Cybersec Sentinel - Cybersec Sentinel (Page 9)

Cybersec Sentinel

Cybersec Sentinel: 30+ years of IT expertise, delivering clear, actionable cyber security insights.

Lynx Ransomware Strikes New Targets Unveiling Advanced Encryption Techniques

Lynx Ransomware Strikes New Targets Unveiling Advanced Encryption Techniques

Threat Group: Lynx Threat Type: Ransomware Exploited Vulnerabilities: Targets file encryption vulnerabilities with privilege escalation techniques Malware Used: Modified ransomware code derived from INC ransomware Threat Score: High (8.2/10) — Due to advanced encryption techniques, privilege escalation methods, and cross-sector targeting Last Threat Observation: October 3, 2024, by Rapid7

Fortinet Users Warned of Ongoing RCE Vulnerability

Vulnerabilities

Fortinet Users Warned of Ongoing RCE Vulnerability

The recently exploited vulnerability in Fortinet's FortiOS, identified as CVE-2024-23113, is a critical remote code execution (RCE) flaw. This vulnerability is caused by an issue in the fgfmd daemon, which manages authentication requests and keep-alive messages between FortiGate and FortiManager. Specifically, it involves the daemon accepting an externally

New Infostealer Malware Yunit Stealer Targets Credentials and Crypto

New Infostealer Malware Yunit Stealer Targets Credentials and Crypto

Threat Group: Freeboox Threat Type: Infostealer Malware Exploited Vulnerabilities: Browser data storage, registry manipulation, scheduled tasks, system utilities Malware Used: Yunit Stealer Threat Score: High (8.7/10) — Due to its advanced evasion techniques, ability to extract sensitive data, and its persistence in critical system areas Last Threat Observation: October

New Vilsa Stealer Malware Infiltrates Systems and Steals Sensitive Data

New Vilsa Stealer Malware Infiltrates Systems and Steals Sensitive Data

Threat Group: - Unknown Threat Type: - Information Stealer Exploited Vulnerabilities: - Virtual Machine Detection, Browser Data Extraction, Cryptocurrency Wallets Malware Used: - Vilsa Stealer, hvnc.py Threat Score: - High (8.5/10) — Due to its advanced encryption, persistence mechanisms, and broad targeting capabilities. Last Threat Observation: - October

CVE-2024-43572 Uncovers Critical Windows Management Console Flaw

Vulnerabilities

CVE-2024-43572 Uncovers Critical Windows Management Console Flaw

Advisory ID: CVE-2024-43572 Release Date: October 2024 Severity: Critical Affected Software: Windows Management Console Description The vulnerability in the Windows Management Console (WMC) could allow an attacker to execute arbitrary code by exploiting improper input validation. Successful exploitation may enable an attacker to run commands with elevated privileges or install

Gorilla Botnet Swings into Action Wreaks Havoc Worldwide

Gorilla Botnet Swings into Action Wreaks Havoc Worldwide

Threat Group: - Gorilla Botnet Threat Type: - Botnet (DDoS Attacks) Exploited Vulnerabilities: - IoT devices, Apache Hadoop YARN RPC vulnerability Malware Used: - Modified Mirai variant Threat Score: - High (8.8/10) — due to its advanced techniques, cross-platform capabilities, and impact on critical infrastructure. Last Threat Observation: -

KLogExe and FPSpy Signal a New Wave of Espionage by Sparkling Pisces Hackers

KLogExe and FPSpy Signal a New Wave of Espionage by Sparkling Pisces Hackers

Threat Group: Sparkling Pisces (aka Kimsuky, THALLIUM) Threat Type: Keylogger & Backdoor Malware Exploited Vulnerabilities: User exploitation via spear phishing, DLL hijacking Malware Used: KLogExe (keylogger), FPSpy (backdoor) Threat Score: High (8.0/10) — Due to the combination of data exfiltration and its ability to bypass static detection Last Threat

Continuous Threat Exposure Management (CTEM): A Detailed Guide for Cybersecurity Defence

How To's Featured

Continuous Threat Exposure Management (CTEM): A Detailed Guide for Cybersecurity Defence

CTEM is a proactive cybersecurity approach that continuously monitors, assesses, and mitigates threats like ransomware and data breaches. It enhances risk prioritisation, compliance, and cost efficiency while staying updated with evolving cyber threats through advisories.

Perfctl Malware Hijacks Linux Servers for Cryptomining and Proxyjacking

Perfctl Malware Hijacks Linux Servers for Cryptomining and Proxyjacking

Threat Group: - Unknown Threat Type: - Cryptomining & Proxyjacking Malware Exploited Vulnerabilities: - Polkit (CVE-2021-4043), Apache RocketMQ (CVE-2023-33246) Malware Used: - Perfctl Threat Score: - High (8/10) Last Threat Observation: - October 3, 2024 Overview: Perfctl is a stealthy and persistent malware targeting Linux servers, leveraging misconfigurations and

ELPACO-Team Ransomware: Escalating Threat to Windows Systems

ELPACO-Team Ransomware: Escalating Threat to Windows Systems

Threat Group: ELPACO-team Threat Type: Ransomware Exploited Vulnerabilities: Outdated software and phishing emails Malware Used: ELPACO-team Ransomware Threat Score: High (8.2/10) Last Threat Observation: October 2024 Overview The ELPACO-team ransomware is a malicious strain designed to encrypt files and demand ransom payments in cryptocurrency for their release. Known