-term support commitments. Gain actionable insights from threat intelligence powered by 78 trillion daily signals reasoned over with AI and 10,000 world-class security experts. Microsoft Sentinel is transforming how SOCs operate by offering a cloud-native, AI-powered solution that scales with your organization’s needs.....

Resecurity introduces AI-powered GSOC at NATO Edge 2024 cyber

from

Help Net Security

At the core of Resecurity’s GSOC is Context AI, an advanced AI-powered engine designed to revolutionize how security events are analyzed and managed. Advanced training simulations: VR environments allow GSOC personnel to train in realistic scenarios, such as handling ransomware attacks or defending against state-sponsored cyber intrusions. International collaboration: GSOCs will play a key role in fostering global partnerships, allowing nations to pool resources, share intelligence, and build c....

U.S. CISA adds CyberPanel flaw to its Known Exploited Vulnerabilities catalog cyber

from

Security Affairs

....

CapibaraZero Firmware With ESP32-S3 Hardware Enables Low Cost Flipper Zero alternative cyber

from

GBHackers On Security

CapibaraZero is an open-source firmware that brings Flipper Zero-like functionalities to devices based on the ESP32-S3 microcontroller. However, external modules are needed to fully replicate the Flipper Zero’s feature set, such as adding displays, NFC, or Sub-GHz radios. With CapibaraZero’s ongoing development, tech enthusiasts now have a promising way to explore hardware hacking and pen-testing without the high cost of entry.....

Migrating Dashboards Between OpenSearch Instances cyber

from

SOC Prime

They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites.....

Interesting URL Schema Abuse Patterns (Merry Phishmas) cyber

from

SOC Prime

They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites.....

Russian hackers abuse Cloudflare tunneling service to drop GammaDrop malware cyber

from

CSO Online

“BlueAlpha uses Cloudflare Tunnels to conceal its GammaDrop staging infrastructure, evading traditional network detection mechanisms,” researchers at Insikt said in a note. Control policies that can block the execution of malicious files and unauthorized DNS-over-HTTPS (DoH) connections could also help with these threats. “BlueAlpha’s continued use of legitimate services like Cloudflare demonstrates its commitment to refining evasion techniques,” the researchers added.....

Detecting Pegasus Infections cyber

from

Schneier on Security

The company’s Mobile Threat Hunting feature uses a combination of malware signature-based detection, heuristics, and machine learning to look for anomalies in iOS and Android device activity or telltale signs of spyware infection. These users can walk through steps to generate and send a special diagnostic utility file to iVerify and receive analysis within hours. iVerify’s infrastructure is built to be privacy-preserving, but to run the Mobile Threat Hunting feature, users must enter an email ....

How businesses can stay secure as AI takes hold cyber

from

ITPro - Security

Employees may not always be aware that the tools they use, while seemingly harmless, could expose confidential information to external threats or violate data governance policies. Employees may not always be aware that the tools they use, while seemingly harmless, could expose confidential information to external threats or violate data governance policies. Once again, employee training is crucial; regular sessions to educate staff on identifying phishing attempts and suspicious activity can go....

The state of cybersecurity in the Middle East cyber

from

ITPro - Security

“This can often cause problems with forensic analysis, as in many cases log retention periods are not long enough for the initial source of breach to be isolated.” “Operating cybersecurity by simply identifying threats is no longer sufficient, however, the knowledge gap in business leaders has prevented Zero Trust frameworks from widespread implementation.” Trevor Dearing, director of critical infrastructure at Illumio, said he was not surprised by this knowledge gap, suggesting outdated securi....

The state of cybersecurity in Europe cyber

from

ITPro - Security

The majority (52%) of these respondents were in roles at large organizations, which Cloudflare defines as those with over 2,500 employees. “Complexity is undoubtedly the enemy of security, so time investment in simplification, standardization, and rationalization initiatives will deliver strong, tangible benefits,” he said. As cyber threats evolve, organizations are focusing on bolstering their defenses through enhanced security investments, streamlined cybersecurity tools, and modernized infra....

TA: 66729 TP: 3337 CP: 3