Capita, the British outsourcing company hit by a ransomware attack last March, has reported losing more than £106.6 million ($135.5 million) over the last year — roughly a quarter of which was directly caused by the incident. The company had initially said it expected the incident to cost up to £20 million ($25.4 million) to […]
Mar 06, 2024NewsroomCyber Attack / Malware A financial entity in Vietnam was the target of a previously undocumented threat actor called Lotus Bane that was first detected in March 2023. Singapore-headquartered Group-IB described the hacking outfit as an advanced persistent threat group that’s believed to have been active since at least 2022. The exact specifics […]
Tomer Nahum and Eric Woodruff Key findings Golden SAML, an attack technique that exploits the SAML single sign-on protocol, was used as a post-breach exploit, compounding the devastating SolarWinds attack of 2020—one of the largest breaches of the 21st century. The supply chain SolarWinds attack affected thousands of organizations around the world, including the U.S. […]
Technical Analysis In this section, we provide a detailed analysis of each component of the attack chain initiated when a victim receives and clicks on the link within the PDF. PDF analysis The PDF file is a fake invitation to a wine-tasting event purported to take place at the Indian ambassador’s residence on February 2nd, […]
Feb 29, 2024NewsroomThreat Intelligence / Cyber Threat Cybersecurity researchers have disclosed a new attack technique called Silver SAML that can be successful even in cases where mitigations have been applied against Golden SAML attacks. Silver SAML “enables the exploitation of SAML to launch attacks from an identity provider like Entra ID against applications configured to […]
Feb 28, 2024NewsroomPhishing Attack / Malware Mexican users have been targeted with tax-themed phishing lures at least since November 2023 to distribute a previously undocumented Windows malware called TimbreStealer. Cisco Talos, which discovered the activity, described the authors as skilled and that the “threat actor has previously used similar tactics, techniques and procedures (TTPs) to […]
Feb 27, 2024NewsroomSupply Chain Attack / Data Security Cybersecurity researchers have found that it’s possible to compromise the Hugging Face Safetensors conversion service to ultimately hijack the models submitted by users and result in supply chain attacks. “It’s possible to send malicious pull requests with attacker-controlled data from the Hugging Face service to any repository […]
Dive Brief: The HHS has reached its second-ever settlement related to a ransomware attack, which exposed the protected health information of more than 14,000 people, the agency announced Wednesday. Maryland-based Green Ridge Behavioral Health agreed to pay $40,000 and implement a corrective action plan after an investigation found potential violations of the HIPAA rule and […]
Feb 23, 2024NewsroomSupply Chain Attack / Malware A dormant package available on the Python Package Index (PyPI) repository was updated nearly after two years to propagate an information stealer malware called Nova Sentinel. The package, named django-log-tracker, was first published to PyPI in April 2022, according to software supply chain security firm Phylum, which detected […]