Lunch Time Nibbles – 2023-01-23

Lunchtime

Welcome to another Lunch Time breakout:

Threat Actors Turn to Sliver as Open Source Alternative to Popular C2 Frameworks
The legitimate command-and-control (C2) framework known as Sliver is gaining more traction from threat actors as it emerges as an open source alternative to Cobalt Strike and Metasploit.
The findings come from Cybereason, which detailed its inner workings in an exhaustive analysis last week.
Sliver, developed by cybersecurity company BishopFox, is a Golang-based cross-platform post-exploitation
Read more….

Samsung Galaxy Store App Found Vulnerable to Sneaky App Installs and Fraud
Two security flaws have been disclosed in Samsung’s Galaxy Store app for Android that could be exploited by a local attacker to stealthily install arbitrary apps or direct prospective victims to fraudulent landing pages on the web.
The issues, tracked as CVE-2023-21433 and CVE-2023-21434, were discovered by NCC Group and notified to the South Korean chaebol in November and December 2022. Samsung
Read more….

SaaS Security Posture Management (SSPM) as a Layer in Your Identity Fabric
The move to SaaS and other cloud tools has put an emphasis on Identity & Access Management (IAM). After all, user identity is one of the only barriers standing between sensitive corporate data and any unauthorized access. 
The tools used to define IAM make up its identity fabric. The stronger the fabric, the more resistant identities are to pressure from threat actors. However, those pressures
Read more….

Follow for more…

%d bloggers like this: