company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO/CTO

DevOps Engineer

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

Android

Spyware

Iran

loading..
loading..
loading..

FurBall behind mobile surveillance campaign targeting Iranian citizens

FurBall Android spyware targeting Iranian citizens in mobile surveillance campaigns conducted by Domestic Kitten group aka APT-C-50…

20-Oct-2022
3 min read

Related Articles

loading..

Outage

Panera Bread outage disrupts ordering, rewards, and internal systems. Cause unkn...

Panera Bread, the popular US food chain, has been struggling with a significant, nationwide IT outage since Saturday. Initial reports pointed to disruptions within point-of-sale (POS) systems, customer service channels, online ordering platforms, and even internal employee systems. Panera Bread has acknowledged the outage but the cause remains unconfirmed, fueling speculation of a potential cyberattack. ## Impact on Panera Bread Operations The severity of this outage is significant. While Panera Bread locations have remained open physically, the outage has rendered them "cash-only." This causes substantial inconvenience for customers. Further, loyalty program members are unable to redeem rewards points due to system inaccessibility. Employee scheduling and crucial internal management systems are also offline, creating additional challenges for the company's operations. Panera Bread's website and mobile app have been unavailable since the outage began, adding to the disruption. ## Official Response and Speculation Panera Bread has issued brief statements on social media expressing apologies and promising to work towards a solution. However, the lack of a detailed explanation regarding the root cause is concerning. The company's customer service phone lines are also down. The timing of the outage, occurring over a weekend when IT staffing might be reduced, raises the possibility of a cyberattack. Hackers often target organizations during off-hours to maximize the impact of their attacks.

loading..   27-Mar-2024
loading..   2 min read
loading..

Zero Day

Firefox

Critical Firefox Zero-Day Bugs Patched After Attacks! Update Now...

Mozilla recently addressed two critical zero-day vulnerabilities discovered during the Pwn2Own Vancouver 2024 hacking competition. These vulnerabilities, exploited by Manfred Paul, underscore the ongoing challenges in securing web browsers against sophisticated attacks. This analysis delves into the technical details of the vulnerabilities, their exploitation, and the implications for cybersecurity. ### Vulnerabilities Mozilla patched two zero-day vulnerabilities: 1. **Out-of-Bounds Write Flaw [CVE-2024-29944](https://www.mozilla.org/en-US/security/advisories/mfsa2024-15/#CVE-2024-29944):** - Exploited by Manfred Paul, this flaw allowed remote code execution by leveraging an out-of-bounds write vulnerability. - Enabled escape from Firefox's sandbox via an exposed dangerous function weakness. 2. **Range-Based Bounds Check Elimination [CVE-2024-29943](https://www.mozilla.org/en-US/security/advisories/mfsa2024-15/#CVE-2024-29943):** - Allows attackers to access a JavaScript object out-of-bounds, exploiting range-based bounds check elimination. - Facilitated out-of-bounds read or write on a JavaScript object, enabling arbitrary code execution. ### Exploitation and Impact Manfred Paul demonstrated the severity of these vulnerabilities during the [Pwn2Own](https://www.secureblink.com/cyber-security-news/tesla-vulnerabilities-exposed-722-500-rewarded-at-pwn2-own-2024) competition. By leveraging privileged JavaScript execution and range-based bounds check elimination, he gained remote code execution capabilities and bypassed Firefox's sandbox. The implications are profound, as unpatched browsers are susceptible to remote attacks, jeopardizing user privacy and system security. ## Security Patching Process Mozilla promptly released [Firefox](https://www.secureblink.com/cyber-security-news/mozilla-addresses-two-critical-zero-day-vulnerability-in-the-latest-release-of-firefox-versions) versions 124.0.1 and Firefox ESR 115.9.1 to address the vulnerabilities. However, the swift response contrasts with the typical 90-day window vendors have to patch vulnerabilities after their disclosure in Pwn2Own. This accelerated patching demonstrates the severity of the exploits and [Mozilla's](https://www.mozilla.org/en-US/security/advisories/mfsa2024-15/#CVE-2024-29943) commitment to user security. ### Post-Pwn2Own Considerations The Pwn2Own competition highlights the ongoing arms race between hackers and security vendors. Vendors face immense pressure to quickly patch vulnerabilities to mitigate the risk of exploitation. Manfred Paul's success underscores the need for proactive security measures and ongoing vigilance in the face of evolving threats.

loading..   23-Mar-2024
loading..   2 min read
loading..

WordPress

Sign1

Sign1 malware infects WordPress sites via custom plugins, redirects visitors to ...

The Sign1 malware campaign has wreaked havoc on over 39,000 websites in the last six months, injecting malicious scripts that lead to unwanted redirects and pop-up ads. Sucuri, a website security firm, managed to disclose this malicious campaign after a client reported mysterious popup ads on their website. ## Modus Operandi Sign1 infiltrates websites through a combination of brute force attacks and exploiting plugin vulnerabilities on WordPress sites. Once access is gained, the attackers inject the malware using WordPress custom HTML widgets or the [Simple Custom CSS and JS plugin](https://wordpress.org/plugins/custom-css-js/). ## Locating the Source Traditional file-system scans proved ineffective, highlighting the importance of continuous monitoring. However, the server-side scanning service detected malicious changes hidden within innocuous plugins, emphasizing the need for vigilant security measures. ## Sign1 Campaign History The Sign1 campaign, identified by its unique base64-encoded parameter, has infected over 39,000 sites in the past six months alone. Tracking its evolution, we observed shifting tactics, from domain obfuscation to dynamic URL generation, underscoring the adaptability of cybercriminals. ## Sophisticated Techniques The malware employs time-based randomization to generate dynamic URLs, changing every 10 minutes to avoid detection. These URLs fetch further malicious scripts to execute in visitors' browsers. Initially hosted on Namecheap, the attackers have now shifted to HETZNER for hosting and Cloudflare for IP address obfuscation. ![injection.png](https://sb-cms.s3.ap-south-1.amazonaws.com/injection_3b4a7c5dac.png) ***Simple Custom CSS and JS plugin infected with Sign1*** ## Evolving Tactics Sign1 continuously evolves, making detection challenging. It features XOR encoding and obscure variable names to evade security tools. The code selectively executes based on referrers and cookies, targeting visitors from major sites like Google, Facebook, Yahoo, and Instagram. It redirects visitors to scam sites, exploiting fake captchas to deliver unwanted advertisements. ## Persistent Threat Despite efforts to mitigate its impact, Sign1 persists. In the past six months, Sucuri [detected](https://blog.sucuri.net/2024/03/sign1-malware-analysis-campaign-history-indicators-of-compromise.html) it on over 39,000 websites, with 2,500 sites falling victim to the latest wave since January 2024. The campaign's adaptability poses a significant challenge to website owners and security professionals alike. ![daily-downloads.png](https://sb-cms.s3.ap-south-1.amazonaws.com/daily_downloads_65db935503.png) ***Daily downloads*** ## Mitigation Strategies To safeguard against Sign1 and similar threats, website owners should prioritize security audits. This includes using strong, lengthy passwords for administrators, keeping plugins updated, and removing unnecessary add-ons that could serve as potential attack vectors.

loading..   23-Mar-2024
loading..   3 min read