Security News

A hacking group dubbed OilAlpha with suspected ties to Yemen's Houthi movement has been linked to a cyber espionage campaign targeting development, humanitarian, media, and non-governmental organizations in the Arabian peninsula. OilAlpha is the new cryptonym given by Recorded Future to two overlapping clusters previously tracked by the company under the names TAG-41 and TAG-62 since April 2022.

A financially motivated cyber actor has been observed abusing Microsoft Azure Serial Console on virtual machines to install third-party remote management tools within compromised environments. "This method of attack was unique in that it avoided many of the traditional detection methods employed within Azure and provided the attacker with full administrative access to the VM," the threat intelligence firm said.

In several high-profile incidents, application programming interfaces emerged as a primary attack vector, posing a new and significant threat to organizations' security posture, according to Cequence Security. "As attack automation becomes an increasingly prevalent threat against APIs, it's critical that organizations have the tools, knowledge and expertise to defend against them in real- time," Talwalkar added.

A threat group based in Israel is behind attacks in recent weeks, according to a report from email security firm Abnormal Security. Mike Britton, the chief information security officer at Abnormal, said that while it is not unexpected that sophisticated threat actors would emerge from a skilled, innovative technology ecosystem, Asia, Israel - in fact the Middle East, generally - are bases for BEC attackers.

As the rate of cyberattacks steadily increases, automated threat hunting processes are being integrated to help stem the tide by providing quicker security insights, more efficient operations, and human error reductions. Threat hunters need to know their organization's weaknesses, but unfortunately, a lot of companies are starting to realize that truly qualified threat hunters are rare.

In a different report, Gartner concluded that vulnerability management vendors are expanding their offerings to include Attack Surface Management for a suite of comprehensive offensive security solutions. EASM is distinct from similar market categories, such as cyber attack surface management or security risk rating services, but the differences are nuanced.

In this report, the Elastic Security team highlights how they've noticed a slight increase in Linux binaries with the capability to leverage a proxy for potential command and control purposes. When targeting Linux endpoints, adversary playbooks often include using a backdoor binary, as previously discussed, followed by installing a proxy server for command and control.

Threat hunting is an essential component of your cybersecurity strategy. Whether you're getting started or in an advanced state, this article will help you ramp up your threat intelligence program.

Bluefield University is a small private university in Bluefield, Virginia, with roughly 900 students. The incident took a nasty turn on May 1st, 2023, with the Avos threat actors still having access to the University's RamAlert system, an emergency alert system used to warn students and staff via email and text of campus emergencies or threats.

According to news reports, the FBI had successfully purchased a portion of the data - which included social security numbers and other sensitive information - on the dark web. As malicious software like "Info Stealer" gains more traction among cybercriminals, the dark web is still full of stories, tactics, and tips for using traditional cybercrime tools like ransomware, Trojan, Spyware, adware, and more.