In September 2024, Netskope Threat Labs reported a Python-based NodeStealer targeting Facebook business accounts. NodeStealer collects Facebook and other credentials stored in the browser and its cookie data. For over a year, we have tracked and discovered multiple variants of this infostealer. It is now targeting new victims and extracting new information using new techniques. In this blog post, we will dissect the development of the Python NodeStealer from multiple samples in the wild.

In this blog we will cover what we know about the Finastra breach, what we know about who might have been compromised and an analysis of the validity of the Threat Actor abyss0.

Managing sensitive data while meeting compliance and security standards is an ever-growing challenge for organizations. Today, secure data management is a top priority, especially in industries like healthcare, finance, and fintech. This focus is expected to intensify in the coming years. To address these needs, privacy vault solutions like Databunker, Skyflow, and Piiano have emerged. Each offers unique capabilities tailored to specific use cases.

According to our most recent cloud security report, most cloud security incidents are the result of compromised credentials for either human or non-human identities. Once an attacker successfully controls an identity, such as a highly privileged user account, they can quickly move to other areas of an environment, including prevalent targets like sensitive data stores. This pattern of behavior is similar across all cloud platforms and services.

The holiday season is here, and with it comes the thrill of Black Friday deals and holiday shopping sprees. But it's not just shoppers who are gearing up – cybercriminals are ready to take advantage of the holiday rush, hoping to catch unsuspecting consumers off guard. While Trustwave generally focuses on protecting enterprises from cyberattacks and scams, we feel it’s important to help consumers, as well. After all, many people use work devices for online shopping and accessing social media.

Networks form a critical core for our modern-day society and businesses. These networks are comprised of many types of components that make up the networks’ infrastructure. Network infrastructure devices can be physical or virtual and include things such as routers, switches, firewalls, and wireless access points.

In 2024, cyber threats are evolving fast. Attackers are using advanced tools like AI-powered malware, ransomware-as-a-service models, and targeted supply chain attacks that can get past traditional security measures. To fight these threats, security teams need tools that can move faster than attackers, giving them a clear view and coordinated responses across their IT ecosystem.

On November 19, 2024, Arctic Wolf began observing active exploitation of the recently-disclosed CVE-2024-0012 and CVE-2024-9474 vulnerabilities impacting Palo Alto Networks PAN-OS software. When chained together, these vulnerabilities allow an unauthenticated threat actor with network access to the management web interface to gain administrator privileges.

Attack surfaces in the cloud are expanding at a breakneck pace. Cloud security has reached an unprecedented level of complexity — ranging from misconfigurations and vulnerabilities to advanced threats and compliance challenges, all while malicious actors are increasingly using generative AI to target your cloud infrastructure.

This blog was originally published on MSSP Alert on September 20, 2024 Cybersecurity platformization is usually discussed as it relates to large organizations. But cybersecurity service businesses stand to benefit as much from platformization as enterprises — if not more so.