Apr 20, 2024NewsroomVulnerability / Network Security Palo Alto Networks has shared more details of a critical security flaw impacting PAN-OS that has come under active exploitation in the wild by malicious actors. The company described the vulnerability, tracked as CVE-2024-3400 (CVSS score: 10.0), as “intricate” and a combination of two bugs in versions PAN-OS 10.2, […]
Backdoor Details – Binary Analysis Stage 1 injector The analysis in this blog is based on this ZIP archive: Advanced-ip-scanner.zip (SHA256:7966ee1ae9042e7345a55aa98ddeb4f39133216438d67461c7ee39864292e015). The ZIP archive contains two files: Advanced-ip-scanner.exe: A renamed copy of the legitimate Microsoft EXE oleview.exe. IVIEWERS.dll: A 22 MB DLL, which contains the stage two payload. This DLL is padded with an unused […]
The stolen data includes sensitive personal details such as full name, date of birth, social security number, and contact information, posing a significant risk of identity theft and phishing.
Company Has 20 Days to Disclose Details on Data Used for Training the AI System Akshaya Asokan (asokan_akshaya) • March 11, 2024 The Sora response to the prompt “instructional cooking session for homemade gnocchi hosted by a grandmother social media influencer set in a rustic Tuscan country kitchen with cinematic lighting.” The Italian […]
Updated at 5:30pm EST with details about ODNI’s Worldwide Threats Assessment. The top U.S. intelligence agency has revamped its election security team ahead of the 2024 presidential election, a contest multiple national security leaders have warned could be targeted by foreign adversaries using fast-moving attacks. Jessica Brandt, who previously held a variety of prominent research […]
Mar 08, 2024NewsroomInteroperability / Encryption Meta has offered details on how it intends to implement interoperability in WhatsApp and Messenger with third-party messaging services as the Digital Markets Act (DMA) went into effect in the European Union. “This allows users of third-party providers who choose to enable interoperability (interop) to send and receive messages with […]
The FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) have released details on the tactics and techniques threat actors are using to deploy the Phobos ransomware strain on target networks. The advisory is part of an ongoing stop-ransomware effort by the two entities working in collaboration with the Multi-State Information Sharing and Analysis […]
Healthcare , Industry Specific , Standards, Regulations & Compliance 5-Year Plan Details How to Raise the Bar on Health Ecosystem’s Approach to Cyber Marianne Kolbasuk McGee (HealthInfoSec) • February 27, 2024 Healthcare entities are facing a rising tide of cyberthreats. A new five-year plan from the Health Sector Coordinating Council aims to help […]
Morphisec Threat Labs has shared details of a new campaign that used steganography techniques to deliver the Remcos RAT onto the systems of a Ukrainian entity operating in Finland. The campaign, attributed to a hacking group named UAC-0184, used a relatively new IDAT Loader to drop the trojan. Modus operandi According to researchers, the attack […]