A recent phishing campaign has come to light, actively distributing remote access trojans (RATs) dubbed VCURMS and STRRAT through a malicious Java-based downloader. This attempt highlights a troubling trend in cybercrime, where attackers strategically utilize accessible cloud platforms, such as Amazon Web Services and GitHub, to host malicious content while…
Increasingly sophisticated phishing-as-a-service (PhaaS) toolkits, particularly one known as EvilProxy, are being employed by threat actors to execute account takeover attacks targeting senior executives within major corporations. This trend underscores a growing vulnerability among high-ranking officials in the corporate landscape, particularly as the proliferation of remote work and digital transactions…
GitGuardian’s 2024 Report Highlights Significant Security Concerns in Open Source Repositories GitGuardian, a notable player in the cybersecurity industry, has released its annual report titled the "State of Secrets Sprawl." The 2023 edition revealed a staggering number of over 10 million exposed credentials, including passwords and API keys, discovered within…
Title: LUCR-3 Threat Actor Targets Fortune 2000 Companies Through Identity Provider Exploitation A recent analysis has unveiled the activities of a financially motivated threat actor known as LUCR-3, which has been linked to a series of cyberattacks targeting high-profile organizations across various sectors. This actor exploits vulnerabilities within Identity Providers…
GitHub has recently implemented critical fixes to address a severe security vulnerability in its GitHub Enterprise Server (GHES), potentially allowing attackers to circumvent authentication safeguards. This issue, rated at the maximum severity level and tracked as CVE-2024-4985, carries a CVSS score of 10.0, indicating a high level of risk for…
The Increasing Importance of Securing SaaS Data Backups In today’s digital landscape, discussions about data security often center around three pivotal concerns: protecting data stored in on-premises systems or the cloud, identifying reliable strategies and tools for backing up and restoring data, and assessing the financial and operational impacts of…
The Importance of Effective Offboarding Practices in Mitigating Insider Risks A recent analysis by Wing Security has revealed a concerning trend in corporate data security: approximately 63% of businesses might have former employees still authorized to access sensitive organizational data. This statistic underscores the pressing need for businesses to automate…
New Trends in Cyber Security: The Rising Threat of Non-Human Access As we navigate through 2023, numerous cyber attacks have highlighted a disturbing trend: non-human access is becoming a prevalent attack vector that poses significant security risks to organizations. Recent reports indicate that there have been "11 high-profile attacks in…
Stargazer Goblin Exploits GitHub for Malware Distribution An ongoing cyber threat has emerged from a group known as Stargazer Goblin, which has established an extensive network of fraudulent GitHub accounts for the distribution of various types of information-stealing malware. Over the past year, this operation is estimated to have generated…
