Contact/Tip UsFollow Us On Social MediaA threat actor associated with the LockBit 3.0 ransomware-as-a-service (RaaS) operation has been observed abusing the Windows Defender command-line tool to decrypt and load Cobalt Strike payloads.According to a report published by SentinelOne last week, the incident occurred after obtaining initial access via the against an unpatched VMware Horizon Server."Once initial access had been achieved, the threat actors performed a series of enumeration commands and attempted to run multiple post-exploitation tools, including Meterpreter, PowerShell Empire,...…Contact/Tip UsFollow Us On Social MediaA threat actor associated with the LockBit 3.0 ransomware-as-a-service (RaaS) operation has been observed abusing the Windows Defender command-line tool to decrypt and load Cobalt Strike payloads.According to a report published by SentinelOne last week, the incident occurred after obtaining initial access via the against an unpatched VMware Horizon Server."Once initial access had been achieved, the threat actors performed a series of enumeration commands and attempted to run multiple post-exploitation tools, including Meterpreter, PowerShell Empire,...WW…

Contact/Tip UsFollow Us On Social MediaSecurity researchers have discovered a new vulnerability called ParseThru affecting Golang-based applications that could be abused to gain unauthorized access to cloud-based applications."The newly discovered vulnerability allows a threat actor to bypass validations under certain conditions, as a result of the use of unsafe URL parsing methods built in the language," Israeli cybersecurity firm Oxeye said in a shared with The Hacker News.The issue, at its core, has to do with inconsistencies stemming from changes introduced to Golang's URL parsing...…Contact/Tip UsFollow Us On Social MediaSecurity researchers have discovered a new vulnerability called ParseThru affecting Golang-based applications that could be abused to gain unauthorized access to cloud-based applications."The newly discovered vulnerability allows a threat actor to bypass validations under certain conditions, as a result of the use of unsafe URL parsing methods built in the language," Israeli cybersecurity firm Oxeye said in a shared with The Hacker News.The issue, at its core, has to do with inconsistencies stemming from changes introduced to Golang's URL parsing...WW…

Contact/Tip UsFollow Us On Social MediaResearchers have disclosed a new offensive framework referred to as Manjusaka that they call is a "Chinese sibling of Sliver and Cobalt Strike.""A fully functional version of the command-and-control (C2), written in Golang with a User Interface in Simplified Chinese, is freely available and can generate new implants with custom configurations with ease, increasing the likelihood of wider adoption of this framework by malicious actors," Cisco Talos in a new report.and are legitimate adversary emulation frameworks that have been repurposed by threat...…Contact/Tip UsFollow Us On Social MediaResearchers have disclosed a new offensive framework referred to as Manjusaka that they call is a "Chinese sibling of Sliver and Cobalt Strike.""A fully functional version of the command-and-control (C2), written in Golang with a User Interface in Simplified Chinese, is freely available and can generate new implants with custom configurations with ease, increasing the likelihood of wider adoption of this framework by malicious actors," Cisco Talos in a new report.and are legitimate adversary emulation frameworks that have been repurposed by threat...WW…

Contact/Tip UsFollow Us On Social MediaVirtualization services provider VMware on Tuesday shipped updates to affecting multiple products that could be abused by unauthenticated attackers to perform malicious actions.The issues, tracked from CVE-2022-31656 through CVE-2022-31665 (CVSS scores: 4.7 - 9.8), impact VMware Workspace ONE Access, Workspace ONE Access Connector, Identity Manager, Identity Manager Connector, vRealize Automation, Cloud Foundation, and vRealize Suite Lifecycle Manager.The most severe of the flaws is CVE-2022-31656 (CVSS score: 9.8), an authentication bypass...…Contact/Tip UsFollow Us On Social MediaVirtualization services provider VMware on Tuesday shipped updates to affecting multiple products that could be abused by unauthenticated attackers to perform malicious actions.The issues, tracked from CVE-2022-31656 through CVE-2022-31665 (CVSS scores: 4.7 - 9.8), impact VMware Workspace ONE Access, Workspace ONE Access Connector, Identity Manager, Identity Manager Connector, vRealize Automation, Cloud Foundation, and vRealize Suite Lifecycle Manager.The most severe of the flaws is CVE-2022-31656 (CVSS score: 9.8), an authentication bypass...WW…

Contact/Tip UsFollow Us On Social MediaA new, large-scale phishing campaign has been observed using adversary-in-the-middle (AitM) techniques to get around security protections and compromise enterprise email accounts."It uses an adversary-in-the-middle (AitM) attack technique capable of bypassing multi-factor authentication," Zscaler researchers Sudeep Singh and Jagadeeswar Ramanukolanu in a Tuesday report. "The campaign is specifically designed to reach end users in enterprises that use Microsoft's email services."Prominent targets include fintech, lending, insurance, energy,...…Contact/Tip UsFollow Us On Social MediaA new, large-scale phishing campaign has been observed using adversary-in-the-middle (AitM) techniques to get around security protections and compromise enterprise email accounts."It uses an adversary-in-the-middle (AitM) attack technique capable of bypassing multi-factor authentication," Zscaler researchers Sudeep Singh and Jagadeeswar Ramanukolanu in a Tuesday report. "The campaign is specifically designed to reach end users in enterprises that use Microsoft's email services."Prominent targets include fintech, lending, insurance, energy,...WW…

Contact/Tip UsFollow Us On Social MediaThreat actors are increasingly mimicking legitimate applications like Skype, Adobe Reader, and VLC Player as a means to abuse trust relationships and increase the likelihood of a successful social engineering attack.Other most impersonated legitimate apps by icon include 7-Zip, TeamViewer, CCleaner, Microsoft Edge, Steam, Zoom, and WhatsApp, an analysis from VirusTotal has revealed."One of the simplest social engineering tricks we've seen involves making a malware sample seem a legitimate program," VirusTotal in a Tuesday report. "The icon of these...…Contact/Tip UsFollow Us On Social MediaThreat actors are increasingly mimicking legitimate applications like Skype, Adobe Reader, and VLC Player as a means to abuse trust relationships and increase the likelihood of a successful social engineering attack.Other most impersonated legitimate apps by icon include 7-Zip, TeamViewer, CCleaner, Microsoft Edge, Steam, Zoom, and WhatsApp, an analysis from VirusTotal has revealed."One of the simplest social engineering tricks we've seen involves making a malware sample seem a legitimate program," VirusTotal in a Tuesday report. "The icon of these...WW…

Contact/Tip UsFollow Us On Social MediaA late-stage candidate encryption algorithm that was meant to withstand decryption by powerful quantum computers in the future has been trivially cracked by using a computer running Intel Xeon CPU in an hour's time.The algorithm in question is SIKE — short for Supersingular Isogeny Key Encapsulation — which made it to the of the Post-Quantum Cryptography (PQC) standardization process initiated by the U.S. Department of Commerce's National Institute of Standards and Technology (NIST)."Ran on a single core, the appended breaks the Microsoft $IKEp182...…Contact/Tip UsFollow Us On Social MediaA late-stage candidate encryption algorithm that was meant to withstand decryption by powerful quantum computers in the future has been trivially cracked by using a computer running Intel Xeon CPU in an hour's time.The algorithm in question is SIKE — short for Supersingular Isogeny Key Encapsulation — which made it to the of the Post-Quantum Cryptography (PQC) standardization process initiated by the U.S. Department of Commerce's National Institute of Standards and Technology (NIST)."Ran on a single core, the appended breaks the Microsoft $IKEp182...WW…

Contact/Tip UsFollow Us On Social MediaResearchers have uncovered a list of 3,207 mobile apps that are exposing Twitter API keys in the clear, some of which can be utilized to gain unauthorized access to Twitter accounts associated with them.The takeover is made possible, thanks to a leak of legitimate Consumer Key and Consumer Secret information, respectively, Singapore-based cybersecurity firm exclusively shared with The Hacker News."Out of 3,207, 230 apps are leaking all four authentication credentials and can be used to fully take over their Twitter Accounts and can perform any...…Contact/Tip UsFollow Us On Social MediaResearchers have uncovered a list of 3,207 mobile apps that are exposing Twitter API keys in the clear, some of which can be utilized to gain unauthorized access to Twitter accounts associated with them.The takeover is made possible, thanks to a leak of legitimate Consumer Key and Consumer Secret information, respectively, Singapore-based cybersecurity firm exclusively shared with The Hacker News."Out of 3,207, 230 apps are leaking all four authentication credentials and can be used to fully take over their Twitter Accounts and can perform any...WW…

Contact/Tip UsFollow Us On Social MediaIf you haven't recently updated your Chrome, Opera, or Edge web browser to the latest available version, it would be an excellent idea to do so as quickly as possible.Cybersecurity researchers on Monday disclosed details about a in Chromium-based web browsers for Windows, Mac and Android that could have allowed attackers to entirely bypass Content Security Policy (CSP) rules since Chrome 73.Tracked as (rated 6.5 on the CVSS scale), the issue stems from a CSP bypass that results in arbitrary execution of malicious code on target websites.According to...…Contact/Tip UsFollow Us On Social MediaIf you haven't recently updated your Chrome, Opera, or Edge web browser to the latest available version, it would be an excellent idea to do so as quickly as possible.Cybersecurity researchers on Monday disclosed details about a in Chromium-based web browsers for Windows, Mac and Android that could have allowed attackers to entirely bypass Content Security Policy (CSP) rules since Chrome 73.Tracked as (rated 6.5 on the CVSS scale), the issue stems from a CSP bypass that results in arbitrary execution of malicious code on target websites.According to...WW…