"Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset"

"Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset"

Malware that steals information is exploiting an undocumented Google OAuth endpoint called MultiLogin to hijack user sessions and enable continuous access to Google services even if a password is reset. According to researchers at CloudSEK, the critical exploit helps with session persistence and cookie generation, thus allowing threat actors to maintain unauthorized access to a valid session. PRISMA, a threat actor, first revealed the technique on their Telegram channel on October 20, 2023.

Submitted by Gregory Rigby on

"Understanding the Escalating Threat of Web DDoS Tsunami Attacks"

"Understanding the Escalating Threat of Web DDoS Tsunami Attacks"

According to Uri Dorot, senior security solutions lead at Radware, a new breed of destructive Distributed Denial-of-Service (DDoS) attacks, called the Web DDoS Tsunami, is causing significant problems worldwide. These attacks are unsatisfied with intense bursts of simple pings or flooding ports at layer 3 or 4. Instead, they are increasing the volume and intensity. In order to further understand Web DDoS Tsunami attacks, it is important to consider four basic dimensions: attack volume, attack duration, botnet type, and the type of attack transactions.

Submitted by Gregory Rigby on

"Hackers Use LinkedIn to Target UK Nuclear Waste Firm"

"Hackers Use LinkedIn to Target UK Nuclear Waste Firm"

According to The Guardian, cybercriminals have targeted Radioactive Waste Management (RWM) through a spear phishing campaign involving LinkedIn. Accounts for RWM filed at Companies House show that cybercriminals have targeted the organization through the use of popular social network platforms to trick employees and other methods. RWM, which is a part of Nuclear Waste Services (NWS), revealed a recent increase in attacks, thus raising concerns about hackers gaining access to highly sensitive materials.

Submitted by Gregory Rigby on

"Hacktivists Shut Down Top State-Owned Belarusian News Agency"

"Hacktivists Shut Down Top State-Owned Belarusian News Agency"

The Belarusian Cyber-Partisans hacktivist group shut down the country's leading state-owned media outlet, the Belarusian Telegraph Agency (BelTA), claiming to have wiped the news organization's website servers and backups. The group said it infiltrated BeITA's internal network, wiping workstations, archives, and more. BelTA is the country's largest news organization, which was created nearly a decade ago by the authoritarian regime and contains content in Belarusian, Russian, English, German, Spanish, Polish, and Chinese languages.

Submitted by Gregory Rigby on

"Hackers Employ Nuanced Tactics to Evade Detection"

"Hackers Employ Nuanced Tactics to Evade Detection"

According to Cequence Security, the months that lead up to the 2023 holidays revealed a shift in threat actors' tactics, techniques, and procedures (TTPs) against major retailers. Attackers demonstrated their sophistication, persistence, and careful planning. Gift card fraud increased by 110 percent in the second half of 2023 alone, while scraping, loyalty card fraud, and payment card fraud increased by a combined average of over 700 percent.

Submitted by Gregory Rigby on

"Nearly a Million People Exposed After Ambulance Service Attack"

"Nearly a Million People Exposed After Ambulance Service Attack"

A ransomware attack on Fallon Ambulance Services, a now-defunct subsidiary of Transformative Healthcare, exposed nearly a million people. According to Transformative Healthcare's breach notification, the attackers were in the company's systems from late February 2023 to late April 2023. The ALPHV/BlackCat ransomware group claimed responsibility for the attack on the healthcare services provider. They claim to have exported a terabyte of data from the company, including medical reports, paramedics reports, patient details, and other sensitive information.

Submitted by Gregory Rigby on

"Attackers Chain Two Google Kubernetes Engine Bugs to Escalate Privileges"

"Attackers Chain Two Google Kubernetes Engine Bugs to Escalate Privileges"

Attackers with access to a Kubernetes cluster could exploit two vulnerabilities in the Google Kubernetes Engine (GKE) to escalate their privileges. According to Palo Alto Networks' Unit 42 research team, attackers can use this access to steal data, deploy malicious pods, and disrupt cluster operations. The first flaw is the default configuration of GKE's logging agent, FluentBit, which runs on all Kubernetes clusters by default. The second flaw is the Anthos Service Mesh (ASM) default privileges.

Submitted by Gregory Rigby on

"CHI Memorial's Data Breach: What Patients Need to Know"

"CHI Memorial's Data Breach: What Patients Need to Know"

Recently, CHI Memorial released new details about the scope of the breach that impacted them and how it could affect patients.  CHI Memorial says that some patient information may be at risk, including name, address, date of birth, some clinical information, patient ID number, and health insurance information.  An investigation revealed that the breach happened on May 30th of last year. 

 

Submitted by Adam Ekwall on

"Terrapin Attack Allows to Downgrade SSH Protocol Security"

"Terrapin Attack Allows to Downgrade SSH Protocol Security"

Ruhr University Bochum security researchers discovered Terrapin, a vulnerability tracked as CVE-2023-48795 with a CVSS score of 5.9, in the Secure Shell (SSH) cryptographic network protocol. The exploitation of the flaw allows an attacker to downgrade the connection's security. Terrapin is a prefix truncation attack that compromises the integrity of SSH's secure channel.

Submitted by Gregory Rigby on

"New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections"

"New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections"

According to researchers at Security Joes, there is a new variant of the Dynamic Link Library (DLL) search order hijacking technique that threat actors could use to evade security mechanisms and execute malicious code on Microsoft Windows 10 and Windows 11 systems. The approach involves executables commonly found in the trusted WinSxS folder and exploits them using the classic DLL search order hijacking technique. Through this method, malicious actors can avoid the need for elevated privileges when trying to run malicious code on a compromised machine.

Submitted by Gregory Rigby on
Subscribe to