Beware of Ghost Sites: Silent Threat Lurking in Your Salesforce Communities

Improperly deactivated and abandoned Salesforce Sites and Communities (aka Experience Cloud) could pose severe risks to organizations, leading to unauthorized access to sensitive data. Data security firm Varonis dubbed the abandoned, unprotected, and unmonitored resources “ghost sites.” “When these Communities are no longer needed, though, they are often set aside but not deactivated,” Varonis

Critical Firmware Vulnerability in Gigabyte Systems Exposes ~7 Million Devices

Cybersecurity researchers have found “backdoor-like behavior” within Gigabyte systems, which they say enables the UEFI firmware of the devices to drop a Windows executable and retrieve updates in an unsecure format. Firmware security firm Eclypsium said it first detected the anomaly in April 2023. Gigabyte has since acknowledged and addressed the issue. “Most Gigabyte firmware includes a Windows

6 Steps to Effective Threat Hunting: Safeguard Critical Assets and Fight Cybercrime

Finding threat actors before they find you is key to beefing up your cyber defenses. How to do that efficiently and effectively is no small task – but with a small investment of time, you can master threat hunting and save your organization millions of dollars. Consider this staggering statistic. Cybersecurity Ventures estimates that cybercrime […]

Microsoft Details Critical Apple macOS Vulnerability Allowing SIP Protection Bypass

Microsoft has shared details of a now-patched flaw in Apple macOS that could be abused by threat actors with root access to bypass security enforcements and perform arbitrary actions on affected devices. Specifically, the flaw – dubbed Migraine and tracked as CVE-2023-32369 – could be abused to get around a key security measure called System Integrity Protection […]

RomCom RAT Using Deceptive Web of Rogue Software Sites for Covert Attacks

The threat actors behind RomCom RAT are leveraging a network of fake websites advertising rogue versions of popular software at least since July 2022 to infiltrate targets. Cybersecurity firm Trend Micro is tracking the activity cluster under the name Void Rabisu, which is also known as Tropical Scorpius (Unit 42) and UNC2596 (Mandiant). “These lure sites are […]

Dark Pink APT Group Leverages TelePowerBot and KamiKakaBot in Sophisticated Attacks

The threat actor known as Dark Pink has been linked to five new attacks aimed at various entities in Belgium, Brunei, Indonesia, Thailand, and Vietnam between February 2022 and April 2023. This includes educational entities, government agencies, military bodies, and non-profit organizations, indicating the adversarial crew’s continued focus on high-value targets. Dark Pink, also called Saaiwc

Alert: Hackers Exploit Barracuda Email Security Gateway 0-Day Flaw for 7 Months

Enterprise security firm Barracuda on Tuesday disclosed that a recently patched zero-day flaw in its Email Security Gateway (ESG) appliances had been abused by threat actors since October 2022 to backdoor the devices. The latest findings show that the critical vulnerability, tracked as CVE-2023-2868 (CVSS score: N/A), has been actively exploited for at least seven months prior to its discovery.

SeroXen RAT for sale

This blog was jointly written with Alejandro Prada and Ofer Caspi. Executive summary SeroXen is a new Remote Access Trojan (RAT) that showed up in late 2022 and is becoming more popular in 2023. Advertised as a legitimate tool that gives access to your computers undetected, it is being sold for only $30 for a […]

Barracuda Networks patches zero-day vulnerability in Email Security Gateway

On May 20, Barracuda Networks issued a patch for a zero day vulnerability in its Email Security Gateway (ESG) appliance. The vulnerability existed in a module which initially screens the attachments of incoming emails, and was discovered on May 19. Barracuda’s investigation showed that the vulnerability resulted in unauthorized access to a subset of email gateway […]