Snowflake Warns: Targeted Credential Theft Campaign Hits Cloud Customers

Cloud computing and analytics company Snowflake said a "limited number" of its customers have been singled out as part of a targeted campaign. "We have not identified evidence suggesting this activity was caused by a vulnerability, misconfiguration, or breach of Snowflake's platform," the company...

Talos IR trends: BEC attacks surge, while weaknesses in MFA persist

Business email compromise BEC was the top threat observed by Cisco Talos Incident Response Talos IR in the first quarter of 2024, accounting for nearly half of engagements, which is more than double what was observed in the previous quarter. The most observed means of gaining initial access was t...

E-Root Marketplace Admin Sentenced to 42 Months for Selling 350K Stolen Credentials

A 31-year-old Moldovan national has been sentenced to 42 months in prison in the U.S. for operating an illicit marketplace called E-Root Marketplace that offered for sale hundreds of thousands of compromised credentials, the Department of Justice DoJ announced. Sandu Boris Diaconu was charged wit...

Report Uncovers Massive Sale of Compromised ChatGPT Credentials

By Deeba Ahmed Group-IB Report Warns of Evolving Cyber Threats Including AI and macOS Vulnerabilities and Ransomware Attacks. This is a post from HackRead.com Read the original post: Report Uncovers Massive Sale of Compromised ChatGPT Credentials...

Over 225,000 Compromised ChatGPT Credentials Up for Sale on Dark Web Markets

More than 225,000 logs containing compromised OpenAI ChatGPT credentials were made available for sale on underground markets between January and October 2023, new findings from Group-IB show. These credentials were found within information stealer logs associated with LummaC2, Raccoon, and RedLin...

CVE-2023-5719

The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent % character, invalid values will be included, potentially truncating...

Design/Logic Flaw

The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent % character, invalid values will be included, potentially truncating...

Think Your MFA and PAM Solutions Protect You? Think Again

When you roll out a security product, you assume it will fulfill its purpose. Unfortunately, however, this often turns out not to be the case. A new report, produced by Osterman Research and commissioned by Silverfort, reveals that MFA Multi-Factor Authentication and PAM Privileged Access...

It's a Zero-day? It's Malware? No! It's Username and Password

As cyber threats continue to evolve, adversaries are deploying a range of tools to breach security defenses and compromise sensitive data. Surprisingly, one of the most potent weapons in their arsenal is not malicious code but simply stolen or weak usernames and passwords. This article explores t...

Incident Response trends Q2 2023: Data theft extortion rises, while healthcare is still most-targeted vertical

Cisco Talos Incident Response Talos IR responded to a growing number of data theft extortion incidents that did not involve encrypting files or deploying ransomware, a 25 percent increase since last quarter and the most-observed threat in the second quarter of 2023. In this type of attack, threat...

Cryptojacking: Understanding and defending against cloud compute resource abuse

In cloud environments, cryptojacking – a type of cyberattack that uses computing power to mine cryptocurrency – takes the form of cloud compute resource abuse, which involves a threat actor compromising legitimate tenants. Cloud compute resource abuse could result in financial loss to targeted...

Over 100,000 Stolen ChatGPT Account Credentials Sold on Dark Web Marketplaces

Over 101,100 compromised OpenAI ChatGPT account credentials have found their way on illicit dark web marketplaces between June 2022 and May 2023, with India alone accounting for 12,632 stolen credentials. The credentials were discovered within information stealer logs made available for sale on t...

GUI-Vil Threat Group Exploits AWS for Crypto Mining

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary GUI-Vil p0-LUCR-1, an Indonesian threat group, conducts unauthorized cryptocurrency mining using personalized infiltration tactics. They exploit AWS, leveraging compromised credentials and vulnerabilitie...

CISA updates ransomware guidance

The Cybersecurity and Infrastructure Security Agency CISA has updated its StopRansomware guide to account for the fact that ransomware actors have accelerated their tactics and techniques since the original guide was released in September of 2020. The StopRansomware guide is set up as a one-stop...

Dr. Active Directory vs. Mr. Exposed Attack Surface: Who'll Win This Fight?

Active Directory AD is among the oldest pieces of software still used in the production environment and can be found in most organizations today. This is despite the fact that its historical security gaps have never been amended. For example, because of its inability to apply any security measure...

Dr. Active Directory vs. Mr. Exposed Attack Surface: Who'll Win This Fight?

Active Directory AD is among the oldest pieces of software still used in the production environment and can be found in most organizations today. This is despite the fact that its historical security gaps have never been amended. For example, because of its inability to apply any security measure...

MERCURY and DEV-1084: Destructive attack on hybrid environment

April 2023 update – Microsoft Threat Intelligence has shifted to a new threat actor naming taxonomy aligned around the theme of weather. MERCURY is now tracked as Mango Sandstorm and DEV-1084 is now tracked as Storm-1084. To learn more about the new taxonomy represents the origin, unique traits,...

PureCrypter Malware Targets Government Entities in Asia-Pacific and North America

Government entities in Asia-Pacific and North America are being targeted by an unknown threat actor with an off-the-shelf malware downloader known as PureCrypter to deliver an array of information stealers and ransomware. "The PureCrypter campaign uses the domain of a compromised non-profit...

#StopRansomware: Cuba Ransomware

Summary Actions to take today to mitigate cyber threats from ransomware: • Prioritize remediating known exploited vulnerabilities. • Train users to recognize and report phishing attempts. • Enable and enforce phishing-resistant multifactor authentication. Note: This joint Cybersecurity Advisory C...

Weak Security Controls and Practices Routinely Exploited for Initial Access

Summary Best Practices to Protect Your Systems: • Control access. • Harden Credentials. • Establish centralized log management. • Use antivirus solutions. • Employ detection tools. • Operate services exposed on internet-accessible hosts with secure configurations. • Keep software updated. Cyber...