Quotidien - December 2, 2024

AWS launches an incident response service to combat cybersecurity threats | TechCrunch

Amazon has launched AWS Security Incident Response, a service to help triage and respond to cybersecurity threats.

techcrunch, EN, 2024, Amazon, AWS, Security, Incident, Response, service, launch

Data broker exposes 600,000 sensitive files including background checks

A researcher has discovered a data broker had stored 644,869 PDF files in a publicly accessible cloud storage container.

23:14

malwarebytes, EN, 2024, researcher, data-broker, PDF, data-leak, background, checks

UN, international orgs create advisory body for submarine cables after incidents | The Record from Recorded Future News

On Friday, the United Nations Agency for Digital Technologies said it is partnering with the International Telecommunication Union (ITU) and International Cable Protection Committee (ICPC) to create the International Advisory Body for Submarine Cable Resilience.

13:12

therecord.media, EN, 2024, UN, submarine, cables, advisory, body, ICPC, Resilience

The Curious Case of an Egg-Cellent Resume

Initial access was via a resume lure as part of a TA4557/FIN6 campaign.
The threat actor abused LOLbins like ie4uinit.exe and msxsl.exe to run the more_eggs malware.
Cobalt Strike and python-based C2 Pyramid were employed by the threat actor for post-exploitation activity.
The threat actor abused CVE-2023-27532 to exploit a Veeam server and facilitate lateral movement and privilege escalation activities.
The threat actor installed Cloudflared to assist in tunneling RDP traffic.
This case was first published as a Private Threat Brief for customers in April of 2024.
Eight new rules were created from this report and added to our Private Detection Ruleset.

09:33

thedfirreport, EN, 2024, Egg-Cellent, Resume, lure, CV, Resume, Cloudflared

Quotidien Shaarli

December 2, 2024