Welcome to the Triad Situation Report, your trusted source for the latest cybersecurity and compliance news. In this edition, we bring you crucial updates on emerging cyber threats, including data breaches, phishing schemes, and sophisticated malware campaigns. Stay informed and take proactive steps to protect your business from evolving cyber risks.
- 100+ Fake Chrome Extensions Found Hijacking Sessions, Stealing Credentials, Injecting Ads
Since February 2024, over 100 malicious Chrome extensions have impersonated legitimate tools to steal user data, hijack sessions, and inject ads. These extensions, often distributed via fake websites mimicking real services, exploited excessive permissions to execute arbitrary code and manipulate browser behavior.
Read More
- Ransomware Gangs Use Skitnet Malware for Stealthy Data Theft and Remote Access
Skitnet, a multi-stage malware sold on underground forums since April 2024, is being used by ransomware groups like Black Basta for stealthy data theft and remote access. Written in Rust and Nim, it employs DNS-based communication to evade detection and supports various commands for persistence and data exfiltration.
Read More
- AWS Default IAM Roles Found to Enable Lateral Movement and Cross-Service Exploitation
Researchers have identified that default IAM roles in AWS services like SageMaker and Glue grant overly broad permissions, enabling potential lateral movement and privilege escalation within AWS environments. These roles, often created automatically, could be exploited to access and manipulate various AWS resources, posing significant security risks.
Read More
- Malicious PyPI Packages Exploit Instagram and TikTok APIs to Validate User Accounts
Three malicious packages uploaded to PyPI acted as tools to validate stolen email addresses against Instagram and TikTok APIs, aiding in targeted attacks. By confirming active accounts, attackers could streamline credential stuffing, doxxing, and other malicious activities.
Read More
How Triad InfoSec Can Assist Your Business:
Navigating the complexities of cybersecurity compliance can be challenging. Triad InfoSec is dedicated to helping businesses prepare for CMMC audits, ensuring compliance, and optimizing cybersecurity strategies. Our services include:
- CMMC Audit Preparation: Guiding your organization through the necessary steps to achieve CMMC certification.
- MSP Partnerships: Collaborating with Managed Service Providers to ensure your business remains compliant while reducing cyber insurance premiums.
- Comprehensive Cybersecurity Solutions: Offering a range of services tailored to meet all your cybersecurity needs.
Partner with Triad InfoSec to secure your business’s future.
Stay vigilant and proactive in addressing cybersecurity challenges to protect your business and its valuable assets.
