Vasco F. Gonçalves’ Post

So let's talk about real-world scenarios. Most of the time we are talking about Windows and how attackers are moving around due to vulnerabilities. So lets switch gears for a minute and talk about the robust security measures to safeguard macOS environments from malicious lateral movement maneuvers. This article walks analysts through multiple examples, including SSH key theft, where attackers can gain unauthorized access by misusing stolen or exfiltrated SSH keys. Delve into the rest now:

Et affaire de sécurité. On dirait que les news en regorgent ! Mac and Windows users infected by software updates delivered over hacked ISP #DomainNameSystem #Malware #DNSSpoofing #HTTPS #NetworkArchitecture #SecureCommunication #Technology #SecurityEngineering #InformationTechnology #InternetProtocols #Telecommunications #ComputerScience #ApplicationLayerProtocols #InternetStandards #InternetArchitecture #ComputerNetworking #Cybercrime #Software #ComputerLaw #Protocols #Computing #Cyberspace #Internet #ComputerSecurity #Cyberwarfare #ManInTheMiddleAttack #CommunicationsProtocols #InformationAge #HTTPCookie #TransportLayerSecurity #SecurityTechnology #NetworkProtocols #NameServer #DigitalRights #InformationTechnologyManagement #WorldWideWeb #ComputerEngineering #ITInfrastructure #DigitalMedia #CrimePrevention #NetworkingStandards #DNSOverHTTPS #CyberpunkThemes #Cryptography #WideAreaNetworks #InternetPrivacy #MacOS #MassMediaTechnology #DigitalTechnology #DNSOverTLS #DataTransmission #Computers #ESET #Encryption #EspionageTechniques #ComputerNetworkSecurity #Cloudflare #InternetSecurity #ComputerSecurityExploits #ComputerArchitecture #OnlineServices #ComputerNetworks #NetworkAddressing #SupplyChainAttack Extracted and hashtagged by Infusio. Read More...

**Russian RomCom Hackers Exploit Firefox and Windows Zero-Days** The RomCom group has exploited zero-day vulnerabilities in Firefox and Windows, targeting users in Europe and North America. The Firefox flaw (CVE-2024-9680) enabled arbitrary code execution via a bug in the animation timeline, patched by Mozilla on October 9, 2024. The Windows flaw (CVE-2024-49039) involved privilege escalation through Task Scheduler, resolved by Microsoft on November 12. RomCom used these in chained attacks against government, defense, energy, pharmaceuticals, and insurance sectors, installing the backdoor by redirecting users to exploit servers. 🔍 What are your thoughts on this development? Comment below with solutions or insights. #Cybersecurity #Infosec #ZeroDay #RomComHackers #DigitalSecurity

Cody Thomas created Apfell in 2018, an open-source macOS post-exploitation framework that later evolved into Mythic, a cross-platform framework addressing the limits of existing tools. Loki Backdoor Mythic offers a unified interface for managing agents across platforms, allowing flexibility and customization to create agents with specific features. The official Mythic repository now has over two dozen agents, including the Loki agent, which uses a modified djb2 hashing algorithm to obscure API functions and commands, differing from the original Havoc agent by using a different magic number (2231). ~First Hackers News To Continue reading this article, click on this link >>> https://lnkd.in/gyT6266u #codythomas #macos #framework #lokibackdoor #api #cyberattack #cybersecurity #fhn #firsthackersnews #informationsecurity #latestupdates

Cody Thomas created Apfell in 2018, an open-source macOS post-exploitation framework that later evolved into Mythic, a cross-platform framework addressing the limits of existing tools. Loki Backdoor Mythic offers a unified interface for managing agents across platforms, allowing flexibility and customization to create agents with specific features. The official Mythic repository now has over two dozen agents, including the Loki agent, which uses a modified djb2 hashing algorithm to obscure API functions and commands, differing from the original Havoc agent by using a different magic number (2231). ~First Hackers News To Continue reading this article, click on this link >>> https://lnkd.in/gyT6266u #codythomas #macos #framework #lokibackdoor #api #cyberattack #cybersecurity #fhn #firsthackersnews #informationsecurity #latestupdates

Security company exposes ransomware Fickle: written in Rust, can bypass Windows system UAC security mechanism On June 24, security company Fortinet recently reported a ransomware Trojan called Fickle, which is said to be written in Rust language and is said to be “quite complex and flexible.” It is reported that the Trojan is mainly spread in the form of VBA macros. Hackers package the relevant macro files into Word Doc documents. Once the unsuspecting victims open the documents, the victims’ computers will automatically download the PowerShell scripts set by the hackers to the victim’s computers. https://lnkd.in/eJ2is8c3 #cybernews #cybersecurity #rust #uacbypass #windows #trojan

Chinese language hackers are taking advantage of the Windows Installer (MSI) file format to bypass standard security checks. https://lnkd.in/gypPds3T

What happens when Mimikatz, Raspberry Robin, a malicious USB drive, and a JavaScript file called “FireFox as the Default Browser Agent” all waltz into a Blackpoint partner environment? … Nothing! Our SOC team is the best! 🤣 Jokes aside, this week’s threat analysis of the latest #Blackpoint SOC incidents includes: --Three different credential stealers running under “Automim” --A malicious USB drive dropping Raspberry Robin malware --A fake “Chase_Bank_Statement_March[.]zip” file deploying a scheduled task… which pretended to be a FireFox default browser automation Read the complete analysis on these incidents – and how you can protect yourself and your customers’ environments from similar intrusions. #SeeClearly #InfoSec #ThreatIntelligence #SOCSaves https://hubs.ly/Q02rYqFf0

If you haven't updated #Windows lately, do it now. A new, alarming Wi-Fi driver security flaw affects all supported versions of the Windows operating system & gives the attacker physical access tos targeted computers. #Hackers #Security #ATLMSP #ATLITFirm https://ow.ly/outW50SlEq8

A new #attack #technique could be used to #bypass Microsoft 's Driver Signature Enforcement (#DSE) on fully patched Windows systems, leading to operating system (#OS) downgrade attacks. "This bypass allows loading #unsigned #kernel #drivers, enabling attackers to deploy #custom #rootkits that can #neutralize #security #controls, hide processes and network activity, maintain #stealth, and much more," SafeBreach researcher Alon Leviev said in a report shared with The Hacker News. The latest findings build on an earlier analysis that uncovered two privilege escalation flaws in the Windows update process (#CVE-2024-21302 and #CVE-2024-38202) that could be weaponized to rollback an up-to-date Windows software to an older version containing #unpatched #security #vulnerabilities. #cybersecurity