In late May 2024, Unit 42 researchers observed an adversary compromising multiple web servers to gain access to the environment of a multinational organization headquartered in North America.
Based on overlaps in adversary infrastructure and tools, as well as tactics, techniques and procedures (TTPs), it’s possible to attribute the activity identified to the same threat actor behind the Silent Skimmer campaign. In September 2023, an online payment scraping campaign was uncovered and dubbed Silent Skimmer. Since then, there has been little to no news of Silent Skimmer – until now.
Read more…
Source: Palo Alto Unit 42
Related:
- Microsoft Releases November 2024 Security Updates
November 13, 2024
Microsoft has released security updates to address 89 vulnerabilities in Microsoft products. The security updates include four critical vulnerabilities, two vulnerabilities that are under zero-day exploitation, and four vulnerabilities that are publicly disclosed. Vulnerability details CVE-2024-43451 – NTLM Hash Disclosure Spoofing Vulnerability CVE-2024-43451 is an ‘external control of file name or path’ vulnerability in Windows and Windows ...
- Threats in space (or rather, on Earth): Internet-exposed GNSS receivers
November 13, 2024
Global Navigation Satellite Systems (GNSS) are collections, or constellations of satellite positioning systems. There are several GNSSs launched by different countries currently in operation: GPS (US), GLONASS (Russia), Galileo (EU), BeiDou Navigation Satellite System (BDS, China), Navigation with Indian Constellation (NavIC, India) and Quazi-Zenith Satellite System (QZSS, Japan). These systems are used for positioning, navigation ...
- Fortinet Releases Multiple Security Advisories
November 13, 2024
Fortinet has released 18 security advisories to address a range of security vulnerabilities in multiple products. Three of the advisories address two high severity vulnerabilities in FortiClient for Windows and one high severity vulnerability in FortiOS affecting SSLVPN sessions. FortiClient and FortiOS provide an endpoint detection and response (EDR) solution, a virtual private network (VPN) solution, ...
- FBI: 2023 Top Routinely Exploited Vulnerabilities
November 12, 2024
In 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks compared to 2022, allowing them to conduct cyber operations against higher-priority targets. In 2023, the majority of the most frequently exploited vulnerabilities were initially exploited as a zero-day, which is an increase from 2022, when less than half of the top exploited vulnerabilities ...
- ModeLeak: Privilege Escalation to LLM Model Exfiltration in Vertex AI
November 12, 2024
In the race to gain a competitive edge, organizations are increasingly training artificial intelligence (AI) models on sensitive data. But what if a seemingly harmless AI model became a gateway for attackers? A malicious actor could upload a poisoned model to a public repository, and without realizing it, your team could deploy it in your environment. ...
- Tracking the recent activities of the APT-Q-27
November 12, 2024
Overview In May 2022, Qi’anxin Threat Intelligence Center published an article titled “Operation Dragon Breath (APT-Q-27): A Dimensionality Reduction Attack on the Gambling Industry”, disclosing the attack activities of GoldenEyeDog (Qi’anxin internal tracking number APT-Q-27) against the gambling industry, and at the end of the article introduced the Miuuti Group —— an attack group targeting ...