Cybersec Sentinel - Cybersec Sentinel

Cybersec Sentinel

Cybersec Sentinel: 30+ years of IT expertise, delivering clear, actionable cyber security insights.

The Growing Risk of Sneaky 2FA for Microsoft and Gmail Accounts

The Growing Risk of Sneaky 2FA for Microsoft and Gmail Accounts

Threat Group: Sneaky Log Threat Type: Phishing-as-a-Service (PhaaS) Platform Exploited Vulnerabilities: Two-Factor Authentication (2FA) Mechanisms, User Trust Malware Used: Sneaky 2FA Phishing Kit Threat Score: High (8.5/10) – Due to its sophisticated methods to bypass 2FA and widespread targeting of essential communication platforms. Last Threat Observation: January 18, 2025

UEFI Secure Boot Vulnerability Highlighted in CVE 2024 7344

Vulnerabilities

UEFI Secure Boot Vulnerability Highlighted in CVE 2024 7344

Threat Group: N/A Threat Type: Vulnerability Exploitation Exploited Vulnerabilities: CVE-2024-7344 Malware Used: Custom PE Loader with Encrypted Payload Threat Score: High (9.2/10) – Due to its ability to bypass foundational security mechanisms like UEFI Secure Boot, enabling undetectable and persistent compromises. Overview CVE-2024-7344 is a critical vulnerability found

The Return of PlugX Malware with Fresh Tricks

The Return of PlugX Malware with Fresh Tricks

Threat Group: Likely associated with Chinese Advanced Persistent Threat (APT) groups Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: Multiple, including spear-phishing and exploiting unpatched software vulnerabilities Malware Used: PlugX Threat Score: High (8.7/10) – Due to its versatility, stealth capabilities, and association with espionage campaigns Last Threat Observation:

Phishing Campaigns Fuel Compiled AutoIt Malware Distribution

Phishing Campaigns Fuel Compiled AutoIt Malware Distribution

Threat Group: Various (including XLoader, SnakeKeylogger, RedLine, AgentTesla, RemcosRAT) Threat Type: Multi-Functional Malware via Phishing Campaigns Exploited Vulnerabilities: None specific; relies on social engineering for initial infection Malware Used: AutoIt Compile Malware (XLoader, SnakeKeylogger, RedLine, AgentTesla, RemcosRAT) Threat Score: High (8.7/10) – Due to the rapid increase in distribution

macOS Users Targeted by the New Variant of Banshee Infostealer

macOS Users Targeted by the New Variant of Banshee Infostealer

Threat Group: Unknown Threat Type: Information Stealer (Infostealer) Exploited Vulnerabilities: No specific vulnerabilities exploited; relies on social engineering and phishing tactics Malware Used: Banshee Stealer Threat Score: High (8.5/10) – Due to its advanced evasion techniques, targeting of macOS systems, and comprehensive data theft capabilities. Last Threat Observation: January

Advanced Evasion Techniques Used by NonEuclid RAT

Advanced Evasion Techniques Used by NonEuclid RAT

Threat Group: Developer unknown, promoted by underground forums and individual actors Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: Privilege escalation, outdated security patches, and social engineering Malware Used: NonEuclid RAT Threat Score: High (9.0/10) – Advanced persistence, ransomware capabilities, and widespread appeal within cybercrime circles Last Threat Observation:

REF5961 Group Deploys EAGERBEE Backdoor Against Critical Sectors

REF5961 Group Deploys EAGERBEE Backdoor Against Critical Sectors

Threat Group: REF5961 Threat Type: Backdoor Malware Exploited Vulnerabilities: Potential exploitation of Microsoft Exchange ProxyLogon (CVE-2021-26855) Malware Used: EAGERBEE, RUDEBIRD, DOWNTOWN Threat Score: High (8.5/10) – Due to its focus on critical infrastructure, advanced evasion techniques, and persistent access capabilities. Last Threat Observation: January 7, 2025 Overview EAGERBEE is

DoubleClickjacking Exploit Turns Your Clicks into Chaos

DoubleClickjacking Exploit Turns Your Clicks into Chaos

Threat Group: Unattributed Threat Type: Clickjacking Variant Exploited Vulnerabilities: User Interface (UI) Redressing Vulnerabilities Malware Used: None Threat Score: High (8.0/10) – Due to its ability to bypass existing clickjacking defenses and exploit common user interactions. Last Threat Observation: January 3, 2025 Overview DoubleClickjacking is an advanced form of

Threat Surge as Lumma Stealer Expands Its Reach

Threat Surge as Lumma Stealer Expands Its Reach

Threat Group: Lumma (operated by "Shamel") Threat Type: Information Stealer (Malware-as-a-Service) Exploited Vulnerabilities: No specific vulnerabilities; relies on social engineering and deceptive tactics Malware Used: Lumma Stealer (also known as LummaC2) Threat Score: High (8.5/10) – Due to its advanced evasion techniques, broad targeting capabilities, and widespread

IoT Devices Under Fire by FICORA and CAPSAICIN

IoT Devices Under Fire by FICORA and CAPSAICIN

Threat Group: Unattributed Threat Type: IoT-Based Botnets Exploited Vulnerabilities: D-Link HNAP Interface Flaws (CVE-2015-2051, CVE-2019-10891, CVE-2022-37056, CVE-2024-33112) Malware Used: Mirai Variant "FICORA", Kaiten Variant "CAPSAICIN" Threat Score: High (8.7/10) – Due to the exploitation of widely deployed IoT devices and the potential for large-scale Distributed