Think, Talk, Hack

Timing is Everything: The Role of Just-in-Time Privileged Access in Security Evolution

To minimize the risk of privilege misuse, a trend in the privileged access management (PAM) solution market involves implementing just-in-time (JIT) privileged access. This approach to privileged identity management aims to mitigate the risks associated with prolonged high-level access by granting privileges temporarily and only when necessary, rather than providing users with continuous high-level privileges. […]

root

Researchers Discover LG Smart TV Vulnerabilities Allowing Root Access

Multiple security vulnerabilities have been disclosed in LG webOS running on its smart televisions that could be exploited to bypass authorization and gain root access on the devices. The findings come from Romanian cybersecurity firm Bitdefender, which discovered and reported the flaws in November 2023. The issues were fixed by LG as part of updates […]

root

Cloudflare Breach: Nation-State Hackers Access Source Code and Internal Docs

Cloudflare has revealed that it was the target of a likely nation-state attack in which the threat actor leveraged stolen credentials to gain unauthorized access to its Atlassian server and ultimately access some documentation and a limited amount of source code. The intrusion, which took place between November 14 and 24, 2023, and detected on […]

root

How To Access Your Photos On iCloud

iCloud can be an easy and secure way to back up photos and videos, but accessing those files across devices may prove challenging. Thank goodness there are multiple ways to access your photos stored on iCloud from an iPhone, iPad, Mac or Windows computer. Apple’s iCloud is a secure cloud-based storage and sharing solution designed […]

root

Russian Hackers Had Covert Access to Ukraine’s Telecom Giant for Months

Ukrainian cybersecurity authorities have disclosed that the Russian state-sponsored threat actor known as Sandworm was inside telecom operator Kyivstar’s systems at least since May 2023. The development was first reported by Reuters. The incident, described as a “powerful hacker attack,” first came to light last month, knocking out access to mobile and internet services for […]

root

Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset

Information stealing malware are actively taking advantage of an undocumented Google OAuth endpoint named MultiLogin to hijack user sessions and allow continuous access to Google services even after a password reset. According to CloudSEK, the critical exploit facilitates session persistence and cookie generation, enabling threat actors to maintain access to a valid session in an […]

root

Lazarus Group Using Log4j Exploits to Deploy Remote Access Trojans

The notorious North Korea-linked threat actor known as the Lazarus Group has been attributed to a new global campaign that involves the opportunistic exploitation of security flaws in Log4j to deploy previously undocumented remote access trojans (RATs) on compromised hosts. Cisco Talos is tracking the activity under the name Operation Blacksmith, noting the use of […]

root

Design Flaw in Google Workspace Could Let Attackers Gain Unauthorized Access

Cybersecurity researchers have detailed a “severe design flaw” in Google Workspace’s domain-wide delegation (DWD) feature that could be exploited by threat actors to facilitate privilege escalation and obtain unauthorized access to Workspace APIs without super admin privileges. “Such exploitation could result in theft of emails from Gmail, data exfiltration from Google Drive, or other unauthorized […]

root

SaaS Security is Now Accessible and Affordable to All

This new product offers SaaS discovery and risk assessment coupled with a free user access review in a unique “freemium” model Securing employees’ SaaS usage is becoming increasingly crucial for most cloud-based organizations. While numerous tools are available to address this need, they often employ different approaches and technologies, leading to unnecessary confusion and complexity. […]

root

Cyber Group ‘Gold Melody’ Selling Compromised Access to Ransomware Attackers

A financially motivated threat actor has been outed as an initial access broker (IAB) that sells access to compromised organizations for other adversaries to conduct follow-on attacks such as ransomware. SecureWorks Counter Threat Unit (CTU) has dubbed the e-crime group Gold Melody, which is also known by the names Prophet Spider (CrowdStrike) and UNC961 (Mandiant). […]

root

MULTI#STORM Campaign Targets India and U.S. with Remote Access Trojans

A new phishing campaign codenamed MULTI#STORM has set its sights on India and the U.S. by leveraging JavaScript files to deliver remote access trojans on compromised systems. “The attack chain ends with the victim machine infected with multiple unique RAT (remote access trojan) malware instances, such as Warzone RAT and Quasar RAT,” Securonix researchers Den […]

root

New GobRAT Remote Access Trojan Targeting Linux Routers in Japan

Linux routers in Japan are the target of a new Golang remote access trojan (RAT) called GobRAT. “Initially, the attacker targets a router whose WEBUI is open to the public, executes scripts possibly by using vulnerabilities, and finally infects the GobRAT,” the JPCERT Coordination Center (JPCERT/CC) said in a report published today. The compromise of […]

root

Iranian Hackers Using SimpleHelp Remote Support Software for Persistent Access

The Iranian threat actor known as MuddyWater is continuing its time-tested tradition of relying on legitimate remote administration tools to commandeer targeted systems. While the nation-state group has previously employed ScreenConnect, RemoteUtilities, and Syncro, a new analysis from Group-IB has revealed the adversary’s use of the SimpleHelp remote support software in June 2022. MuddyWater, active […]

root

Western Digital Network Breach – Hackers Gained Access to Company Servers

Western Digital (WD), a renowned manufacturer of Scandisk drives, has announced a data breach on its network, resulting in unauthorized access to data on multiple systems by attackers. WD is a company based in the United States that specializes in manufacturing computer drives and data storage devices, providing data center systems, and offering customers cloud […]

root

5 best practices for securing identity and access management (IAM) systems

The term “identity and access management,” or “IAM,” refers to a framework of corporate procedures, regulations, and technology that support the management of digital identities to guarantee that users only obtain access to data when they have the right credentials. Identity and access management is abbreviated as “IAM.” In addition to the actual users,  IAM […]

root

New Critical Flaw in FortiOS and FortiProxy Could Give Hackers Remote Access

Fortinet has released fixes to address 15 security flaws, including one critical vulnerability impacting FortiOS and FortiProxy that could enable a threat actor to take control of affected systems. The issue, tracked as CVE-2023-25610, is rated 9.3 out of 10 for severity and was internally discovered and reported by its security teams. “A buffer underwrite […]

root