Welcome to Corelight Labs' latest hunt! This blog continues our tradition of analyzing trending threat groups and TTPs on Any.Run and writing detectors for them, providing the community with open-source threat intelligence, and acting as a tutorial in engineering threat detections with Zeek Script.

In the high-stakes world of cybersecurity, organizations must ensure that their teams not only protect the organization but also stay motivated and productive. One of the most insidious threats to achieving this goal is alert fatigue. When analysts are bombarded with thousands of security alerts daily, they risk becoming overwhelmed and disillusioned in their roles.

On November 18, 2024, Palo Alto Networks disclosed the existence of two vulnerabilities (CVE-2024-0012 and CVE-2024-9474) in Palo Alto Networks OS (PAN-OS), the operating system used on their firewall devices. A day later, watchTowr released a report providing technical details on how to chain the two vulnerabilities together to achieve remote code execution of these vulnerabilities.

Trend Micro’s recent report on the Water Barghest threat actor underlines a critical issue that has long plagued the IoT ecosystem: the security shortcomings inherent in many connected devices. With over 20,000 IoT devices compromised and exploited as residential proxies within minutes, this story highlights the growing risks posed by insecure IoT devices and the urgent need for proactive security measures.

While most security professionals recognize the value of penetration testing, they too often conduct pen tests only sporadically – maybe quarterly at best. Pen Testing as a Service (PTaaS) is a way to change that equation, enabling companies to conduct pen tests more regularly, or whenever a particular need arises. That’s important because of the crucial role pen testing plays in providing offensive security –finding problems before bad actors do.

The holiday season brings joy, festivities, and amazing deals – but it also attracts cybercriminals looking to take advantage of eager shoppers. Here’s how to protect yourself while hunting for the perfect gifts.

Transport Layer Security (TLS) is a cryptographic protocol designed to provide secure communication between web browsers and servers. Many IP-based protocols such as HTTPS, SMTP, POP3, and FTP support TLS. Secure Sockets Layer (SSL), on the other hand, is a protocol used to establish an encrypted link between web browsers and servers. It uses symmetric cryptography to encrypt the data transmitted. Encryption keys are based on shared secret negotiation at the beginning of any communication session.

The General Data Protection Regulation (GDPR) of the European Union and the California Privacy Rights Act (CPRA) represent landmark regulations designed to protect consumer data privacy. While GDPR became enforceable in May 2018, CPRA came into effect in January 2023, building on its predecessor, the California Consumer Privacy Act (CCPA). Both laws aim to empower individuals with greater control over their personal data while imposing rigorous obligations on businesses.

A phishing campaign is impersonating HR to target employees who are making annual insurance changes during the open enrollment period, according to researchers at Abnormal Security. The attackers are using legitimate notifications from Dropbox to send phishing messages, asking recipients to view a document on Dropbox regarding annual salary increases and open enrollment elections.

Incognito mode, also known as private browsing mode, stops your web browser from saving your browsing history on your device. By turning on incognito mode, you can browse the internet with the assurance that closing incognito mode will erase your cookies and data. Incognito mode also logs you out of your online accounts, which is useful if you’re sharing a device with others and want to maintain your privacy.