A North Korean threat actor has been found exploiting a zero-day vulnerability in Chromium, now designated as CVE-2024-7971. The exploit, which enables remote code execution (RCE), is being attributed with high confidence to a North Korean group known as Citrine Sleet. The actor primarily targets the cryptocurrency sector for financial gain. Microsoft’s ongoing analysis has linked the observed exploitation of CVE-2024-7971 to Citrine Sleet. The threat actor has previously been associated with other North Korean groups, including Diamond Sleet, which shares tools and infrastructure with Citrine Sleet. The FudModule rootkit, which has been deployed in this attack, has also been…
Author: ISB Staff Reporter
RansomHub, previously known as Cyclops and Knight, has quickly gained traction, targeting over 210 victims across US critical infrastructure sectors. This ransomware-as-a-service (RaaS) model has been active since February 2024. These include water and wastewater, information technology, government services and facilities, healthcare and public health, emergency services, food and agriculture, financial services, commercial facilities, critical manufacturing, transportation, and communications critical infrastructure sectors. This was revealed in a new joint Cybersecurity Advisory that was issued by the FBI, CISA, MS-ISAC, and the Department of Health and Human Services. This advisory is part of the broader #StopRansomware campaign, which aims to protect…
Users in the Middle East are being targeted by sophisticated threat actors deploying malware disguised as the Palo Alto GlobalProtect tool, Trend Micro has revealed. The malware employs a two-stage infection process, leveraging advanced command-and-control (C&C) infrastructure to evade detection and maintain persistent access to compromised systems. The infection begins with a malicious setup.exe file, which initiates contact with specific hostnames to report infection progress and collect victim data. The malware uses the Interactsh project, a tool originally intended for penetration testing for beaconing purposes. This allows the attackers to monitor which targets advance through the infection chain, further enhancing…
The FBI needs to improve its handling of electronic media designated for destruction at its facilities, according to a scathing audit from the Justice Department’s Inspector General, released publicly last week. . The memo, issued by DOJ Inspector General Michael Horowitz, highlights that the bureau is failing to properly label and track internal hard drives containing sensitive and top-secret national security information once they are removed from computers and servers. Storage devices containing sensitive information, including national security data, Foreign Intelligence Surveillance Act (FISA) material, and documents classified as Secret, were often improperly labeled or not labeled at all, heightening…
In June 2024, cybersecurity researchers from Kaspersky identified a new macOS version of the HZ Rat backdoor, marking the first time this malware has been observed targeting macOS users. The backdoor was found attacking users of the enterprise messaging platform DingTalk and the popular social network WeChat. This development follows previous discoveries of the HZ Rat backdoor targeting Windows systems. First detected in late 2022 by DCSO researchers, the HZ Rat backdoor is known for receiving commands from attackers, initially via PowerShell scripts on Windows. The newly discovered macOS variant behaves similarly but receives payloads as shell scripts from a…
The number of successful cyber attacks on UK law firms has soared by 77% over the past year, rising from 538 incidents to 954, according to a recent study. The increase is attributed to the lucrative nature of law firms as targets for cybercriminals, particularly for ransomware attacks and blackmail attempts. Malefactors will often demand a blackmail payment from law firms or threaten to post that sensitive data on the internet. In some instances, bad actors also lock firms out of their data until a ransom is paid Lubbock Fine partner Mark Turner emphasized the appeal of law firms to…
Nearly 32 million documents, including invoices, contracts, and agreements, were exposed online by ServiceBridge, a global field service management provider. Cybersecurity researcher Jeremiah Fowler made the discovery, reporting the unprotected database to WebsitePlanet. The database contained 31.5 million records, including sensitive business and personal information from companies around the world. The exposed database, which was not password-protected, contained 31,524,107 files with a total size of 2.68 terabytes. The files, primarily in PDF and HTML formats, were organized by year and month, dating back to 2012. The documents included contracts, work orders, invoices, proposals, and other business-related records from a diverse…
Seattle-Tacoma International Airport (SEA-TAC) appears to have been targeted by a cyberattack, with critical systems experiencing widespread internet outages for the third consecutive day, according to officials from the Port of Seattle. The disruptions, which began early on Saturday, have affected several systems, including the Port of Seattle’s websites, email, and phone services. In a social media post on Saturday, the airport stated: “Earlier [Saturday] morning, the Port of Seattle experienced certain system outages indicating a possible cyberattack. By Sunday, airport officials confirmed their belief that a cyberattack is responsible for the ongoing disruption, prompting efforts to restore operations while…
Stroz Friedberg, a risk management firm under Aon, has identified a sophisticated malware strain targeting Linux systems. Dubbed “sedexp,” the malware exploits udev rules to maintain persistence and evade detection. According to researchers Zachary Reichert, Daniel Stein, and Joshua Pivirotto, “This advanced threat, active since 2022, hides in plain sight while providing attackers with reverse shell capabilities and advanced concealment tactics.” Discovery and Background The stealthy malware leverages a little-known Linux persistence technique involving udev rules. Despite being in operation for at least a couple of years, it has remained undetected, with multiple instances found in online sandboxes showing zero…
Prism Infosec, an independent cybersecurity consultancy,has introduced PULSE testing service. The service aims to help entities that may not have the resources to dedicate to a full-scale red team exercise and assess their defense capabilities against real-world threats. The company says PULSE fills the gap between penetration testing and red teaming, offering a fast and thorough testing approach to help organizations better understand their security posture. Penetration Tests are contained evaluations that assess security boundaries and controls of distinct systems that excel at the analysis of specific vulnerabilities contained to specific control planes of individual systems. In contrast, red teaming…
