Aggregator

Infoblox reveals Hazy Hawk, a new threat exploiting abandoned cloud resources (S3, Azure) and DNS gaps since Dec…

Learn about the differences between security scanning and runtime protection in application security testing. Explore tools and tech.

The post Application Security Testing: Security Scanning and Runtime Protection Tools appeared first on Security Boulevard.

Acquisition Enhances Privileged Session Visibility, Session Replay, Granular Access
JumpCloud’s acquisition of VaultOne enhances its ability to offer secure, auditable privileged access management. With session recording, credential isolation and future integration into JumpCloud’s compliance ecosystem, the move reflects a broader identity and access strategy.

Cybersecurity researchers have uncovered a sophisticated malware campaign orchestrated by the notorious Kimsuky Advanced Persistent Threat (APT) group, deploying intricately crafted PowerShell payloads to deliver the XWorm Remote Access Trojan (RAT). This operation showcases the group’s advanced tactics, leveraging encoded scripts and multi-stage attack chains to infiltrate systems, bypass traditional security mechanisms, and establish covert […]

The post Kimsuky APT Group Deploys PowerShell Payloads to Deliver XWorm RAT appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

An unknown threat actor has been attributed to creating several malicious Chrome Browser extensions since February 2024 that masquerade as seemingly benign utilities but incorporate covert functionality to exfiltrate data, receive commands, and execute arbitrary code. "The actor creates websites that masquerade as legitimate services, productivity tools, ad and media creation or analysis

Since December 2023, the threat group has preyed on domains belonging to the US Centers for Disease Control and Prevention (CDC) and numerous other reputable organizations worldwide to redirect users to malicious sites.

Author/Presenter: Cybelle Olivera, Mauro Eldritch

Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel.

Permalink

The post BSidesLV24 – GroundFloor – The B-Side That No One Sees: The Ransomware That Never Reached Mainstream Popularity appeared first on Security Boulevard.

Continuing on API client security, we cover more sandbox bypasses, this time in Bruno and Hoppscotch, as well as JavaScript sandboxing best practices.

The post Scripting Outside the Box: API Client Security Risks (2/2) appeared first on Security Boulevard.

A data breach at Nationwide Recovery Services compromised data of 200,000 Harbin Clinic patients

Discover the comprehensive roadmap for B2B SaaS companies to achieve enterprise readiness. Learn essential infrastructure requirements, compliance frameworks, enterprise features, and go-to-market strategies from a serial founder who scaled through product-led growth.

The post The Enterprise Readiness Playbook: Transform Your B2B SaaS from Startup to Enterprise-Grade appeared first on Security Boulevard.

By Kevin Hanes, CEO of Reveal Security A few weeks ago, I shared a thought that sparked a lot of discussion: SaaS is not a black box we can ignore. It’s a rich, dynamic attack surface – and one that attackers are increasingly targeting. That urgency was echoed powerfully in JPMorgan CISO Patrick Opet’s open letter to SaaS vendors. That letter stuck with me. It was direct, overdue, and – perhaps most importantly – public. So I want to return to this topic, because we’re still not talking about it enough. And we need to. SaaS Is the New Enterprise Perimeter We’ve long known our software supply chains carry risk. But something has shifted. SaaS apps – from email to collaboration platforms to CRM tools – have become deeply embedded in enterprise workflows. They’re where your customers are served, where your data lives, where your employees and contractors operate every day. That also makes them fertile ground for adversaries. We’ve seen this in many high-profile breaches: where the damage happened not on the network but in a third-party SaaS app. These are scenarios where the attacker has credentials — maybe stolen, maybe exploited — and proceeds to move laterally, conduct recon, and then manipulate workflows or exfiltrate data. The threat is real and it’s growing. We’ve seen reports in the last couple of weeks on this pattern described as an ‘insider threat’. Among these are the North Korean IT workers hacks into U.S. companies using stolen identities and the attack against Coinbase, in which threat actors recruited and bribed support agents to steal customer data from the company’s customer support systems. No One Gets to Hide Behind the Shared Responsibility Model Anymore Patrick Opet emphasized the need for a shift in how we approach SaaS security: “Software providers must prioritize security over rushing features. Comprehensive security should be built in or enabled by default.” “We must modernize security architecture to optimize SaaS integration and minimize risk.” This hits a nerve. The shared responsibility model — especially in SaaS — has too often become a shield vendors use to deflect accountability. But the reality is: shared responsibility can’t mean shared blindness. Let me be clear: it’s not just about the provider. It’s about how we as defenders secure access and then monitor what happens after authentication. SaaS providers rarely give you the telemetry to know when something unusual is happening inside your tenant. Traditional SIEM and endpoint tools don’t cut it here. And many organizations have no visibility at all into how identities are behaving across their ecosystem (dare I say “network”?) of SaaS applications. That’s exactly the blind spot attackers are counting on. So What Do We Do About It? We start by acknowledging the risk. SaaS isn’t “someone else’s problem.” It’s part of your infrastructure — and it deserves the same rigor as anything behind your firewall. Mandiant also stresses the importance of this in a recent investigations report noting the rise of adversaries targeting SaaS applications: “SaaS applications pose an interesting dilemma for organizations as there is a gray area of where and who should conduct monitoring to identify issues. For the applications where proprietary or guarded information exists, Mandiant recommends that an organization ensures they have a robust logging capability that their security teams can review for signs of malicious intent.” Second, we push for better from our vendors. I applaud Pat’s leadership in doing that. It takes courage to challenge an ecosystem that’s historically under-incentivized to prioritize enterprise-grade security. Finally, we invest in visibility, detection and response capabilities purpose-built for SaaS. That’s what we’re doing at Reveal Security: helping enterprises detect abnormal and malicious identity behavior inside and across cloud and SaaS applications — not through static rules or anomaly scores, but by understanding the typical behavior of each identity and flagging deviations that matter. We do this for all workforce identities — human, non-human, AI, or bot. Because let’s face it: adversaries don’t care about the shared responsibility model. They care about taking what’s yours. And if you don’t know what’s happening inside your apps, they already have the upper hand. Let’s keep this conversation going — openly, urgently, and with the shared understanding that cloud and SaaS security is enterprise security. The more we treat it that way, the better prepared we’ll be. – Kevin

The post Let’s Talk About SaaS Risk – Again… This Time, Louder. appeared first on RevealSecurity.

The post Let’s Talk About SaaS Risk – Again… This Time, Louder. appeared first on Security Boulevard.

The More_Eggs malware, operated by the financially motivated Venom Spider group (also known as Golden Chickens), continues to exploit human trust through meticulously crafted social engineering. Sold as a Malware-as-a-Service (MaaS) to notorious threat actors like FIN6 and Cobalt Group, this potent JavaScript backdoor primarily targets human resources (HR) departments by masquerading as job application […]

The post More_Eggs Malware Uses Job Application Emails to Distribute Malicious Payloads appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The official website for the RVTools VMware management tool was taken offline in what appears to be a supply chain attack that distributed a trojanized installer to drop the Bumblebee malware loader on users' machines. [...]