As always in cybersecurity, hardly a dull day went by in 2024.
So much happened we thought it might be helpful to remind everyone what went down over the last 12 months. At least from a LevelBlue SpiderLabs perspective.
Here are the top SpiderLabs’ blogs, as voted by viewer readership analytics:
- LevelBlue Rapid Response: Mitigate Windows TCP/IP RCE Vulnerability (CVE-2024-38063)
LevelBlue SpiderLabs’ in-depth analysis of the critical Windows TCP/IP remote code execution vulnerability (CVE-2024-38063) along with actionable steps for mitigation to protect your systems helped make it the second most read blog of the year.
- LevelBlue Transfers ModSecurity Custodianship to the Open Worldwide Application Security Project (OWASP)
LevelBlue’s decision to transfer the custodianship of ModSecurity to OWASP marks a significant step in the evolution of this important web application firewall. This post detailed the transition and its implications for the cybersecurity community.
- Trusted Domain, Hidden Danger: Deceptive URL Redirections in Email Phishing Attacks
Phishing attacks continued to evolve, with deceptive URL redirections becoming more sophisticated. LevelBlue SpiderLabs explored how these tactics work and offers tips for recognizing and avoiding such threats.
- Rockstar 2FA: A Driving Force in Phishing-as-a-Service (PaaS) Part 1 and Part 2 Rockstar 2FA Phishing-as-a-Service (PaaS): Noteworthy Email Campaigns
Two-factor authentication (2FA) is a critical security measure, but it’s not immune to exploitation. This two-part series examined how phishing-as-a-service (PaaS) operations targeted 2FA systems, with Part 1 focusing on the basics and Part 2 highlighting notable email campaigns.
- CVE-2024-11477: 7-Zip Flaw Allows Remote Code Execution
A newly discovered flaw in 7-Zip (CVE-2024-11477) allowed remote code execution, posing significant risks. LevelBlue SpiderLabs provided a detailed analysis of the vulnerability and recommendations for safeguarding your systems.
- Agent Tesla's New Ride: The Rise of a Novel Loader
LevelBlue SpiderLabs investigated and detailed how Agent Tesla, a well-known malware, has adopted a new loader to enhance its evasion techniques.
- Search & Spoof: Abuse of Windows Search to Redirect to Malware
Cybercriminals are exploiting Windows Search to redirect users to malicious sites. LevelBlue SpiderLabs explained how these attacks are carried out and provides strategies for protecting against them.
- Fake Advanced IP Scanner Installer Delivers Dangerous CobaltStrike Backdoor
LevelBlue SpiderLabs found that a fake installer was being used to deliver the CobaltStrike backdoor. In this post, the team detailed the attack method and offers guidance on how to avoid falling victim to this threat.
- Apache ActiveMQ Vulnerability Leads to Stealthy Godzilla Webshell
LevelBlue SpiderLabs researched how an Apache ActiveMQ vulnerability was exploited to deploy the stealthy Godzilla webshell.
- Threat Advisory: Snowflake Data Breach Impacts Its Clients
On May 20, 2024, Live Nation discovered and disclosed an unauthorized activity in its third-party cloud database environment, which was eventually identified to be Snowflake. LevelBlue SpiderLabs issued a threat advisory into the attackers tactics, techniques, and procedures.
And one more for fun!
- Breakdown of Tycoon Phishing-as-a-Service System
Just weeks after LevelBlue SpiderLabs reported on the Greatness phishing-as-a-service (PaaS) framework, SpiderLabs’ Email Security team began tracking another PaaS called Tycoon Group.
LevelBlue SpiderLabs would like to thank all its readers and we hope we informed, inspired and maybe made you laugh a few times in 2024.
See you all next week in 2025.
