Cybersec Sentinel - Cybersec Sentinel

Cybersec Sentinel

Cybersec Sentinel: 30+ years of IT expertise, delivering clear, actionable cyber security insights.

UNC2970 Launches MISTPEN Against Critical Infrastructure

UNC2970 Launches MISTPEN Against Critical Infrastructure

Threat Details and Score Threat Group: UNC2970 (North Korea-linked) Threat Type: Cyber-Espionage Malware (Backdoor) Exploited Vulnerabilities: None exploited, uses modified open-source software Malware Used: MISTPEN, BURNBOOK, TEARPAGE Threat Score: High (8.3/10) Last Observation: September 18, 2024 (Mandiant) Overview: The UNC2970 threat group, associated with North Korea, has been

Kransom Ransomware Exploits DLL Side-Loading and Certificate Misuse

Kransom Ransomware Exploits DLL Side-Loading and Certificate Misuse

Threat Group: Kransom Threat Type: Ransomware Exploited Vulnerabilities: Unpatched software vulnerabilities, phishing Malware Used: Kransom Ransomware Threat Score: High (8/10) — Advanced evasion techniques and use of legitimate digital certificates make detection challenging Last Threat Observation: September 2024, verified through multiple cybersecurity sources Overview Kransom ransomware is a newly identified

Meow Ransomware Evolves into Data Extortion

Meow Ransomware Evolves into Data Extortion

Threat Details and Score Threat Group: Meow, also known as MeowCorp and MeowLeaks, a ransomware group derived from NB65 (itself based on Conti v2's leaked source code). Threat Type: Ransomware/Data Extortion. Exploited Vulnerabilities: Weak RDP configurations, phishing campaigns, compromised software (e.g., VMware and Jenkins), deceptive downloads,

Advanced Phishing Tactic Exploits Kiosk Mode to Force Credential Entry

Advanced Phishing Tactic Exploits Kiosk Mode to Force Credential Entry

Threat Group: Amadey Threat Type: Credential theft (Browser lock, Kiosk mode exploitation) Exploited Vulnerabilities: No direct system vulnerability, but uses deceptive phishing techniques to trick users into entering credentials. Malware Used: Amadey malware loader, StealC info stealer, and AutoIt Credential Flusher Threat Score: High (7.8/10) — This campaign is

Hadooken Malware Becomes a Growing Threat to WebLogic Infrastructure

Hadooken Malware Becomes a Growing Threat to WebLogic Infrastructure

Threat Group: Unclear attribution, though linked to prior infrastructure used by TeamTNT and 8220 Gang. Threat Type: Cryptominer and Botnet, with potential future ransomware connections. Exploited Vulnerabilities: Weak credentials and misconfigured Oracle WebLogic servers. Malware Used: Hadooken (deploys both a cryptominer and Tsunami botnet). Threat Score: High (7.5/10)

The Scattered Spider Group Ramps Up Cloud Attacks

The Scattered Spider Group Ramps Up Cloud Attacks

Threat Group: Scattered Spider Threat Type: Cybercrime Group (Focused on Cloud Environments, Ransomware) Exploited Vulnerabilities: Azure Cross-Tenant Synchronization, Federated Identity Providers, Cloud Platforms Malware Used: AlphV ransomware Threat Score: High (8.8/10) — Due to its sophisticated exploitation of cloud-based systems, privilege escalation methods, and use of advanced tools for

RansomHub Affiliate NoName Group Launches ScRansom Attacks

RansomHub Affiliate NoName Group Launches ScRansom Attacks

Threat Group: NoName (formerly known as CosmicBeetle) Threat Type: Ransomware (Part of the Spacecolon malware family) Exploited Vulnerabilities: CVE-2017-0144 (EternalBlue), CVE-2023-27532 (Veeam Backup), CVE-2020-1472 (ZeroLogon), and others Malware Used: ScRansom, LockBit variants, RansomHub Threat Score: High (8.5/10) – Due to its focus on SMBs and evolving encryption methods Last

Mustang Panda Expands Global Espionage with FDMTP and PUBLOAD

Mustang Panda Expands Global Espionage with FDMTP and PUBLOAD

Threat Group: Mustang Panda (also known as Earth Preta, Bronze President, HoneyMyte) Threat Type: Cyber-Espionage Exploited Vulnerabilities: Phishing, DLL Side-loading, Removable Media Propagation Malware Used: PUBLOAD, FDMTP, PTSOCKET, HIUPAN Worm Threat Score: Critical (9.0/10) — Due to widespread targeting of government entities, advanced data exfiltration techniques, and consistent evolution

Configuring FIDO2 Keys for Passwordless Authentication in Entra ID

Configuring FIDO2 Keys for Passwordless Authentication in Entra ID

Complete Guide to Implementing Passwordless Authentication with FIDO2 in an Entra ID and Intune Environment for Windows 10 and 11 Devices Contents 1. Introduction 2. Prerequisites 3. Step 1: Enable FIDO2 Security Keys in Entra ID 4. Step 2: Restrict FIDO2 Key Models Based on AAGUIDs 5. Step 3: Enable

Make Cybersecurity Easier with Bulk IoC Importing into Microsoft Defender for Endpoints

Make Cybersecurity Easier with Bulk IoC Importing into Microsoft Defender for Endpoints

Step-by-Step Instructions for Importing IoCs: 1. Log in to Microsoft 365 Defender: * Go to the Microsoft 365 Defender portal at security.microsoft.com and log in with your administrator credentials. 2. Access the Indicators Section: * Navigate to Settings -> Rules -> Indicators. This section allows you to manage

Fake LinkedIn Job Offers Hide Dangerous Malware

Fake LinkedIn Job Offers Hide Dangerous Malware

Threat Type: Malware (Dropper and Payload) Exploited Vulnerabilities: macOS systems, social engineering (LinkedIn) Malware Used: COVERTCATCH Threat Score: High (8.2/10) — Targeting macOS and Web3 developers with sophisticated social engineering tactics. Last Threat Observation: September 7, 2024, reported by Vumetric, Mandiant, and other platforms. Overview: A new malware campaign,

Angry Stealer Malware - A Sophisticated Data Theft Tool on the Rise

Angry Stealer Malware - A Sophisticated Data Theft Tool on the Rise

Threat Group: Unknown Threat Type: Info-stealing malware Exploited Vulnerabilities: User accounts, browser data, cryptocurrency wallets Malware Used: Stepasha.exe, MotherRussia.exe Threat Score: High (8.0/10) — Due to its ability to exfiltrate sensitive data stealthily via Telegram and the comprehensive data it targets. Last Threat Observation: September 2024, observed

Minecraft Under Siege: Record-Breaking 3.15 Billion Packet DDoS Attack Marks a New Era of Cyber Threats

Minecraft Under Siege: Record-Breaking 3.15 Billion Packet DDoS Attack Marks a New Era of Cyber Threats

Threat Details: * Threat Group: Unknown (Utilised multiple botnets) * Threat Type: Distributed Denial of Service (DDoS) * Exploited Vulnerabilities: Devices vulnerable to CVE-2023-2231 (e.g., DrayTek Vigor routers, Hikvision IP cameras) * Malware Used: Not specified, but botnets were leveraged * Threat Score: High (9/10) — Due to the unprecedented packet rate and multi-vector

Rust-Based Cicada3301 Targets Virtual Machines and Critical Systems

Rust-Based Cicada3301 Targets Virtual Machines and Critical Systems

Threat Group: Cicada3301 Ransomware Operators Threat Type: Ransomware-as-a-Service (RaaS) Exploited Vulnerabilities: Poorly secured VMware ESXi systems, Weak Passwords, Brute-forcing via Brutus botnet Malware Used: Cicada3301 Ransomware Threat Score: High (8.5/10) — Due to its focus on critical infrastructure (VMware ESXi), advanced encryption techniques, and cross-platform targeting capabilities. Overview Cicada3301

Rising Phobos Ransomware Activity in High-Impact Sectors

Rising Phobos Ransomware Activity in High-Impact Sectors

Threat Group: Phobos Ransomware Operators Threat Type: Ransomware-as-a-Service (RaaS) Exploited Vulnerabilities: Exposed Remote Desktop Protocol (RDP) Ports, Weak Passwords, Phishing Attacks Malware Used: Phobos Ransomware Overview: Phobos ransomware remains a significant and evolving threat, particularly targeting critical sectors such as healthcare, government, and education. Since its emergence in 2019, Phobos

Cybersec Sentinel Is Back—and Better Than Ever!

Cybersec Sentinel Is Back—and Better Than Ever!

After a week of being offline, we’re thrilled to announce that Cybersec Sentinel is back, stronger, and more secure than ever before! This wasn’t just a routine update—this was a strategic overhaul to ensure that Cybersec Sentinel can continue to be your trusted source for cybersecurity advisories

APT Group Citrine Sleet Deploys FudModule Rootkit via Chrome Vulnerability

APT Group Citrine Sleet Deploys FudModule Rootkit via Chrome Vulnerability

Threat Group: Citrine Sleet (North Korea-linked APT group) Threat Type: Advanced Persistent Threat (APT) Exploited Vulnerability: Google Chrome Zero-Day (CVE-2024-7971) Malware Used: FudModule Rootkit Overview A North Korea-linked APT group, known as Citrine Sleet, has been identified exploiting a newly discovered zero-day vulnerability in Google Chrome (CVE-2024-7971). This vulnerability, a

Malware Disguised as GlobalProtect VPN

Malware Disguised as GlobalProtect VPN

Summary Cybersecurity researchers have identified a new malware campaign targeting users in the Middle East. The malware, disguised as the Palo Alto Networks GlobalProtect VPN tool, demonstrates a sophisticated infection chain and utilizes advanced Command and Control (C&C) infrastructure to evade detection. This advisory provides a detailed analysis

Qilin Ransomware Adopts Aggressive Credential Harvesting

Qilin Ransomware Adopts Aggressive Credential Harvesting

Overview The Qilin ransomware group, also known as Agenda, has been active since 2022, progressively evolving its tactics. The group recently escalated its operations by targeting credentials stored in Google Chrome browsers, significantly heightening the risk profile for affected organizations. This tactic, coupled with their established methods of double extortion,

KOK08 Ransomware: What to Know

KOK08 Ransomware: What to Know

Overview KOK08 ransomware, identified as a variant of the Matrix ransomware family, is involved in malicious activities including file encryption and data exfiltration. This ransomware uses sophisticated methods that are consistent with the broader trends observed in 2024, where targeted attacks on critical infrastructure and high-value targets have become more

PEAKLIGHT: What You Need to Know

PEAKLIGHT: What You Need to Know

Overview PEAKLIGHT is a sophisticated memory-only malware recently identified by cybersecurity researchers at Mandiant. This malware is particularly concerning due to its stealthy nature, residing exclusively in a computer's RAM, which allows it to evade traditional antivirus solutions that rely on disk scanning. The infection is initiated through

The Styx Stealer Threat: What You Need to Know

The Styx Stealer Threat: What You Need to Know

Overview Styx Stealer is a sophisticated information-stealing malware targeting Windows systems, with a primary focus on cryptocurrency theft and data exfiltration. It is an advanced variant of the older Phemedrone Stealer and has been actively distributed since April 2024. This malware exploits vulnerabilities in outdated Windows Defender versions, making it

Microsoft Reveals Critical IPv6 Flaw Impacting Every Windows System

Vulnerabilities

Microsoft Reveals Critical IPv6 Flaw Impacting Every Windows System

Overview A critical security vulnerability, identified as CVE-2024-38063, has been discovered in the Windows TCP/IP stack, specifically affecting systems using the IPv6 protocol. This vulnerability is classified as a Remote Code Execution (RCE) flaw, meaning that an attacker can gain control over a system without any user interaction. Given

DeerStealer Uses Google Authenticator as a Trojan Horse

DeerStealer Uses Google Authenticator as a Trojan Horse

Overview DeerStealer is a recent and increasingly concerning information-stealing malware. It has gained notoriety for its use of deceptive distribution methods, specifically by disguising itself as legitimate applications such as Google Authenticator. The malware is typically spread through fake advertisements and malicious downloads. Once installed, DeerStealer harvests sensitive data including

Entra ID Cybersecurity Threat: UnOAuthorized Admin Privilege Escalation

Vulnerabilities

Entra ID Cybersecurity Threat: UnOAuthorized Admin Privilege Escalation

Summary A critical vulnerability known as "UnOAuthorized" has been discovered in Microsoft Entra ID (formerly Azure Active Directory). This vulnerability allows attackers with specific administrative roles, such as Application Administrator or Cloud Application Administrator, to escalate their privileges to Global Administrator. This escalation is made possible due to