Welcome to the Threat Context Monthly blog series where we provide a comprehensive roundup of the most relevant cybersecurity news and threat information from KrakenLabs, Outpost24’s cyber threat intelligence team. Here’s what you need to know from November.

A phishing campaign is impersonating HR to target employees who are making annual insurance changes during the open enrollment period, according to researchers at Abnormal Security. The attackers are using legitimate notifications from Dropbox to send phishing messages, asking recipients to view a document on Dropbox regarding annual salary increases and open enrollment elections.

The threat group FIN7 is using the lure of generating nude images of favorite celebrities to get victims to download their NetSupport RAT. In any social engineering scam, there’s always the need to create some sense of urgency to act in order to make the potential victim take an action that enables the attack. In the case of a new attack by threat group FIN7, the urgency appears to be the desire to see deepfake nude images.

Welcome to Corelight Labs' latest hunt! This blog continues our tradition of analyzing trending threat groups and TTPs on Any.Run and writing detectors for them, providing the community with open-source threat intelligence, and acting as a tutorial in engineering threat detections with Zeek Script.

The e-commerce world was recently shaken by the discovery of a vulnerability in Adobe Commerce and Magento, two of the most widely used e-commerce platforms. Dubbed "CosmicSting" and designated as CVE-2024-34102, this vulnerability exposes millions of online stores to potential remote code execution and data exfiltration risks.

Command injection is a vulnerability still very prevalent in web applications despite being less famous than its cousins SQL injection or Code injection. If you’re familiar with other injection vulnerabilities, you’ll recognize the common principle: untrusted user input is not properly validated, leading to the execution of arbitrary system commands. This flaw occurs when unvalidated input is passed to system-level functions. So how prominent is command injection actually?

Cyber threats are at an all-time high because the digital world is rapidly changing so quickly. Every day, new vulnerabilities are found in security systems. Attacks threaten businesses of all sizes by stealing data, disrupting operations, and damaging reputations. It has become clear that Vulnerability Management as a Service (VMaaS) is the best way for companies to protect their digital assets without having to manage security systems themselves.

As organizations have transitioned from legacy IT infrastructure to cloud-native, ephemeral modern infrastructure, the needs of how privileged access is handled have shifted, too. Modern infrastructure presents unique challenges that legacy Privileged Access Management (PAM) tools, originally architected for more static environments, weren’t designed to handle. In this post, we explore why characteristics of modern infrastructure require a modern approach to PAM.

The holiday season brings joy, festivities, and amazing deals – but it also attracts cybercriminals looking to take advantage of eager shoppers. Here’s how to protect yourself while hunting for the perfect gifts.

Transport Layer Security (TLS) is a cryptographic protocol designed to provide secure communication between web browsers and servers. Many IP-based protocols such as HTTPS, SMTP, POP3, and FTP support TLS. Secure Sockets Layer (SSL), on the other hand, is a protocol used to establish an encrypted link between web browsers and servers. It uses symmetric cryptography to encrypt the data transmitted. Encryption keys are based on shared secret negotiation at the beginning of any communication session.