threat hunting – Threat Note

From The Hacker News – Legacy Stripe API Exploited to Validate Stolen Payment Cards in Web Skimmer Campaign

Threat hunters are warning of a sophisticated web skimmer campaign that leverages a legacy application programming interface (API) from payment processor Stripe to validate stolen payment information prior to exfiltration. "This tactic ensures that only valid card data is sent to the attackers, making the operation more efficient and potentially harder to detect," Jscrambler researchers Pedro

shaikh Saqib April 3, 2025

News

From Security Week – Microsoft Using AI to Uncover Critical Bootloader Vulnerabilities

[[{"value":"Using the Security Copilot tool, Microsoft discovered 20 critical vulnerabilities in widely deployed open-source bootloaders. The post Microsoft Using AI to Uncover Critical Bootloader Vulnerabilities appeared first on SecurityWeek."}]] Read More

shaikh Saqib April 2, 2025

News

From Dark Reading – Surge in Scans on PAN GlobalProtect VPNs Hints at Attacks

Over the past few weeks, bad actors from different regions have been scanning devices with the VPN for potential vulnerabilities. Read More

shaikh Saqib April 2, 2025

News

From Cyber Security News – Hackers Scanning From 24,000 IPs to Gain Access to Palo Alto Networks GlobalProtect Portals

Researchers have detected an alarming surge in malicious scanning activity targeting Palo Alto Networks’ GlobalProtect VPN portals. Over a 30-day period, nearly 24,000 unique IP addresses have attempted to access…

shaikh Saqib April 1, 2025

News

From Cyber Security News – New Sophisticated Malware CoffeeLoader Bypasses Endpoint Security to Deploy Rhadamanthys Shellcode

Cybersecurity researchers have uncovered a sophisticated new malware strain targeting macOS systems, dubbed “CoffeeLoader,” which employs advanced techniques to bypass endpoint security solutions and deliver Rhadamanthys shellcode payloads. The malware…

shaikh Saqib March 27, 2025

News

From Dark Reading – Student-Powered SOCs Train Security’s Next Generation

University security operations centers that hire and train students are a boon to state and local governments while giving much-needed Tier 1 cybersecurity training to undergraduates. Read More

shaikh Saqib March 27, 2025

News

From The Hacker News – Hackers Repurpose RansomHub’s EDRKillShifter in Medusa, BianLian, and Play Attacks

A new analysis has uncovered connections between affiliates of RansomHub and other ransomware groups like Medusa, BianLian, and Play. The connection stems from the use of a custom tool that's designed to disable endpoint detection and response (EDR) software on compromised hosts, according to ESET. The EDR killing tool, dubbed EDRKillShifter, was first documented as used by RansomHub actors in

shaikh Saqib March 27, 2025

News

From Dark Reading – Volt Typhoon Strikes Massachusetts Power Utility

The prolonged attack, which lasted 300+ days, is the first known compromise of the US electric grid by the Voltzite subgroup of the Chinese APT; during it, the APT attempted…

shaikh Saqib March 12, 2025

News

From Dark Reading – GreyNoise Intelligence Releases New Research on Cybersecurity Vulns

shaikh Saqib March 5, 2025

News

From Cyber Security News – As a SOC/DFIR Team Member, How To Investigate Phishing Kit Attacks

Phishing kit attacks have become a pervasive threat in cybersecurity landscapes, lowering the barrier to entry for cybercriminals and enabling even low-skilled actors to launch sophisticated campaigns. These kits contain…

shaikh Saqib February 26, 2025

News

From Cyber Security News – PurpleLab – A Free Cybersecurity Lab for Security Teams to Detect, Analyze & Simulate Threats

In a significant step forward for cybersecurity professionals, PurpleLab offers an innovative open-source cybersecurity lab for creating and testing detection rules, simulating logs, and running malware tests. Designed as an…

shaikh Saqib February 17, 2025

News

From Cyber Security News – New ‘BYOTB’ Attack Exploits Trusted Binaries to Evade Detection, Researchers Reveal

Security researcher David Kennedy unveiled a novel attack technique known as “BYOTB” (Bring Your Own Trusted Binary) in a recent presentation at BSides London 2024, which leverages trusted binaries to…

shaikh Saqib February 10, 2025

News

From Cyber Security News – Hackers Exploiting Google Tag Manager To Steal Credit Card From eCommerce Sites

Hackers have been exploiting Google Tag Manager (GTM) to steal sensitive credit card information from eCommerce sites, particularly those built on the Magento platform. This sophisticated attack shows the evolving…

shaikh Saqib February 10, 2025

News

From The Hacker News – XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells

Threat actors have been observed exploiting multiple security flaws in various software products, including Progress Telerik UI for ASP.NET AJAX and Advantive VeraCore, to drop reverse shells and web shells, and maintain persistent remote access to compromised systems. The zero-day exploitation of security flaws in VeraCore has been attributed to a threat actor known as XE Group, a cybercrime

shaikh Saqib February 10, 2025