company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Bulk IP/Domain Lookup

Threatspy

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO/CTO

DevOps Engineer

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

Malware

Dark Web

loading..
loading..
loading..

MS Word Doc leveraged as infection vector to spread Escanor malware

Escanor, a new Remote Administration Tool (RAT) was recently discovered by researchers. It was advertised on the Dark Web and Telegram…

22-Aug-2022
3 min read

Related Articles

loading..

Zero Day

RCE

PanOS

Zero-Day Attack Hits Palo Alto Firewalls! Palo Alto Networks PAN-OS Vulnerabilit...

Recently, Palo Alto Networks encountered a severe security breach in PAN-OS firewalls, marked by a zero-day vulnerability labeled [CVE-2024-3400](https://nvd.nist.gov/vuln/detail/CVE-2024-3400). The breach, observed since March 26th, targeted PAN-OS 10.2, 11.0, and 11.1 firewalls with active device telemetry and GlobalProtect features. #### Vulnerability Overview This critical vulnerability permits unauthenticated remote code execution, posing a significant threat as [warned](https://security.paloaltonetworks.com/CVE-2024-3400) by the company earlier. Attackers exploit this flaw through command injection, bypassing user interaction requirements in attacks of low complexity. [Palo Alto Networks](https://www.secureblink.com/cyber-security-news/palo-alto-networks-firewall-vulnerability-exploited-in-the-wild-cisa) issued warnings of active exploitation, highlighting the severity of the threat. ![Volexity-Blog-CVE-20214-3400-timeline-2.png](https://sb-cms.s3.ap-south-1.amazonaws.com/Volexity_Blog_CVE_20214_3400_timeline_2_7c881e9ad3.png) ***TIMELINE (Volexity)*** #### Patch Deployment Acknowledging the gravity of the situation, Palo Alto Networks swiftly responded with hotfix releases for affected PAN-OS versions, including PAN-OS 10.2.9-h1, 11.0.4-h1, and 11.1.2-h3. Additional hotfixes are anticipated for subsequent versions. #### Mitigation Strategies While awaiting patch deployment, administrators are advised to disable device telemetry on vulnerable devices. Furthermore, subscribers to the 'Threat Prevention' service can mitigate risks by activating 'Threat ID 95187' to block ongoing attacks. #### Exploitation and Impact Security firm Volexity [confirmed](https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/) active exploitation of the vulnerability, attributing the attacks to threat actor UTA0218. These attacks involved backdooring PAN-OS devices using the Upstyle malware, resulting in network breaches and data exfiltration. The sophisticated nature of the attacks suggests possible state-sponsored involvement. #### Scale of Vulnerability Alarming reports reveal over 82,000 PAN-OS devices exposed online, with approximately 40% located in the United States. This widespread exposure underscores the urgency for immediate action to mitigate risks. #### Government Response The severity of the CVE-2024-3400 vulnerability prompted the Cybersecurity and Infrastructure Security Agency (CISA) to include it in its Known Exploited Vulnerabilities catalog. Federal agencies are mandated to implement mitigation measures or disable telemetry functions by April 19th to safeguard their systems.

loading..   15-Apr-2024
loading..   2 min read
loading..

Heritage Foundation

Cyberattack

Heritage Foundation, a conservative think tank, hit by a cyberattack. Details ar...

A recent cyberattack on the Heritage Foundation, a prominent conservative think tank in Washington D.C., serves as a stark reminder that no organization is immune to cyber threats. While the details of the attack are still emerging, it highlights the ever-evolving landscape of cybersecurity and the importance of robust defenses for organizations of all sizes and sectors. #### Understanding the Threat Landscape Think tanks, by their very nature, are attractive targets for cyberattacks. They often house sensitive data, intellectual property, and confidential communications. Additionally, their influence on policy and public discourse makes them prime targets for those seeking to disrupt or manipulate the political process. #### What We Know About the Attack Details about the attack are scarce at this point. The Heritage Foundation has not commented on the incident, and it is not yet known what data, if any, was stolen. However, some key facts can be gleaned from the available information: - The attack occurred earlier this week, prompting the Heritage Foundation to shut down its network to prevent further malicious activity. - While there is no concrete evidence, a Heritage official is quoted as saying that the attack likely originated from nation-state hackers. - Think tanks are attractive targets for cyberattacks due to their influence on policy making and connections to government officials. In 2015, The Heritage Foundation was hit by a previous cyberattack that resulted in the theft of internal emails and donor information. #### Why Think Tanks Are Vulnerable Think tanks are prime targets for cyberattacks for several reasons: - **Access to Sensitive Information:** Think tanks often house sensitive data such as policy research, internal communications, and donor information. - **Influence on Policy:** Their work can shape government policy and legislation, making them valuable targets for those seeking to influence political agendas. - **Potential for Disruption:** A successful cyberattack could disrupt a think tank's operations and hinder its ability to conduct research or communicate its findings. #### Possible Reasons for this CYBERATTACK - **Previous Compromise:** According to a few reports, it mentions a 2015 attack where "hackers stole internal emails and the personal information of its donors." A history of successful breaches hints at potential lingering weaknesses within Heritage's defenses. - **Evolving Attack Techniques:** Hackers continuously refine their methods. Security strategies that protected against the 2015 attack may not be enough to counter today's sophisticated threats. This suggests that cyberattack methodologies are constantly evolving, requiring continuous adaptation. - **Insufficient Response or Updates:** While it's impossible to speculate with certainty, the Heritage Foundation may have failed to implement the necessary security upgrades or comprehensive changes after the 2015 breach. This lack of action could leave them susceptible to similar or more advanced attack techniques. - **Unknown Vulnerabilities:** The current attack could be exploiting an entirely new vulnerability. Software, hardware, and even human behavior can have undetected weaknesses that attackers can leverage. #### Potential Causes of Vulnerability There could be a number of reasons why the Heritage Foundation might have been vulnerable to a cyberattack: - Many organizations, including think tanks, rely on legacy IT systems that may not have the latest security patches or configurations. These outdated systems can be exploited by attackers. - Social engineering attacks, which trick employees into clicking on malicious links or divulging sensitive information, are a common tactic used by cybercriminals. Even a single employee mistake can provide attackers with a foothold in a network. - Cybercriminals are constantly developing new and sophisticated attack methods. Organizations need to stay up-to-date on the latest threats and implement appropriate defenses. #### Takeaway While we can't pinpoint the exact reason for Heritage's vulnerability with certainty, this incident reinforces these cybersecurity truths: - **No one is immune:** Even organizations with resources and a focus on security face risks. - **Adaptability is key:** Cybersecurity is an ongoing battle, not a one-time solution. - **Past Attacks are Warnings:** Vulnerabilities exposed in the past demand diligent patching and continuous security reexamination.

loading..   13-Apr-2024
loading..   4 min read
loading..

Credential Stuffing

Roku

Hundreds of Thousands of Roku Accounts Hacked! Hackers breached Roku accounts vi...

In light of recent incidents impacting user accounts, Roku, a leading streaming platform, has undertaken a comprehensive investigation and mitigation strategy to address security concerns. The following [Threatfeed](https://www.secureblink.com/cyber-security-news) meticulously dissects the events, response measures, and recommendations provided by Roku to fortify user security. #### Incident Overview Earlier this year, Roku [detected](https://www.roku.com/blog/protecting-your-roku-account), unauthorized access to approximately [15,000 user accounts](https://www.secureblink.com/cyber-security-news/15-000-roku-accounts-hacked-and-sold-for-0-50), followed by a subsequent breach affecting an additional 576,000 accounts. The breaches stemmed from credential stuffing attacks, where attackers utilized stolen login credentials from unrelated sources to gain unauthorized access. #### Attack Methodology Credential stuffing exploits the practice of users reusing login credentials across multiple platforms. Attackers leverage automated tools to execute millions of login attempts using stolen username/password pairs, targeting accounts with reused credentials. #### Impact Assessment In less than 400 instances, malicious actors made unauthorized purchases of streaming service subscriptions and Roku hardware products using compromised accounts. However, no sensitive information, such as full credit card numbers, was accessed. #### Technical Insights Threat actors employ automated tools like Open Bullet 2 or SilverBullet to execute credential stuffing attacks. These tools enable mass login attempts, posing a significant threat to accounts with reused credentials. #### Future Preparedness Roku continues to enhance security measures, including ongoing monitoring of account activity and implementing controls to detect and deter credential stuffing attacks. #### Response Measures 1. **Password Resets and Notifications**: Roku reset passwords for affected accounts and directly notified impacted customers about the incidents. 2. **Refunds and Reversals**: Refunds were issued for unauthorized purchases made on compromised accounts. 3. **Two-Factor Authentication (2FA)**: As a proactive measure, 2FA was enabled by default for all Roku accounts, regardless of impact status. #### Mitigation Strategies: 1. **2FA Implementation**: Users are encouraged to activate 2FA to add an extra layer of security to their accounts. 2. **Strong Password Practices**: Roku advises users to create unique, strong passwords containing a mix of characters to deter unauthorized access. 3. **Vigilance and Awareness**: Users are urged to remain vigilant against suspicious communications and to regularly review account activity for any anomalies.

loading..   12-Apr-2024
loading..   2 min read
Company Logo
logo

Secure Blink automates the application and API security testing for developers and security teams, helping them to rapidly identify and mitigate vulnerabilities more effectively than they can today.

Find Us Online

Facebook Logo
Twitter Logo
LinkedIn Logo
Telegram Logo
YouTube Logo
contact@secureblink.com

This website uses cookies to ensure you get the best experience on our website. By continuing on our website, you consent to our use of cookies. To find out more about how we use cookies, please see our Cookies Policy.

contact@secureblink.com

@ Copyright 2024 Secure Blink. All rights reserved.

4th Floor, Plot No- 7-10 Sector 126, Noida, UP -201303