Nathan Shuchami

⚠ CYBERSECURITY HIGHLIGHTS FOR THE WEEK ⚠ Threat Actor in Focus - Emerging Threat: Void Manticore’s Destructive Cyber Campaigns Targeting Israeli Organizations Threat Actors: Void Manticore Attack Type: Public-facing web server Objective: Espionage Target Technology: Windows Target Geographies: Israel Target Industries: Government & Critical Infrastructure Business Impact: Data Loss, Data exfiltration Summary: Void Manticore (aka Storm-842) is an Iranian state-sponsored threat actor known for conducting destructive attacks on Israeli organizations and leaking information through the online persona ‘Karma’ (sometimes written as KarMa). These operations often target sectors such as government, finance, and critical infrastructure, aligning with Iran’s broader offensive strategy. The group employs straightforward and efficient techniques aimed at causing rapid and significant damage. Their operations extend beyond Israel, with attacks also reported in Albania, where they use the persona ‘Homeland Justice’ to leak stolen data. In Israel, Void Manticore is notable for utilizing a custom wiper named BiBi, after Israeli Prime Minister Benjamin Netanyahu. One common method Void Manticore uses to gain access to target systems is through internet-facing web servers like CVE-2019-0604, where they deploy web shells like the custom “Karma Shell.” This tool, disguised as an error page, can list directories, create processes, upload files, and manage services, using simple encryption methods like base64 and one-byte XOR for obfuscation. They have also been observed uploading a custom executable, do.exe, which checks for Domain Admin credentials. Upon successful authentication, it installs another web shell, reGeorge, indicating valid credentials. This suggests the initial access might be facilitated by another entity, possibly Scarred Manticore, a more sophisticated threat actor. Continue reading here ➡ https://lnkd.in/gvR_-7wt #CyberSecurity #Cyfirma #ETLM #externalthreatlandscape #ThreatIntelligence #CyberIntelligence #CYFIRMAResearch #malware #ransomware #threatactor #cybersecurityawareness Kumar Ritesh Dr. Saurabh Lal, P.D. Michael Henry Anna Koh Amit Thakur Harry Lee Glaiza Pardilla Harsha Vardhan Sam Parmar Rahul Raghav Yusuke Tateno Chiaki Izena（伊是名千晶）Greg Baylis David Plummer Rakesh R V Nicko Navarrete Ruri A. Hyungchan Mike Cho Montai Saiaroon Huy. Nguyen Tuong Vinh Dudley Swanepoel Mouli Saha Greg Baylis Vincent Cheng Julius S.

13

New report on Top Influential Regulations reveals 37% say TSA Security Directives is most influential. Full Report = https://lnkd.in/gmmzSQQa Bravo to all who work on #CyberSecurity at OTORIO including Kfir Tzukrel and Gail Kosloff

7

1 תגובה

Targeted cyberattacks leveraging Donut and Sliver frameworks have hit Israeli entities, highlighting the need for advanced cybersecurity measures. Discover more on Foresiet’s latest blog.    Read More at: https://lnkd.in/gCSSStwu   #Cybersecurity #Malware #DataProtection

4

🛎️ 📟 AU10TIX, a well-known Israeli-based authentication company serving major brands like Uber, TikTok, and LinkedIn, recently faced a security incident. An inadvertent exposure of administration credentials online for over a year potentially risked user identity documents, including drivers' licenses. The exposed credentials, detected by a researcher and disclosed to 404 Media, unveiled a logging platform with sensitive data such as names, dates of birth, nationalities, identification numbers, and document images. The incident, believed to stem from an infostealer on a Network Operations Center Manager's device at AU10TIX, fortunately did not result in actual data misuse, as confirmed by the company. However, this event underscores the critical importance of handling authentication data securely, especially for a company entrusted with verifying identities for high-profile clients. AU10TIX promptly terminated the compromised system and informed its customers about the situation. Stay informed: [Link to the full report here.](https://lnkd.in/egxtnGQB) #databreach #

1

Data Breach Alert ☣  - Alleged data sale of Israeli Air Force Threat actor claims to be selling data related to the Israeli Air Force, including detailed information about active and inactive pilots and employees. The alleged data contains information such as ranks, positions, service records, and training qualifications. The leak reportedly includes information from several airbases, such as Haifa, Hatzor, Ovda, Nevatim, Ramat David, Ramón, Tel Nof, Sdot Micha, and the special forces group. - #data_breach #data_leak #infosec #dark_web #DataBreach  #DataLeak  #Services  #CyberThreat  #CyberAttack

26

The mysterious pager explosions today that wounded over 3,600 people in Lebanon, mostly Hezbollah terrorists, were the result of extensive planning, according to Israeli cyber expert, Oleg Brodt, Director of Research, Development, and Innovation at Ben-Gurion University of the Negev's Cyber Labs. How does a pager explode? What coordination is needed to pull this off? Read how Israel was able to accomplish this widespread attack from The Jerusalem Post: https://lnkd.in/e-wx-hfk

8

1 תגובה

#DiyakoSecureBow ———————————— Gartner Israel Briefing: What you Need to Know about GenAI and Security September 202 Special Thanks❤️😇👍🏽🙏 Gartner -Secure Business Continuity- 2024.05.18 —————————————————— #CyberSecurity #benchmark #AI #Threats #SecureBusinessContinuity

17

Check out Omer🐈 Cohen of Descope's recent piece discussing the CSO's role in navigating today's fast-paced compliance and security landscape. In this article via Help Net Security, Cohen outlines how early investment and smart automation can help CSOs turn compliance from a stumbling block into a growth opportunity. https://lnkd.in/dMXaTt4t

1

Check out CYJAX's latest cyber intelligence weekly round-up! This week's video explores cyberattacks linked to the Israel-Palestine conflict, global DNS probing by a Chinese threat actor, and a major data leak involving the New York Times. For the written version - subscribe to our newsletter here: https://lnkd.in/dFgKdKPU #DataBreach #CyberSecurityNews #ThreatIntelligence

7

Data Breach Alert ☣  - Alleged data leak of Atriis Technologies Threat actor claims to have leaked data from Atriis Technologies, a SaaS travel booking and management solution based in Israel. The compromised data allegedly includes booking details, routing information, flight schedules, employee communications, error reports, card verification failures, booking errors, and other related information. - #data_breach #data_leak #infosec #dark_web #DataBreach  #DataLeak  #Services  #CyberThreat  #CyberAttack

11

Data Breach Alert ☣  - Alleged data sale of Harel Group Threat actor claims to be selling the data of Harel Group, the largest insurance group in Israel. The leaked data reportedly contains 1.8 million records, including names, identity card numbers, dates of birth, addresses, cities, zip codes, phone numbers, and more. - #data_breach #data_leak #infosec #dark_web #DataBreach  #DataLeak  #Services  #CyberThreat  #CyberAttack

29

2 תגובות

🛡 How Israeli Innovation is Outpacing Cyber Threats At Cybertech, Yoel Israel spoke with Ilan Mintz of GYTPOL to reveal how Israel’s military mindset fuels cutting-edge cybersecurity solutions. 🔐 Cyber Hygiene = Cyber Strength Mintz highlighted the power of cyber hygiene and the right tools to shut down attack vectors. Gytpol leads the charge by securing organizations through smart misconfiguration fixes. 💡 Want to Break Into Cyber? No network? No problem. Mintz says skills are the key. Cyber is more than code—it’s about mastering the business game too. IsraelTech was able to sit down with Gytpol co-founder and CEO, Tal Kollender, as well. To hear more about the incredible work Gytpol is doing, watch the full interview. Link in the comments 👇 Israel’s edge? Innovation + Military Precision. How are you staying ahead of cyber threats?

24

9 תגובות

Attacks on Israeli orgs ‘more than doubled’ since October 7, cyber researcher says. Key takeaways: 1. Cyberattacks on Israeli organizations, particularly those tied to defense, have surged dramatically since October 7. With an average Israeli organization experiencing more than 2,200 attacks each week, this points to a shift in geopolitical and cyber warfare strategies. 2. The majority of these cyberattacks are politically motivated, with involvement suspected from Iranian state-sponsored groups and Hezbollah, marking an evolution in these groups' tactics and a significant threat to nations' security infrastructure. 3. The scope of these attacks extends beyond Israel, with countries including the U.S., Canada, and the U.K. also targeted. This highlights the global nature of cybersecurity threats and the need for collective international actions to counter these advanced persistent threats. Learn more by visiting The Record from Recorded Future News: https://lnkd.in/eKUYWJCq

2

🔍 Rising Cyber Threats: Inside the Digital Tactics of Pro-Israel Groups 🔍 Our latest analysis highlights the diverse tactics used by pro-Israel groups in cyber operations, with key attack methods including: 💻 Website Defacement (44.8%): Groups supporting Israel may make unauthorized changes to the appearance or content of a targeted website. These changes are usually made to the site's homepage and include a page with the attackers' message or purpose. 🌐 DDoS Attacks (%29.9): Pro-Israel groups have been using Distributed Denial of Service (DDoS) attacks against Iranian online services. These attacks involve sending massive traffic to make targeted websites temporarily inaccessible. 🕵️‍♂️ Cyber Espionage and Information Collection (%10.4): Pro-Israel groups may engage in cyber espionage to collect sensitive data from specific individuals or organizations. ⚠️ Social Engineering and Ransomware (%7.5): Pro-Israel groups use social engineering tactics to achieve their goals. They may also use ransomware to harm their targets or steal information. 🎣 Phishing Attacks (%7.5): In some cases, pro-Israel organizations may resort to phishing attacks to obtain sensitive information from targeted groups or individuals. These findings underscore the broad and evolving nature of cyber threats posed by groups aligned with Israel. Stay informed and vigilant. For more insights, check out the full report 👉🏻 https://lnkd.in/eK_MWHeV #CyberSecurity #CyberThreats #DDoSAttack #WebsiteDefacement #CyberEspionage #Phishing #Ransomware #ProIsraelGroups #DigitalDefense #StaySafeOnline

28

⚠️ #CyberAttack Alert ⚠️ 🇮🇱#Israel: ZeroSeven Hacking Group Offers Full Network Access to Israeli Infrastructure: 80TB of Critical Data at Risk ZeroSeven, the same hacking group that recently leaked sensitive information from Toyota, is now selling full network access to servers containing 80TB of data related to Israeli infrastructure. According to the post, this access allows entry to a large amount of sensitive data that could put Israel at significant risk, including: - Detailed project information for water, oil, gas, power, and electricity across most areas of Israel and government sectors. - SCADA systems. - Sensitive diagrams with specific coordinates for all projects, pipelines, and more. - Complete databases (customer, financial, sensitive data, etc.). "We can do the same thing we did with Toyota and leak all the data, but instead, we are selling access to the servers so you can do whatever you want, whether it's ransomware attacks, causing damage, or stealing the data. We also offer to delete all data we have uploaded to our servers," the group wrote. It is still unknown whether this claim is true, but if it turns out to be legitimate and falls into the wrong hands, the potential severity of the impact would be critical. #DataBreach

1