Cybersec Sentinel

Privileged Access Tools Are Not Enough to Secure Your Systems

Privileged Access Tools Are Not Enough to Secure Your Systems

Privileged accounts form the backbone of IT systems, granting elevated access to critical resources and sensitive data. Tools such as Entra ID Privileged Identity Management (PIM), CyberArk, BeyondTrust, and Delinea (formerly Thycotic) are essential components of Privileged Access Management (PAM), offering capabilities like password vaulting, session monitoring, and just-in-time (JIT)

GNU Wget Exposed by Malicious URI Handling in CVE-2024-38428

GNU Wget Exposed by Malicious URI Handling in CVE-2024-38428

Threat Group: N/A Threat Type: Software Vulnerability Exploited Vulnerabilities: CVE-2024-38428 Malware Used: N/A Threat Score: High (9.1/10) — Critical vulnerability due to potential for sensitive data exposure, phishing, and man-in-the-middle (MiTM) attacks. Last Threat Observation: June 2, 2024, fix commit pushed; vulnerability classified in August 2024. Overview

BabbleLoader Exploits Fake Software Downloads to Spread Information Stealers

BabbleLoader Exploits Fake Software Downloads to Spread Information Stealers

Threat Group: Unknown Threat Type: Malware Loader Exploited Vulnerabilities: None identified; utilizes evasion techniques Malware Used: BabbleLoader Threat Score: High (8.5/10) — Due to its advanced evasion capabilities, sophisticated delivery mechanisms, and ability to facilitate various malware payloads. Last Threat Observation: November 19, 2024. Overview BabbleLoader is a newly

Palo Alto Confirms Ongoing Exploits Against PAN OS Management Interfaces

Palo Alto Confirms Ongoing Exploits Against PAN OS Management Interfaces

Threat Group: Unknown Threat Type: Remote Code Execution (RCE) Vulnerability Exploited Vulnerabilities: PAN-OS Firewall Management Interface Malware Used: Web Shells Threat Score: High (9.3/10) — Due to the critical nature of the vulnerability allowing unauthenticated remote command execution. Last Threat Observation: November 16, 2024. Overview Palo Alto Networks has

Vietnamese Hackers Use Python Based PXA Stealer for Sensitive Data Theft

Vietnamese Hackers Use Python Based PXA Stealer for Sensitive Data Theft

Threat Group: Vietnamese-speaking threat actors (linked to CoralRaider and Lone None) Threat Type: Information Stealer Exploited Vulnerabilities: Targets sensitive data including credentials, VPNs, FTP clients, browser cookies, and gaming platforms Malware Used: PXA Stealer Threat Score: High (9.0/10) — Comprehensive data theft capabilities and strong targeting focus on government

Iranian Hackers Deploy WezRat in Targeted Phishing Campaigns

Iranian Hackers Deploy WezRat in Targeted Phishing Campaigns

Threat Group: - Emennet Pasargad (Cotton Sandstorm) Threat Type: - Remote Access Trojan (RAT) / Infostealer Exploited Vulnerabilities: - Social engineering through phishing campaigns Malware Used: - WezRat Threat Score: - High (8.5/10) — Due to its modular design, advanced espionage capabilities, and targeted nature. Last Threat Observation: - November

HawkEye Malware Continues to Threaten Organizations with Advanced Evasion

HawkEye Malware Continues to Threaten Organizations with Advanced Evasion

Threat Group: Various Cybercriminal Actors Threat Type: Information-Stealing Malware Exploited Vulnerabilities: Primarily delivered via phishing emails and "free" software disguised as malware; also targets vulnerabilities in Microsoft Office to execute malicious code. Malware Used: HawkEye, also known as PredatorPain Threat Score: High (8.5/10) — Given its long

Iranian Hackers Use GitHub and Phishing to Evade Detection in SnailResin Attack

Iranian Hackers Use GitHub and Phishing to Evade Detection in SnailResin Attack

Threat Group: Smoke Sandstorm (also tracked as TA455) Threat Type: Trojan Loader Exploited Vulnerabilities: Phishing and social engineering tactics Malware Used: SnailResin (loader), SlugResin (backdoor) Threat Score: High (8.5/10) — Due to advanced delivery techniques, cross-industry targeting, and evasive C2 methods Last Threat Observation: November 14, 2024. Overview The

Bitter APT Resumes Operations with Newly Identified Indicators

Bitter APT Resumes Operations with Newly Identified Indicators

Threat Group: - Bitter APT (also known as APT-17 or "DeputyDog") Threat Type: - Cyber Espionage Exploited Vulnerabilities: - Microsoft Office vulnerabilities (e.g., CVE-2017-11882, CVE-2018-0798, CVE-2018-0802), Zimbra Web Client vulnerabilities Malware Used: - ZxxZ Trojan, Dracarys Android spyware, various custom Remote Access Trojans (RATs), keyloggers, and backdoors

Ymir and RustyStealer Malware Duo Escalates Cyber Threat Landscape

Ymir and RustyStealer Malware Duo Escalates Cyber Threat Landscape

Threat Group: Unidentified Threat Actor Threat Type: Ransomware, Info-Stealer Exploited Vulnerabilities: Common file encryption mechanisms, credential theft techniques Malware Used: Ymir Ransomware, RustyStealer Threat Score: High (8.2/10) — Due to its dual-impact functionality that combines data theft with ransomware encryption. Last Threat Observation: November 10, 2024 Overview A newly