exfiltration
-
Threat actors have abused the vulnerable vsdatant.sys kernel-level driver within the Check Point ZoneAlarm antivirus version released in 2016 to exfiltrate account credentials as part of a Bring Your Own Vulnerable Driver attack, according to Hackread.
-
Microsoft Security Response Center (MSRC) was informed of this finding and this disclosure write-up has been vetted. Before this issue was fixed, this data exfiltration finding only worked with image files (eg. png, jpg, svg)Photo by Saradasish Pradhan on UnsplashType of vulnerability:CWE-94 Improper Control of Generation of Code (‘Code Injection’)Affected target environment:Microsoft Copilot for Work (first tested…
-
Cytex launched AICenturion, a LLM Firewall with Data Loss Prevention (DLP) capabilities. GenAI’s risks intensify as LLMs prevent enterprises from directly controlling their processes and data handling. AICenturion provides the trust, risk and security management that enterprises need by enabling AI model discovery, data loss prevention, threat mitigation, and compliance framework policy enforcement. “With the…
-
Advanced SQL Injection Techniques to Data Exfiltration, OoB, Leveraging JSON etc. (Part -2 of Advanced SQL Injection Techniques by nav1n)Here are some advanced SQL injection techniques that go beyond basic attacks. Learn how to execute data exfiltration, leverage Out-of-Band (OOB) channels, and utilize JSON functions for more complex and stealthy exploits. These methods are designed to…
-
Threat actor solana-web-stable-huks’ “solana-transaction-toolkit” and “solana-stable-web-huks” packages not only compromised Solana private keys through Nodemailer but also enabled the automated transfer of 98% of the targeted cryptocurrency wallets’ assets to an attacker-controlled Solana address, according to a Socket analysis.
-
⭐SOC250 — APT35 HyperScrape Data Exfiltration Tool DetectedIn this writeup, I will investigate one of the alerts on Letsdefend, “SOC250 — APT35 HyperScrape Data Exfiltration Tool Detected”.This alert is about APT35 and Charming Kitten, an Iranian government-backed group. Charming Kitten tool, named HYPERSCRAPE, used to steal user data from Gmail, Yahoo!, and Microsoft Outlook accounts. For more information click here.DetectionBefore starting…
-
Coordinated Disclosure Timeline 2024-10-23: Reported through MSRC. 2024-11-27: MSRC issue closed as resolved. Summary Azure/azure-cli is vulnerable to Environment Variable Injection which may allow a malicious actor to exfiltrate the CLI_BOT secret. Project Azure-cli Tested Version Latest commit at the time of reporting Details The AddPRComment.yml workflow is vulnerable to Environment Variable Injection. The workflow…
-
Coordinated Disclosure Timeline 2024-10-22: Reported through MSRC. 2024-11-04: Vulnerable workflow is removed. 2024-11-27: MSRC issue is closed as resolved. Summary Secret exfiltration on GitHub’s Azure/api-management-developer-portal repository. Project Azure API Management Developer Portal Tested Version Latest commit at the time of reporting. Details Code Injection (GHSL-2024-312) The workflow cleanUpOpenenedIssues.yaml is triggered manually by maintainers of the…
-
Versa announced Versa Endpoint DLP, an integrated endpoint data loss prevention (DLP) capability delivered by the Versa SASE Client as part of the VersaONE Universal SASE Platform.
-
wevtutil.exe, a Windows Event Log management tool, can be abused for LOLBAS attacks. By manipulating its capabilities, attackers can execute arbitrary commands, download malicious payloads, and establish persistence, all while evading traditional security measures.
-
Ransomware groups and state-sponsored actors increasingly exploit data exfiltration to maximize extortion and intelligence gains by leveraging a mix of custom and legitimate tools to steal sensitive data, including financial, personal, and classified information.
-
In a recent report, Palo Alto Networks researchers disclosed two critical vulnerabilities within Google’s Vertex AI platform that could expose organizations to serious security risks. Known as ModeLeak, these vulnerabilities enable privilege escalation and model exfiltration, potentially allowing attackers to access sensitive machine learning (ML) and large language model (LLM) data within Vertex AI environments.
-
Executive Summary In the race to gain a competitive edge, organizations are increasingly training artificial intelligence (AI) models on sensitive data. But what if a seemingly harmless AI model became a gateway for attackers?
-
Cisco Talos Incident Response (Talos IR) has recently unveiled a concerning new threat in the cybersecurity landscape: Interlock ransomware. This attack, which Talos categorizes as “big-game hunting,” leverages both sophisticated tools and techniques to carry out double extortion attacks. According to the report, the threat actor behind Interlock utilizes a blend of credential theft, keylogging,…
-
Coordinated Disclosure Timeline 2024-10-02: Reported via GitHub’s Private Vulnerability Reporting. 2024-10-30: Workflow is fixed. Summary docker-mailserver docs-preview-deploy.yml workflow is vulnerable to Environment Variable injection which may lead to secret exfiltration and repository manipulation. Project docker-mailserver Tested Version Latest commit at the time of reporting. Details Environment Variable Injection in docs-preview-deploy.yml workflow. (GHSL-2024-255) The docs-preview-deploy.yml workflow…
-
[Submitted on 29 Oct 2024 (v1), last revised 7 Nov 2024 (this version, v2)] View a PDF of the paper titled Fine-tuning Large Language Models for DGA and DNS Exfiltration Detection, by Md Abu Sayed and 3 other authors
-
Cybercriminals are increasingly leveraging Telegram as a platform not only for communication but also as a server for exfiltrating sensitive data stolen by infostealer malware. According to a recent report from André Tavares, a Threat Researcher at Bitsight Security Research, this alarming trend has significant implications for businesses and individuals alike, with Telegram playing a…
-
Coordinated Disclosure Timeline 2024-07-07: Findings reported to gradio-team@huggingface.co. 2024-07-30: Email is acknowledged. 2024-07-30: Gradio team request information about how feasible it is to dump the runner’s memory. 2024-07-30: Security Lab replies with PoC. 2024-09-05: Security Lab requests status update. 2024-09-25: Advisory gets published. Summary Gradio contains multiple Workflows vulnerables to Execution of untrusted code enabling…
-
MalBot October 1, 2024, 4:25am 1 Article Link: Data Exfiltration Attack Analysis: Tactics and Mitigation in Manufacturing Sector Breach – ReliaQuest
-
How can information be transferred from a computer that’s connected neither to the internet nor a local network? For many years now, Israeli researcher Mordechai Guri has been on a mission to uncover the exotic methods with which attackers could do precisely that to steal data. And we’ve always been there to cover his research.…