For the latest discoveries in cyber research for the week of 22nd April, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES MITRE Corporation disclosed a security event that occurred in January 2024. The attack, which is linked to Chinese APT group UNC5221, involved exploitation of two zero-day vulnerabilities in Ivanti VPN products. The attacker conducted session hijacking and lateral movement across MITRE’s NERVE network, which is a collaborative network used for research, development, and prototyping. Frontier Communications reported a cyberattack involving unauthor ..read more

Key takeaways Dating apps often use location data, to show users nearby and their distances. However, openly sharing distances can lead to security issues. Techniques like trilateration allow attackers to determine user coordinates using distance information. Despite safety measures, the Hornet dating app (a popular gay dating app with over 10 million downloads) had vulnerabilities, allowing precise location determination, even if users disabled the display of their distances. In reproducible experiments, we achieved location accuracy within 10 meters. The recent changes applied by the Hornet ..read more

Author: Yoav Arad Pinkas Key Findings AI is already extensively utilized in election campaigns worldwide. Deepfakes and voice cloning have been employed in elections in three main venues: By candidates for self-promotion. By candidates to attack and defame political opponents. By foreign nation-state actors to defame specific candidates. Deepfake materials (convincing AI-generated audio, video, and images that deceptively fake or alter the appearance, voice, or actions of political candidates) are often disseminated shortly before election dates to limit the opportunity for fact-checkers t ..read more

Introduction In recent months, Check Point Research (CPR) has been closely monitoring the activity of a Chinese-nexus cyber espionage threat actor who is focusing on Southeast Asia, Africa, and South America. This activity significantly aligns with the insights the Trend Micro researchers publicly shared in their comprehensive analysis of a threat actor called Earth Krahang. This actor’s toolset notably includes a cross-platform backdoor named DinodasRAT, also known as XDealer, which was also observed previously in attacks by the Chinese threat actor LuoYu. The Windows vers ..read more

By Oded Vanunu, Dikla Barda, Roman Zaikin Ethereum’s CREATE2 function is being exploited by attackers to compromise the security of digital wallets, bypassing traditional security measures and facilitating unauthorized access to funds. The attack method involves tricking users into approving transactions for smart contracts that haven’t been deployed yet, allowing cybercriminals to later deploy malicious contracts and steal cryptocurrencies. This vulnerability highlights the need for enhanced security measures in wallet security products to adapt to the evolving tactics of cybercriminals, ensu ..read more

Key Points Magnet Goblin is a financially motivated threat actor that quickly adopts and leverages 1-day vulnerabilities in public-facing services as an initial infection vector. At least in one case of Ivanti Connect Secure VPN (CVE-2024-21887), the exploit entered the group’s arsenal as fast as within 1 day after a POC for it was published. Campaigns that we were able to attribute to this actor targeted Ivanti, Magento, Qlink Sense and possibly Apache ActiveMQ. Analysis of the actor’s recent Ivanti Connect Secure VPN campaign revealed a novel Linux version of a malware called NerbianRA ..read more

For the latest discoveries in cyber research for the week of 4th March, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES UnitedHealth Group confirmed its subsidiary was attacked by the ALPHV ransomware gang. 6 terabytes of data were stolen in the attack, and Change Healthcare, a crucial intermediary between pharmacies and insurance companies, was forced to disconnect its systems on February 21. The disruption impacted U.S. military clinics and hospitals worldwide, necessitating manual prescription processes. Check Point Harmony Endpoint and Threat Emulation provide ..read more

Key Takeaways: ·        Rising Threats: Cybersecurity landscape faces an unprecedented surge in ransomware attacks, with 1 in every 10 organizations globally being targeted in 2023. ·        Evolution of Tactics: Adversaries exploit zero-day vulnerabilities, employ disruptive wipers, utlise emerging RaaS (Ransomware-as-a-Service) tactics and target edge devices, amplifying the complexity of cyber threats. ·        AI-Powered Defense: Artificial intelligence emerges as a formidable defender ..read more

Introduction Recently, Check Point Research released a white paper titled “The Obvious, the Normal, and the Advanced: A Comprehensive Analysis of Outlook Attack Vectors”, detailing various attack vectors on Outlook to help the industry understand the security risks the popular Outlook app may bring into organizations. As mentioned in the paper, we discovered an interesting security issue in Outlook when the app handles specific hyperlinks. In this blog post, we will share our research on the issue with the security community and help defend against it. We will also highlight the broader impact ..read more

Research by: Raman Ladutska We chose a fantasy decoration style at certain points of the article to attract attention to the described problem. We hope that visualizing a fantasy adventure as a fight against the source of evil will transform the real world and make it a safer and better place. Figure 1 – The Title Page Chasing new exploits, vulnerabilities, and threats is the way to go in the ever-changing cybercrime landscape. However, in a constant flow of information, the focus on yesterday’s highlights is low: every day, new CVEs occur, and new threats emerge. With this state of affairs, o ..read more