MFA Bombing; A Growing Threat to Two-Factor Authentication
Malware Developments
New Sophisticated Phishing Campaign Observed Leveraging the Agent Tesla Info Stealer?
A new phishing campaign has been spotted masquerading as a bank payment message - downloading a unique payload malware to spread Agent Tesla's data theft and keylogger.
Ransomware Operations
Agenda Ransomware Propagates to vCenters and ESXi via Custom PowerShell Script?
The Agenda Ransomware group - also known as Qilin - has been active and in development since 2022. These days, Agenda continues infecting victims globally - with the US, Argentina, Australia, and Thailand being among its top targets.
Vulnerabilities and Exploitation Attempts
Exploit Released for Fortinet RCE Bug Used in Attacks?
Security researchers published a POC code for CVE-2023-48788, a critical vulnerability in Fortinet's FortiClient Enterprise Management Server (EMS) software. Details about the vulnerability were shared by the CyberProof CTI team as part of the March 18th CTI weekly report. The vulnerability is now reported to be exploited in the wild.
XZ Tools Backdoor Vulnerability Could Allow Unauthorized Access?
A critical security vulnerability - CVE-2024-3094 (CVSS Score 10) - has been identified within the “xz” tools and libraries, specifically in versions 5.6.0 and 5.6.1. This vulnerability involves malicious code that could potentially allow unauthorized access to systems.
领英推荐
Identified Trends
MFA Bombing; A Growing Threat to Two-Factor Authentication?
The sophistication of MFA bombing tactics has grown, as noted in reports by cybersecurity experts. Attackers, undeterred by users ignoring relentless notifications, may resort to directly contacting their targets under the guise of customer support, further attempting to manipulate victims into compromising their accounts. For instance, a victim receiving a spoofed call from someone claiming to be from Apple Support - aiming to facilitate a password reset and capture the reset code - highlights this trend.
Cisco Warns of Password-Spraying Attacks Targeting VPN Services?
Cisco released an advisory regarding password-spraying attacks targeting Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall devices. The attacks have also been observed targeting other remote access VPN services, likely as part of reconnaissance.?
Phishing Kits Bypass MFA - Tycoon 2FA on the Rise Since October 2023?
The phishing-as-a-service (PhaaS) kit Tycoon 2FA has become a significant threat since its emergence in late October 2023. This kit specifically targets Microsoft 365 and Gmail accounts, employing a concerning technique to bypass multi-factor authentication (MFA).
Gain deeper CTI insights!?
CyberProof’s CTI service offers comprehensive threat intelligence coverage, ensuring that your organization stays ahead of active threats that pose the greatest risk to your assets.?
Our advanced CTI team investigates the threat landscape, providing you with detailed reports, related Indicators of Compromise (IOCs), technical recommendations, and MITRE ATT&CK mapping.
SOC ANALYST L1 AT CYBERPROOF, A UST COMPANY |CICSA | CERTIFIED IT INFRASTRUCTURE AND CYBER SOC ANALYST | AZURE SENTINEL | MICROSOFT DEFENDER |
11 个月Deep insights!