AUCloud Cyber Security Threat Intel Alert 18-Apr-24

The latest weekly report is out and in the AUCloud Cyber Threat Intelligence Report we reveal:

  • Cisco Duo warns third-party data breach exposed SMS MFA logs: Threat actors have gained access to its vendor systems and obtained customer VoIP and SMS logs for multifactor authentication (MFA) messages.

  • Iranian MuddyWater hackers adopt new C2 Tool ‘DarkBeatC2’ in latest campaign: A threat actor group believed to be closely aligned and part of Iran’s Ministry of Intelligence and Security (MOIS), has been attributed to a new command-and-control (C2) infrastructure called DarkBeatC2. Also termed TA450, it has been known to orchestrate spear-phishing attacks that lead to the deployment of various legitimate Remote Monitoring and Management (RMM) solutions on compromised systems.

  • Roku cyberattack exposes 576,000 user accounts to credential stuffing attack: The popular streaming service, has revealed that 576,000 user accounts were affected by a cyberattack discovered during an investigation into a previous data breach. Threat actors employed “credential stuffing” techniques to steal login credentials, including usernames and passwords.

  • Palo Alto Networks zero-day opens door to firewall backdoors: A critical vulnerability has been discovered in Palo Alto Networks PAN-OS software, allowing unauthenticated attackers to execute arbitrary code with root privileges on affected firewalls.

  • PuTTY SSH client vulnerability exposes cryptographic private keys: A critical vulnerability has been uncovered in various versions of PuTTY, a widely-used open-source terminal emulator and SSH client. This flaw poses a significant risk, potentially enabling attackers with access to a limited number of cryptographic signatures to recover private keys used in SSH authentication.

Access to the full report and automatically subscribe for future editions.

Get it for free now!