Calenderweek 32

New Cybersecurity Threat: Exploiting Microsoft’s Cross-Tenant Synchronization Feature

Attackers are increasingly exploiting Microsoft identities to access both Microsoft and federated SaaS applications. Rather than exploiting vulnerabilities, they use native Microsoft features to achieve their goals. Nobelium, the group linked to the SolarWinds attacks, has been observed using such native functionality, like creating Federated Trusts, for persistent access to Microsoft tenants. This article highlights …

New Cybersecurity Threat: Exploiting Microsoft’s Cross-Tenant Synchronization Feature Read More »

IBM SDK Java Technology Vulnerability Enables Remote Execution of Unauthorized Code

IBM SDK’s Java Technology Edition has identified a critical vulnerability that permits unauthorized code execution due to unsafe deserialization. This flaw, assigned CVE ID CVE-2022-40609, exists in the Object Request Broker (ORB), a middleware component facilitating remote procedure calls (RPC) between networked computers, while maintaining location transparency. The vulnerability, classified as CVE-2022-40609: Unsafe Deserialization Flaw, …

IBM SDK Java Technology Vulnerability Enables Remote Execution of Unauthorized Code Read More »

Major Cyber Attack Targets Numerous Citrix NetScaler ADC and Gateway Servers

Hundreds of Citrix NetScaler ADC and Gateway servers have been breached by malicious actors to deploy web shells, according to the Shadowserver Foundation. The non-profit said the attacks take advantage of CVE-2023-3519, a critical code injection vulnerability that could lead to unauthenticated remote code execution. The flaw, patched by Citrix last month, carries a CVSS …

Major Cyber Attack Targets Numerous Citrix NetScaler ADC and Gateway Servers Read More »

Collide+Power, Downfall, and Inception in Modern CPUs

Cybersecurity experts have recently unveiled a series of side-channel vulnerabilities in modern CPUs that could potentially lead to data breaches. These vulnerabilities are identified as Collide+Power (CVE-2023-20583), Downfall (CVE-2022-40982), and Inception (CVE-2023-20569), following the revelation of Zenbleed (CVE-2023-20593), a separate flaw impacting AMD’s Zen 2 architecture-based processors. Daniel Moghimi, a senior research scientist at Google, …

Collide+Power, Downfall, and Inception in Modern CPUs Read More »

Use of EvilProxy Phishing Kit to Attack Executives

Increasingly, cybercriminals are exploiting a phishing toolkit named EvilProxy for account takeover attacks, especially targeting high-level executives in large companies. Proofpoint reports that from March to June 2023, a campaign using EvilProxy targeted thousands of Microsoft 365 accounts, sending around 120,000 phishing emails to various organizations. Remarkably, 39% of compromised accounts belonged to C-level executives, …

Use of EvilProxy Phishing Kit to Attack Executives Read More »

TargetCompany Ransomware Strikes Again: New Variant and Covert Tools Unveiled

The TargetCompany ransomware, also known as Mallox, Fargo, and Tohnichi, is actively targeting organizations that are running vulnerable SQL servers. Additionally, the TargetCompany ransomware has recently introduced a new variant of malware, along with several malicious tools for maintaining persistence and conducting covert operations, which are rapidly gaining popularity. Researchers at Trend Micro in the …

TargetCompany Ransomware Strikes Again: New Variant and Covert Tools Unveiled Read More »

ETH Zurich Leads Cybersecurity Innovation with New Inception Exploit Discovery

Researchers at ETH Zurich have uncovered a new exploit attack named “Inception,” reminiscent of the 2018 Spectre attack. Identified as CVE-2023-20569, this exploit poses a threat to any AMD Zen CPU by potentially leaking sensitive data. Inception was revealed shortly after the discovery of “Zenbleed,” another critical vulnerability targeting AMD Zen 2 processors. This new …

ETH Zurich Leads Cybersecurity Innovation with New Inception Exploit Discovery Read More »

Cybercriminals Exploit Cloudflare Tunnels to Create Hidden Digital Strongholds

Recent findings indicate that cybercriminals are exploiting Cloudflare Tunnels to create hidden communication paths from hacked systems, maintaining ongoing access. Cloudflared, a command-line tool for Cloudflare Tunnel, is notably similar to ngrok, but offers more free features, including hosting TCP connections. It enables secure links between a web server and Cloudflare, concealing server IP addresses …

Cybercriminals Exploit Cloudflare Tunnels to Create Hidden Digital Strongholds Read More »

Mozilla VPN Client on Linux Exposed to Unauthorized Configuration Changes

A vulnerability in the Mozilla VPN client for Linux allows attackers to modify the VPN configuration of other users without root permissions. The Mozilla VPN client for Linux has a vulnerability that enables any user on a system with the client installed to apply arbitrary VPN configurations due to a flaw in authentication checks. Matthias …

Mozilla VPN Client on Linux Exposed to Unauthorized Configuration Changes Read More »

Scroll to Top