Malicious actors are using a cloud attack tool named Xeon Sender to conduct SMS phishing and spam campaigns on a large scale by abusing legitimate services.
“Attackers can use Xeon to send messages through multiple software-as-a-service (SaaS) providers using valid credentials for the service providers,” SentinelOne security researcher Alex Delamotte said in a report shared with The Hacker News.
Cymulate’s proof-of-concept attack demonstrates how multiple on-premises domains syncing to a single Azure tenant can lead to credential mishandling, potentially allowing unauthorized access to different domains.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-19 10:06:372024-08-19 10:06:37100,000 Impacted by Jewish Home Lifecare Data Breach
Microsoft has patched a zero-day vulnerability, known as CVE-2024-38193, that was being exploited by the North Korea-linked Lazarus APT group. This vulnerability is a privilege escalation issue in the Windows Ancillary Function Driver for WinSock.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-19 10:06:362024-08-19 10:06:36Update: Windows Zero-Day Flaw was Exploited by North Korea-linked Lazarus APT
The US Defense Department’s grand strategy for protecting Taiwan from a massive Chinese military offensive involves flooding the zone with thousands of drones.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-19 10:06:362024-08-19 10:06:36The Pentagon Is Planning a Drone ‘Hellscape’ to Defend Taiwan
A newly patched security flaw in Microsoft Windows was exploited as a zero-day by Lazarus Group, a prolific state-sponsored actor affiliated with North Korea.
The security vulnerability, tracked as CVE-2024-38193 (CVSS score: 7.8), has been described as a privilege escalation bug in the Windows Ancillary Function Driver (AFD.sys) for WinSock.
“An attacker who successfully exploited this
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-19 08:07:422024-08-19 08:07:42Microsoft Patches Zero-Day Flaw Exploited by North Korea’s Lazarus Group
Cybersecurity researchers have discovered new infrastructure linked to a financially motivated threat actor known as FIN7.
The two clusters of potential FIN7 activity “indicate communications inbound to FIN7 infrastructure from IP addresses assigned to Post Ltd (Russia) and SmartApe (Estonia), respectively,” Team Cymru said in a report published this week as part of a joint investigation with
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-19 06:07:102024-08-19 06:07:10Researchers Uncover New Infrastructure Tied to FIN7 Cybercrime Group
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-17 15:06:492024-08-17 15:06:49Did you get a fake McAfee or Norton invoice? How the scam works (and what not to do)
Plus: US regulators fine T-Mobile $60 million for mishap with sensitive data, New Zealand approves Kim Dotcom’s US extradition, and San Francisco takes on deepfake porn.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-17 14:06:432024-08-17 14:06:43Geofence Warrants Ruled Unconstitutional—but That’s Not the End of It
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-17 12:07:002024-08-17 12:07:007-Year-Old Pre-Installed Google Pixel App Flaw Puts Millions at Risk
BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
Xeon Sender Tool Exploits Cloud APIs for Large-Scale SMS Phishing Attacks
/in General NewsMalicious actors are using a cloud attack tool named Xeon Sender to conduct SMS phishing and spam campaigns on a large scale by abusing legitimate services.
“Attackers can use Xeon to send messages through multiple software-as-a-service (SaaS) providers using valid credentials for the service providers,” SentinelOne security researcher Alex Delamotte said in a report shared with The Hacker News.
The Hacker News – Read More
Unfixed Microsoft Entra ID Authentication Bypass Threatens Hybrid IDs
/in General NewsCymulate’s proof-of-concept attack demonstrates how multiple on-premises domains syncing to a single Azure tenant can lead to credential mishandling, potentially allowing unauthorized access to different domains.
Cyware News – Latest Cyber News – Read More
100,000 Impacted by Jewish Home Lifecare Data Breach
/in General NewsA Jewish Home Lifecare data breach resulting from a BlackCat ransomware attack impacts over 100,000 individuals.
The post 100,000 Impacted by Jewish Home Lifecare Data Breach appeared first on SecurityWeek.
SecurityWeek – Read More
Update: Windows Zero-Day Flaw was Exploited by North Korea-linked Lazarus APT
/in General NewsMicrosoft has patched a zero-day vulnerability, known as CVE-2024-38193, that was being exploited by the North Korea-linked Lazarus APT group. This vulnerability is a privilege escalation issue in the Windows Ancillary Function Driver for WinSock.
Cyware News – Latest Cyber News – Read More
The Pentagon Is Planning a Drone ‘Hellscape’ to Defend Taiwan
/in General NewsThe US Defense Department’s grand strategy for protecting Taiwan from a massive Chinese military offensive involves flooding the zone with thousands of drones.
Security Latest – Read More
Microsoft Patches Zero-Day Flaw Exploited by North Korea’s Lazarus Group
/in General NewsA newly patched security flaw in Microsoft Windows was exploited as a zero-day by Lazarus Group, a prolific state-sponsored actor affiliated with North Korea.
The security vulnerability, tracked as CVE-2024-38193 (CVSS score: 7.8), has been described as a privilege escalation bug in the Windows Ancillary Function Driver (AFD.sys) for WinSock.
“An attacker who successfully exploited this
The Hacker News – Read More
Researchers Uncover New Infrastructure Tied to FIN7 Cybercrime Group
/in General NewsCybersecurity researchers have discovered new infrastructure linked to a financially motivated threat actor known as FIN7.
The two clusters of potential FIN7 activity “indicate communications inbound to FIN7 infrastructure from IP addresses assigned to Post Ltd (Russia) and SmartApe (Estonia), respectively,” Team Cymru said in a report published this week as part of a joint investigation with
The Hacker News – Read More
Did you get a fake McAfee or Norton invoice? How the scam works (and what not to do)
/in General NewsIf you’ve received emails with invoice PDFs attached for products you didn’t buy, here’s what’s going on and what to do next.
Latest stories for ZDNET in Security – Read More
Geofence Warrants Ruled Unconstitutional—but That’s Not the End of It
/in General NewsPlus: US regulators fine T-Mobile $60 million for mishap with sensitive data, New Zealand approves Kim Dotcom’s US extradition, and San Francisco takes on deepfake porn.
Security Latest – Read More
7-Year-Old Pre-Installed Google Pixel App Flaw Puts Millions at Risk
/in General NewsA critical 7-year-old security flaw in a pre-installed app on millions of Google Pixel devices has been exposed.…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More