company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO/CTO

DevOps Engineer

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

Vulnerability

Honda

loading..
loading..
loading..

Newer models of Honda cars vulnerable to Rolling-PWN attacks

Honda cars with newer models can be unlocked remotely from outside, leveraging Rolling-PWN attacks…

12-Jul-2022
4 min read

Related Articles

loading..

FlightNight

GoStealer

India targeted in a cyberespionage campaign involving phishing emails & Slack to...

Beginning March 7th, 2024, an alarming report details a recent cyber espionage campaign targeting delicate sectors of the Indian economy, specifically its defense and energy industries. This large-scale attack, dubbed Operation FlightNight, highlights the evolving tactics employed by malicious actors to infiltrate critical infrastructure and compromise sensitive information. Discovered by EclecticIQ analysts this intrusion leverages a modified version of the [HackBrowserData](https://github.com/moonD4rk/HackBrowserData) information stealer delivered via phishing emails. ### **Attack Methodology** The [campaign](https://blog.eclecticiq.com/operation-flightnight-indian-government-entities-and-energy-sector-targeted-by-cyber-espionage-campaign) relied on a combination of phishing emails and malware to achieve its objectives. Phishing emails, meticulously crafted to appear legitimate, were likely sent to unsuspecting employees within the targeted organizations. These emails may have posed as official communications from trusted sources or presented enticing offers. Once a recipient clicked on a malicious link or attachment within the email, malware would be deployed on their device. ![b34b3986-3854-4ab4-a553-1d3be9eedfa2.png](https://sb-cms.s3.ap-south-1.amazonaws.com/b34b3986_3854_4ab4_a553_1d3be9eedfa2_a8727acebd.png) ***Attack Chain*** Utilizing a decoy PDF disguised as an Indian Air Force invitation, the attackers employed ISO files containing malware executables. While it shares similarities with a Go-based stealer called GoStealer. This similarity lies in the infection sequence. Upon execution, the malware, disguised as harmless PDF icons, activated hidden payloads, exfiltrating data to Slack channels under the attackers' control. Both campaigns employ social engineering tactics to lure victims. Operation FlightNight uses phishing emails likely disguised as legitimate communications, while [GoStealer](https://xelemental.github.io/Golang-based-credential-stealer-targets-Indian-Airforce-Officials/) utilizes procurement-themed lures such as "SU-30 Aircraft Procurement.iso". Once a victim clicks on the malicious link or attachment, a decoy file is displayed to distract them, while the malware operates in the background, stealing information of interest. In Operation FlightNight's case, the stolen information is exfiltrated through Slack channels. ### **Targets and Data Exfiltration:** Government agencies overseeing electronic communications, IT governance, and national defense, alongside private energy companies, were targeted. The stolen data, including financial documents and employee details, was exfiltrated to Slack channels, totaling 8.81 GB, raising concerns of potential infrastructure breaches. ### **HackBrowserData: The Malware Behind the Attack** The malware, leveraging in Operation FlightNight has been identified as a modified version of modified versions of open-source known information stealer called HackBrowserData as already mentioned, exploited vulnerabilities in web browsers to steal credentials and data. This malware is specifically designed to target web browsing data, potentially including login credentials, browsing history, and other sensitive information stored within web browsers. Code similarities between the original tool and the modified variant indicate a sophisticated level of customization for covert operations. ### Slack: A Clandestine Exfiltration Channel A particularly concerning aspect of this operation is the involvement of Slack communication platforms for exfiltrating stolen data. The attackers chose slack, a popular collaboration tool widely used in legitimate business settings, likely to mask their malicious activity. By blending their traffic with regular communication within the targeted organizations, the attackers aimed to evade detection. ### **Detection and Mitigation Strategies:** Organizations can disable web browser features like password caching and auto-completion, implement two-factor authentication, and monitor for ISO mounting events and LNK file executions. Behavioral anomaly detection and network traffic monitoring can aid in identifying and mitigating similar threats. ### **Open-Source Offensive Tools** The attackers' utilization of open-source tools underscores the evolving landscape of cyber threats. By modifying existing tools and leveraging platforms like Slack for data exfiltration, as already mentioned the attackers reduce detection risks while maximizing operational efficiency. ### **Infrastructure Analysis** Analysis of the attackers' infrastructure, including Slack channels and authentication tokens, provides insights into their operational tactics. Tools like SlackPirate enable researchers to gather valuable intelligence on threat actors' communication channels and tactics. ### Stolen Data and Potential Consequences The stolen data in this cyber espionage campaign could encompass a wide range of sensitive information, including: Financial documents Personal details of employees Critical details about drilling activities in oil and gas This information could be exploited for various malicious purposes, such as: Financial gain through fraud or identity theft Disruption of critical operations within the defense and energy sectors Espionage and intelligence gathering

loading..   28-Mar-2024
loading..   4 min read
loading..

Outage

Panera Bread outage disrupts ordering, rewards, and internal systems. Cause unkn...

Panera Bread, the popular US food chain, has been struggling with a significant, nationwide IT outage since Saturday. Initial reports pointed to disruptions within point-of-sale (POS) systems, customer service channels, online ordering platforms, and even internal employee systems. Panera Bread has acknowledged the outage but the cause remains unconfirmed, fueling speculation of a potential cyberattack. ## Impact on Panera Bread Operations The severity of this outage is significant. While Panera Bread locations have remained open physically, the outage has rendered them "cash-only." This causes substantial inconvenience for customers. Further, loyalty program members are unable to redeem rewards points due to system inaccessibility. Employee scheduling and crucial internal management systems are also offline, creating additional challenges for the company's operations. Panera Bread's website and mobile app have been unavailable since the outage began, adding to the disruption. ## Official Response and Speculation Panera Bread has issued brief statements on social media expressing apologies and promising to work towards a solution. However, the lack of a detailed explanation regarding the root cause is concerning. The company's customer service phone lines are also down. The timing of the outage, occurring over a weekend when IT staffing might be reduced, raises the possibility of a cyberattack. Hackers often target organizations during off-hours to maximize the impact of their attacks.

loading..   27-Mar-2024
loading..   2 min read
loading..

Zero Day

Firefox

Critical Firefox Zero-Day Bugs Patched After Attacks! Update Now...

Mozilla recently addressed two critical zero-day vulnerabilities discovered during the Pwn2Own Vancouver 2024 hacking competition. These vulnerabilities, exploited by Manfred Paul, underscore the ongoing challenges in securing web browsers against sophisticated attacks. This analysis delves into the technical details of the vulnerabilities, their exploitation, and the implications for cybersecurity. ### Vulnerabilities Mozilla patched two zero-day vulnerabilities: 1. **Out-of-Bounds Write Flaw [CVE-2024-29944](https://www.mozilla.org/en-US/security/advisories/mfsa2024-15/#CVE-2024-29944):** - Exploited by Manfred Paul, this flaw allowed remote code execution by leveraging an out-of-bounds write vulnerability. - Enabled escape from Firefox's sandbox via an exposed dangerous function weakness. 2. **Range-Based Bounds Check Elimination [CVE-2024-29943](https://www.mozilla.org/en-US/security/advisories/mfsa2024-15/#CVE-2024-29943):** - Allows attackers to access a JavaScript object out-of-bounds, exploiting range-based bounds check elimination. - Facilitated out-of-bounds read or write on a JavaScript object, enabling arbitrary code execution. ### Exploitation and Impact Manfred Paul demonstrated the severity of these vulnerabilities during the [Pwn2Own](https://www.secureblink.com/cyber-security-news/tesla-vulnerabilities-exposed-722-500-rewarded-at-pwn2-own-2024) competition. By leveraging privileged JavaScript execution and range-based bounds check elimination, he gained remote code execution capabilities and bypassed Firefox's sandbox. The implications are profound, as unpatched browsers are susceptible to remote attacks, jeopardizing user privacy and system security. ## Security Patching Process Mozilla promptly released [Firefox](https://www.secureblink.com/cyber-security-news/mozilla-addresses-two-critical-zero-day-vulnerability-in-the-latest-release-of-firefox-versions) versions 124.0.1 and Firefox ESR 115.9.1 to address the vulnerabilities. However, the swift response contrasts with the typical 90-day window vendors have to patch vulnerabilities after their disclosure in Pwn2Own. This accelerated patching demonstrates the severity of the exploits and [Mozilla's](https://www.mozilla.org/en-US/security/advisories/mfsa2024-15/#CVE-2024-29943) commitment to user security. ### Post-Pwn2Own Considerations The Pwn2Own competition highlights the ongoing arms race between hackers and security vendors. Vendors face immense pressure to quickly patch vulnerabilities to mitigate the risk of exploitation. Manfred Paul's success underscores the need for proactive security measures and ongoing vigilance in the face of evolving threats.

loading..   23-Mar-2024
loading..   2 min read