abusing
-
Cybersecurity experts have identified a sophisticated phishing technique that exploits blob URIs (Uniform Resource Identifiers) to evade detection by Secure Email Gateways (SEGs) and security analysis tools. This emerging attack method leverages the unique properties of blob URIs, which are designed to display temporary data that can only be accessed by the browser that generated…
-
Powerful attack technique that allows adversaries to simulate the behavior of a Domain Controller (DC) and request password hashes.Continue reading on InfoSec Write-ups »
-
A new ransomware strain dubbed “Mamona” that operates entirely offline and leverages a clever attack strategy that abuses the Windows ping command. Unlike traditional ransomware that communicates with remote servers, Mamona works completely offline, making it particularly difficult to detect with conventional network monitoring tools. “This strain highlights a rising trend: ransomware that trades complexity…
-
BleepingComputer reports that security researchers have uncovered seven malicious Python Package Index packages leveraging Gmail’s SMTP servers and encrypted WebSocket connections to exfiltrate data and execute remote commands on infected systems.
-
A recent report has uncovered a sophisticated phishing operation that uses DNS techniques to tailor content to victims. The post Morphing Meerkat’s Phishing Tactics: Abusing DNS MX Records appeared first on Daily CyberSecurity.
-
A recent discovery by the McAfee Mobile Research Team has highlighted a new wave of Android malware campaigns that utilize the .NET MAUI cross-platform framework to evade detection. This framework, introduced by Microsoft as a replacement for Xamarin, allows developers to build applications for multiple platforms, including Android, iOS, Windows, and macOS. However, cybercriminals have…
-
Bahrain’s systematic practices of detaining and abusing children to quell dissents violate international law, according to a report published by Human Rights Watch (HRW) and Americans for Democracy & Human Rights in Bahrain (ADHRB) on Monday. Despite a 2024 royal pardon releasing over 1,500 prisoners including 40 minors, the groups recorded an escalating number of…
-
Microsoft exposed four individuals behind an Azure Abuse scheme using unauthorized GenAI access to create harmful content. Microsoft shared the names of four developers of malicious tools designed to bypass the guardrails of generative AI services, including Microsoft’s Azure OpenAI Service. Microsoft is taking legal action against these defendants, dismantling their operation, and curbing misuse…
-
A recent investigation has uncovered a malicious application, DriverEasy, masquerading as a legitimate Google Chrome update to steal user credentials. The malware leverages Dropbox’s API to exfiltrate sensitive information, including passwords, and is linked to North Korea’s cyber-espionage campaign known as “Contagious Interview.” Password Theft via Fake Prompts DriverEasy, written in Swift and Objective-C, deploys…
-
Found in Environments Protected By:Microsoft EOP and ProofpointBy Jurielle Taca and Aloha Masbate, Cofense Phishing Defense CenterThreat actors have taken phishing to the next level by weaponizing custom Microsoft 365 applications to request sensitive information from users. This sneaky attempt from threat actors utilized a fake Microsoft password request email with an embedded link that…
-
Cybersecurity experts have identified an alarming trend of cybercriminals exploiting ConnectWise ScreenConnect, a widely-used Remote Monitoring and Management (RMM) tool, to establish persistent access to compromised systems. Threat Actors Exploit Legitimate Software for Malicious Gains Silent Push Threat Analysts and other researchers have observed a surge in the abuse of this legitimate software, leveraging its…
-
In a significant finding, Forcepoint’s X-Labs research team has uncovered a new malware campaign that uses AsyncRAT, a notorious remote access trojan (RAT), along with Python scripting and TryCloudflare tunnels to deliver malicious payloads with enhanced stealth. This campaign highlights an evolving trend of adversaries exploiting legitimate infrastructure to cloak their attacks, reinforcing predictions from…
-
A financially motivated threat actor has been linked to a sophisticated cyber campaign that has been targeting users in Poland and Germany since July 2024. The effort uses phishing emails to spread a range of malware payloads, including Agent Tesla, Snake Keylogger, and an undocumented backdoor called TorNet. This backdoor leverages Windows Scheduled Tasks for…
-
The Diamond Ticket attack represents a sophisticated escalation in Active Directory (AD) exploitation methods, leveraging intricate flaws in Kerberos authentication and authorization mechanisms. This article explores the technical nuances of the Diamond Ticket attack, delving deeply into the underlying mechanisms, the role of Privilege Attribute Certificates (PACs), and the root causes that make AD environments…
-
HTB | Office — CVE-2023–23752, Abusing MS-BKRP & GPOThis is a Windows box. You can find it here.Skill LearnedJoomla Web Service AbuseCVE-2023–23752WireShark Packet FilteringRunasCLibreOffice Registry SecurityAbusing MS-BKRP (BackupKey Remote Protocol) for Password Decryption (DPAPI)GPO Abuse (via SharpGPOAbuse.exe)NMAPIP: 10.10.11.3Port 53dig any @10.10.11.3 office.htbfrom this, we can say there areoffice.htbdc.office.htbhostmaster.office.htbLet’s add this to /etc/hostsLet’s try zone transfer, but zone transfer is not possibledig axfr @10.10.11.3LDAPldapsearch…
-
Akamai security researcher Tomer Peled has unveiled a novel attack technique exploiting Microsoft’s legacy UI Automation framework, a tool originally designed to enhance computer accessibility. The findings reveal how attackers can weaponize this framework to bypass modern Endpoint Detection and Response (EDR) systems, creating a significant cybersecurity concern.