The latest weekly report is out and in the AUCloud Cyber Threat Intelligence Report we reveal:
Cisco Duo warns third-party data breach exposed SMS MFA logs: Threat actors have gained access to its vendor systems and obtained customer VoIP and SMS logs for multifactor authentication (MFA) messages.
Iranian MuddyWater hackers adopt new C2 Tool ‘DarkBeatC2’ in latest campaign: A threat actor group believed to be closely aligned and part of Iran’s Ministry of Intelligence and Security (MOIS), has been attributed to a new command-and-control (C2) infrastructure called DarkBeatC2. Also termed TA450, it has been known to orchestrate spear-phishing attacks that lead to the deployment of various legitimate Remote Monitoring and Management (RMM) solutions on compromised systems.
Roku cyberattack exposes 576,000 user accounts to credential stuffing attack: The popular streaming service, has revealed that 576,000 user accounts were affected by a cyberattack discovered during an investigation into a previous data breach. Threat actors employed “credential stuffing” techniques to steal login credentials, including usernames and passwords.
Palo Alto Networks zero-day opens door to firewall backdoors: A critical vulnerability has been discovered in Palo Alto Networks PAN-OS software, allowing unauthenticated attackers to execute arbitrary code with root privileges on affected firewalls.
PuTTY SSH client vulnerability exposes cryptographic private keys: A critical vulnerability has been uncovered in various versions of PuTTY, a widely-used open-source terminal emulator and SSH client. This flaw poses a significant risk, potentially enabling attackers with access to a limited number of cryptographic signatures to recover private keys used in SSH authentication.
Access to the full report and automatically subscribe for future editions.
