Phishers Exploit Salesforce’s Email Services Zero-Day in Targeted Facebook Campaign

Phishers Exploit Salesforce’s Email Services Zero-Day in Targeted Facebook Campaign

,

A sophisticated Facebook phishing campaign has been observed exploiting a zero-day flaw in Salesforce’s email services, allowing threat actors to craft targeted phishing messages using the company’s domain and infrastructure.
« Those phishing campaigns cleverly evade conventional detection methods by chaining the Salesforce vulnerability and legacy quirks in Facebook’s Web Games platform, »

,

A sophisticated Facebook phishing campaign has been observed exploiting a zero-day flaw in Salesforce’s email services, allowing threat actors to craft targeted phishing messages using the company’s domain and infrastructure.
« Those phishing campaigns cleverly evade conventional detection methods by chaining the Salesforce vulnerability and legacy quirks in Facebook’s Web Games platform, »

, ,
https://thehackernews.com/2023/08/phishers-exploit-salesforces-email.html

Top Industries Significantly Impacted by Illicit Telegram Networks

Top Industries Significantly Impacted by Illicit Telegram Networks,

In recent years the rise of illicit activities conducted within online messaging platforms has become a growing concern for countless industries. One of the most notable platforms that has been host to many malicious actors and nefarious activities has been Telegram. Thanks to its accessibility, popularity, and user anonymity, Telegram has attracted a large number of threat actors driven by

,

In recent years the rise of illicit activities conducted within online messaging platforms has become a growing concern for countless industries. One of the most notable platforms that has been host to many malicious actors and nefarious activities has been Telegram. Thanks to its accessibility, popularity, and user anonymity, Telegram has attracted a large number of threat actors driven by

, ,
https://thehackernews.com/2023/08/top-industries-significantly-impacted.html

Researchers Uncover AWS SSM Agent Misuse as a Covert Remote Access Trojan

Researchers Uncover AWS SSM Agent Misuse as a Covert Remote Access Trojan,

Cybersecurity researchers have discovered a new post-exploitation technique in Amazon Web Services (AWS) that allows the AWS Systems Manager Agent (SSM Agent) to be run as a remote access trojan on Windows and Linux environments
« The SSM agent, a legitimate tool used by admins to manage their instances, can be re-purposed by an attacker who has achieved high privilege access on an endpoint with

,

Cybersecurity researchers have discovered a new post-exploitation technique in Amazon Web Services (AWS) that allows the AWS Systems Manager Agent (SSM Agent) to be run as a remote access trojan on Windows and Linux environments
« The SSM agent, a legitimate tool used by admins to manage their instances, can be re-purposed by an attacker who has achieved high privilege access on an endpoint with

, ,
https://thehackernews.com/2023/08/researchers-uncover-aws-ssm-agent.html

Iranian Company Cloudzy Accused of Aiding Cybercriminals and Nation-State Hackers

Iranian Company Cloudzy Accused of Aiding Cybercriminals and Nation-State Hackers,

Services offered by an obscure Iranian company known as Cloudzy are being leveraged by multiple threat actors, including cybercrime groups and nation-state crews.
« Although Cloudzy is incorporated in the United States, it almost certainly operates out of Tehran, Iran – in possible violation of U.S. sanctions – under the direction of someone 
going by the name Hassan Nozari, » Halcyon said in a

,

Services offered by an obscure Iranian company known as Cloudzy are being leveraged by multiple threat actors, including cybercrime groups and nation-state crews.
« Although Cloudzy is incorporated in the United States, it almost certainly operates out of Tehran, Iran – in possible violation of U.S. sanctions – under the direction of someone 
going by the name Hassan Nozari, » Halcyon said in a

, ,
https://thehackernews.com/2023/08/iranian-company-cloudzy-accused-of.html

Norwegian Entities Targeted in Ongoing Attacks Exploiting Ivanti EPMM Vulnerability

Norwegian Entities Targeted in Ongoing Attacks Exploiting Ivanti EPMM Vulnerability,

Advanced persistent threat (APT) actors exploited a recently disclosed critical flaw impacting Ivanti Endpoint Manager Mobile (EPMM) as a zero-day since at least April 2023 in attacks directed against Norwegian entities, including a government network.
The disclosure comes as part of a new joint advisory released by the Cybersecurity and Infrastructure Security Agency (CISA) and the Norwegian

,

Advanced persistent threat (APT) actors exploited a recently disclosed critical flaw impacting Ivanti Endpoint Manager Mobile (EPMM) as a zero-day since at least April 2023 in attacks directed against Norwegian entities, including a government network.
The disclosure comes as part of a new joint advisory released by the Cybersecurity and Infrastructure Security Agency (CISA) and the Norwegian

, ,
https://thehackernews.com/2023/08/norwegian-entities-targeted-in-ongoing.html

New NodeStealer Targeting Facebook Business Accounts and Crypto Wallets

New NodeStealer Targeting Facebook Business Accounts and Crypto Wallets,

Cybersecurity researchers have unearthed a Python variant of a stealer malware NodeStealer that’s equipped to fully take over Facebook business accounts as well as siphon cryptocurrency.
Palo Alto Network Unit 42 said it detected the previously undocumented strain as part of a campaign that commenced in December 2022.
NodeStealer was first exposed by Meta in May 2023, describing it as a stealer

,

Cybersecurity researchers have unearthed a Python variant of a stealer malware NodeStealer that’s equipped to fully take over Facebook business accounts as well as siphon cryptocurrency.
Palo Alto Network Unit 42 said it detected the previously undocumented strain as part of a campaign that commenced in December 2022.
NodeStealer was first exposed by Meta in May 2023, describing it as a stealer

, ,
https://thehackernews.com/2023/08/new-nodestealer-targeting-facebook.html

European Bank Customers Targeted in SpyNote Android Trojan Campaign

European Bank Customers Targeted in SpyNote Android Trojan Campaign,

Various European customers of different banks are being targeted by an Android banking trojan called SpyNote as part of an aggressive campaign detected in June and July 2023.
« The spyware is distributed through email phishing or smishing campaigns and the fraudulent activities are executed with a combination of remote access trojan (RAT) capabilities and vishing attack, » Italian cybersecurity

,

Various European customers of different banks are being targeted by an Android banking trojan called SpyNote as part of an aggressive campaign detected in June and July 2023.
« The spyware is distributed through email phishing or smishing campaigns and the fraudulent activities are executed with a combination of remote access trojan (RAT) capabilities and vishing attack, » Italian cybersecurity

, ,
https://thehackernews.com/2023/08/european-bank-customers-targeted-in.html

What is Data Security Posture Management (DSPM)?

What is Data Security Posture Management (DSPM)?,

Data Security Posture Management is an approach to securing cloud data by ensuring that sensitive data always has the correct security posture – regardless of where it’s been duplicated or moved to.
So, what is DSPM? Here’s a quick example:
Let’s say you’ve built an excellent security posture for your cloud data. For the sake of this example, your data is in production, it’s protected behind a

,

Data Security Posture Management is an approach to securing cloud data by ensuring that sensitive data always has the correct security posture – regardless of where it’s been duplicated or moved to.
So, what is DSPM? Here’s a quick example:
Let’s say you’ve built an excellent security posture for your cloud data. For the sake of this example, your data is in production, it’s protected behind a

, ,
https://thehackernews.com/2023/08/what-is-data-security-posture.html

Researchers Expose Space Pirates’ Cyber Campaign Across Russia and Serbia

Researchers Expose Space Pirates’ Cyber Campaign Across Russia and Serbia

,

The threat actor known as Space Pirates has been linked to attacks against at least 16 organizations in Russia and Serbia over the past year by employing novel tactics and adding new cyber weapons to its arsenal.
« The cybercriminals’ main goals are still espionage and theft of confidential information, but the group has expanded its interests and the geography of its attacks, » Positive

,

The threat actor known as Space Pirates has been linked to attacks against at least 16 organizations in Russia and Serbia over the past year by employing novel tactics and adding new cyber weapons to its arsenal.
« The cybercriminals’ main goals are still espionage and theft of confidential information, but the group has expanded its interests and the geography of its attacks, » Positive

, ,
https://thehackernews.com/2023/08/researchers-expose-space-pirate-cyber.html

China’s APT31 Suspected in Attacks on Air-Gapped Systems in Eastern Europe

China’s APT31 Suspected in Attacks on Air-Gapped Systems in Eastern Europe

,

A nation-state actor with links to China is suspected of being behind a series of attacks against industrial organizations in Eastern Europe that took place last year to siphon data stored on air-gapped systems.
Cybersecurity company Kaspersky attributed the intrusions with medium to high confidence to a hacking crew called APT31, which is also tracked under the monikers Bronze Vinewood,

,

A nation-state actor with links to China is suspected of being behind a series of attacks against industrial organizations in Eastern Europe that took place last year to siphon data stored on air-gapped systems.
Cybersecurity company Kaspersky attributed the intrusions with medium to high confidence to a hacking crew called APT31, which is also tracked under the monikers Bronze Vinewood,

, ,
https://thehackernews.com/2023/08/chinas-apt31-suspected-in-attacks-on.html