Tag

Threat Actor

All articles tagged with #threat actor

security3 months ago•7 min saved

US Government Urgently Patches Cisco Vulnerabilities Amid Widespread Cyberattacks

A sophisticated state-sponsored threat actor is actively exploiting multiple zero-day vulnerabilities in Cisco ASA and FTD software, primarily targeting government networks worldwide for data exfiltration. Cisco has issued advisories and software updates to address these critical vulnerabilities, which allow remote code execution and data theft. The vulnerabilities are being exploited with advanced evasion techniques, posing significant risks to organizations, especially those with internet-facing edge devices. Authorities like CISA and NCSC have issued mitigation directives and analyzed malware used in these attacks.

via Palo Alto Networks|

#active-exploitation #cisco-asa #cybersecurity

cybersecurity1 year ago•3 min saved

"Palo Alto Networks Faces Zero-Day Backdoor Exploitation"

Threat actors have been exploiting a zero-day vulnerability in Palo Alto Networks PAN-OS software to execute arbitrary code with root privileges on affected firewalls. The attack, known as Operation MidnightEclipse, involves the deployment of a Python-based backdoor to create a cron job that fetches and executes commands from an external server. The attackers have been observed creating a reverse shell, downloading additional tools, and exfiltrating data, prompting the U.S. Cybersecurity and Infrastructure Security Agency to add the flaw to its Known Exploited Vulnerabilities catalog. Organizations are advised to apply patches promptly, as the threat actor, dubbed UTA0218, is suspected to be state-backed and highly capable.

via The Hacker News|

#cve-2024-3400 #cybersecurity #palo-alto-networks

cybersecurity1 year ago•1 min saved

"Rapid Deployment of Custom Linux Malware via 1-Day Exploits by Magnet Goblin Hacker Group"

A financially motivated threat actor known as Magnet Goblin is exploiting known vulnerabilities to target public-facing services and deliver custom malware to unpatched Windows and Linux systems, including recently discovered Ivanti Connect Secure VPN flaws. The group deploys custom Windows and Linux malware, such as NerbianRAT and MiniNerbian, and leverages legitimate remote monitoring and management tools. Researchers have observed the group's quick adoption of 1-day vulnerabilities to deliver their custom Linux malware, targeting areas that have been left unprotected.

via Help Net Security|

#1-day-vulnerabilities #custom-malware #cybersecurity

cybersecurity1 year ago•1 min saved

Magnet Goblin Group Exploits 1-Day Vulnerabilities to Deploy Custom Linux Malware

The financially motivated threat actor group Magnet Goblin is rapidly incorporating one-day security vulnerabilities to breach edge devices and public-facing services, deploying the Nerbian RAT and MiniNerbian on compromised hosts. Their attacks have targeted unpatched Ivanti Connect Secure VPN, Magento, Qlik Sense, and possibly Apache ActiveMQ servers, with the group active since at least January 2022. The deployed malware allows for execution of arbitrary commands and exfiltration of results to a command-and-control server, with the group also utilizing tools such as WARPWIRE JavaScript credential stealer, Ligolo tunneling software, and legitimate remote desktop offerings.

via The Hacker News|

#1-day-exploits #cybersecurity #endpoint-security

cyber-attack-data-breach2 years ago•2 min saved

Okta Reveals Wider Fallout from October 2023 Support System Hack

Okta has revealed that the October 2023 breach of its support case management system had a broader impact than initially reported. The threat actor downloaded the names and email addresses of all Okta customer support system users, affecting all Okta Workforce Identity Cloud (WIC) and Customer Identity Solution (CIS) customers except those in separate support systems. Additionally, reports containing contact information of Okta certified users, some CIC customers, and unspecified employee information were accessed. However, no user credentials or sensitive personal data were compromised. Okta has notified customers of potential phishing risks and implemented new security features. The identity of the threat actors is unknown, but a cybercrime group called Scattered Spider has targeted Okta in the past.

via The Hacker News|

#customer-information #cyber-attack-data-breach #data-breach

cyber-threat-vulnerability2 years ago•1 min saved

Cisco Devices Hacked with Evading Backdoor Implant and Zero-Day Exploits

The backdoor implant on hacked Cisco devices, which exploited zero-day flaws in IOS XE software, has been modified by the threat actor to evade detection. The implant now only responds if the correct Authorization HTTP header is set, making it harder to detect. Cisco has started rolling out security updates to address the issues, but the exact identity of the threat actor is unknown. The number of compromised devices has decreased from 40,000 to a few hundred, possibly due to under-the-hood changes. Over 37,000 devices are still observed to be compromised.

via The Hacker News|

#backdoor-implant #cisco #cyber-threat-vulnerability