News Archives - Arab Security Consultants

PLAYFULGHOST Delivered via Phishing and SEO Poisoning in Trojanized VPN Apps

Monday, 06 January 2025 by Ayman Hamam

Cybersecurity researchers have flagged a new malware called PLAYFULGHOST that comes with a wide range of information-gathering features like keylogging, screen capture, audio capture, remote shell, and file transfer/execution. The backdoor, according to Google’s Managed Defense team, shares functional overlaps with a known remote administration tool referred to as Gh0st RAT, which had its source code publicly leaked

Published in News

Tagged under: advanced malware analysis, ASC, BYOVD attacks, cyber defense strategies., Cybersecurity Threats, DLL hijacking, Gh0st RAT, keylogging, malware infection methods, Phishing Attacks, PLAYFULGHOST malware, remote access trojans, SEO poisoning, Windows malware

When Good Extensions Go Bad: Takeaways from the Campaign Targeting Browser Extensions

Thursday, 02 January 2025 by Ayman Hamam

News has been making headlines over the weekend of the extensive attack campaign targeting browser extensions and injecting them with malicious code to steal user credentials. Currently, over 25 extensions, with an install base of over two million users, have been found to be compromised, and customers are now working to figure out their exposure (LayerX, one

Published in News

Tagged under: ASC, browser extension attacks, browser security, browser security threats, cyberattack prevention, cybersecurity news 2024, extension vulnerabilities, malicious browser extensions, malicious code injection, organizational cybersecurity, protecting user credentials

Seven Bolt-Ons to Make Your Entra ID More Secure for Critical Sessions

Tuesday, 24 December 2024 by Ayman Hamam

Identity security is all the rage right now, and rightfully so. Securing identities that access an organization’s resources is a sound security model. But IDs have their limits, and there are many use cases when a business should add other layers of security to a strong identity. And this is what we at SSH Communications

Published in News

Tagged under: "PrivX Zero Trust Suite, ASC, Compliance and Audit, Critical Session Security, Cybersecurity Solutions, Hybrid Cloud Security, IAM Integration, Identity Security, Passwordless Authentication, Privileged Access Management, Privileged User Access, SSH Key Management, Zero Trust Security

INTERPOL Arrests 5,500 in Global Cybercrime Crackdown, Seizes Over $400 Million

Monday, 02 December 2024 by Ayman Hamam

A global law enforcement operation has led to the arrest of more than 5,500 suspects involved in financial crimes and the seizure of more than $400 million in virtual assets and government-backed currencies. The coordinated exercise saw the participation of authorities from 40 countries, territories, and regions as part of the latest wave of Operation HAECHI-V,

Published in News

Tagged under: ASC, Cryptocurrency scams, Cybercrime crackdown, Cybercrime prevention, Digital security., Financial cybercrime, Global law enforcement, INTERPOL, Operation HAECHI-V, Virtual asset seizure, Voice phishing syndicates

THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 18 – Nov 24)

Wednesday, 27 November 2024 by Ayman Hamam

We hear terms like “state-sponsored attacks” and “critical vulnerabilities” all the time, but what’s really going on behind those words? This week’s cybersecurity news isn’t just about hackers and headlines—it’s about how digital risks shape our lives in ways we might not even realize. For instance, telecom networks being breached isn’t just about stolen data—it’s

Published in News

PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs Released

Monday, 18 November 2024 by Ayman Hamam

Palo Alto Networks has released new indicators of compromise (IoCs) a day after the network security vendor confirmed that a new zero-day vulnerability impacting its PAN-OS firewall management interface has been actively exploited in the wild. To that end, the company said it observed malicious activity originating from below IP addresses and targeting PAN-OS management web interface

Published in News

Tagged under: Active Exploitation Alerts, ArabSecurityConsultants, ASC, CISA Vulnerability Updates., Critical CVSS Vulnerability, cybersecurity advisory, Firewall Security, Management Interface Security, Palo Alto IoCs, Palo Alto Networks Advisory, Palo Alto Networks Zero-Day, PAN-OS Vulnerability, Remote Code Execution (RCE) Flaw, Threat Actor Activity, Unauthenticated RCE, Web Shell Exploitation, Zero-Day Exploitation

Palo Alto Advises Securing PAN-OS Interface Amid Potential RCE Threat Concerns

Monday, 11 November 2024 by Ayman Hamam

Palo Alto Networks on Friday issued an informational advisory urging customers to ensure that access to the PAN-OS management interface is secured because of a potential remote code execution vulnerability. “Palo Alto Networks is aware of a claim of a remote code execution vulnerability via the PAN-OS management interface,” the company said. “At this time, we

Published in News

Tagged under: ASC, CISA Advisory, CVE-2024-5910, Cyber Threat Mitigation, Cyber Threat Response, cybersecurity advisory, Cybersecurity Vulnerability Management, Expedition Tool Vulnerability, IP Restriction, Management Interface Security, Network Security Best Practices, Palo Alto Networks, PAN-OS Security, RCE Protection, Remote Code Execution Vulnerability, Secure Management Interface

Stop LUCR-3 Attacks: Learn Key Identity Security Tactics in This Expert Webinar

Monday, 04 November 2024 by Ayman Hamam

Did you know that advanced threat actors can infiltrate the identity systems of major organizations and extract sensitive data within days? It’s a chilling reality, becoming more common and concerning by the day. These attackers exploit vulnerabilities in SaaS and cloud environments, using compromised identities to move laterally within networks, causing widespread damage. Cybersecurity and

Published in News

Tagged under: Advanced Threat Actors, ArabSecurityConsultants, ASC, cloud security, Cyber Defense, Cyber Threats, Cybersecurity Webinar, data breaches, Detection and Response, Identity Infrastructure, Identity Security, Identity-Based Attacks, IT Security, Lateral Movement, LUCR-3, SaaS Security, Scattered Spider

Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel

Monday, 28 October 2024 by Ayman Hamam

A new attack technique could be used to bypass Microsoft’s Driver Signature Enforcement (DSE) on fully patched Windows systems, leading to operating system (OS) downgrade attacks. “This bypass allows loading unsigned kernel drivers, enabling attackers to deploy custom rootkits that can neutralize security controls, hide processes and network activity, maintain stealth, and much more,” SafeBreach

Published in News

Tagged under: ASC, Code Integrity, CVE-2024-21302, CVE-2024-38202, cyberSecurity, CYbersecurityCOnsultant, Driver Signature Enforcement, DSE Bypass, Kernel-Level Attack, Microsoft, OS Downgrade, Patch Tuesday, privilege escalation, Rootkit, UEFI Lock, VBS, Windows Security, Windows Update

OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf

Tuesday, 15 October 2024 by Ayman Hamam

The Iranian threat actor known as OilRig has been observed exploiting a now-patched privilege escalation flaw impacting the Windows Kernel as part of a cyber espionage campaign targeting the U.A.E. and the broader Gulf region. “The group utilizes sophisticated tactics that include deploying a backdoor that leverages Microsoft Exchange servers for credentials theft, and exploiting vulnerabilities like

Published in News

Tagged under: APT34, credentials theft, CVE-2024-30088, Cyber espionage, cyberattack, Earth Simnavaz, Gulf region, Malware, Microsoft Exchange, OilRig, privilege escalation, psgfilter.dll, STEALHOOK, U.A.E., vulnerability exploitation, Windows Kernel

Category: News