InfoSec News 20250206
Top News
-
Hackers spoof Microsoft ADFS login pages to steal credentials
"A help desk phishing campaign targets an organization's Microsoft Active Directory Federation Services (ADFS) using spoofed login pages to steal credentials and bypass multi-factor authentication (MFA) protections."
TLP1 : Green
-
North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials
"The North Korea-linked nation-state hacking group known as Kimsuky has been observed conducting spear-phishing attacks to deliver an information stealer malware named forceCopy, according to new findings from the AhnLab Security Intelligence Center (ASEC)."
TLP1 : Green
-
XE Group: From Credit Card Skimming to Exploiting Zero-Days
"This blog provides an in-depth analysis of XE Group’s recent operations based on a collaborative research effort with Solis Security."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
Spain arrests suspected hacker of US and Spanish military agencies
"The Spanish police have arrested a suspected hacker in Alicante for allegedly conducting 40 cyberattacks targeting critical public and private organizations, including the Guardia Civil, the Ministry of Defense, NATO, the US Army, and various universities."
TLP1 : Green
-
Chinese cyberspies use new SSH backdoor in network device hacks
"A Chinese hacking group is hijacking the SSH daemon on network appliances by injecting malware into the process for persistent access and covert operations."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
Over 1 million Connecticut residents impacted by healthcare data breach
"Over a million people in Connecticut had their personal information compromised in a healthcare data breach."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits
-
New Microsoft script updates Windows media with bootkit malware fixes
"Microsoft has released a PowerShell script to help Windows users and admins update bootable media so it utilizes the new "Windows UEFI CA 2023" certificate before the mitigations of the BlackLotus UEFI bootkit are enforced later this year."
TLP1 : Green
-
AMD fixes bug that lets hackers load malicious microcode patches
"AMD has released mitigation and firmware updates to address a high-severity vulnerability that can be exploited to load malicious CPU microcode on unpatched devices."
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
How hackers target your Active Directory with breached VPN passwords
"As the gateways to corporate networks, VPNs are an attractive target for attackers seeking access to Active Directory environments. And when VPN credentials become compromised — through something as seemingly innocuous as an employee reusing a password — your entire network's security could be at risk."
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
Take my money: OCR crypto stealers in Google Play and App Store
"We found Android and iOS apps, some available in Google Play and the App Store, which were embedded with a malicious SDK/framework for stealing recovery phrases for crypto wallets."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.