German and South Korean government agencies have warned about cyber attacks mounted by a threat actor tracked as Kimsuky using rogue browser extensions to steal users' Gmail inboxes.
The joint advisory comes from Germany's domestic intelligence apparatus, the Federal Office for the Protection of the Constitution (BfV), and South Korea's National Intelligence Service of the Republic of Korea (NIS
http://dlvr.it/SlPCtM
Friday, March 24, 2023
Thursday, March 23, 2023
NAPLISTENER: New Malware in REF2924 Group's Arsenal for Bypassing Detection
The threat group tracked as REF2924 has been observed deploying previously unseen malware in its attacks aimed at entities in South and Southeast Asia.
The malware, dubbed NAPLISTENER by Elastic Security Labs, is an HTTP listener programmed in C# and is designed to evade "network-based forms of detection."
REF2924 is the moniker assigned to an activity cluster linked to attacks against an entity
http://dlvr.it/SlLD61
http://dlvr.it/SlLD61
Wednesday, March 22, 2023
Hackers Steal Over $1.6 Million in Crypto from General Bytes Bitcoin ATMs Using Zero-Day Flaw
Bitcoin ATM maker General Bytes disclosed that unidentified threat actors stole cryptocurrency from hot wallets by exploiting a zero-day security flaw in its software.
"The attacker was able to upload his own java application remotely via the master service interface used by terminals to upload videos and run it using 'batm' user privileges," the company said in an advisory published over the
http://dlvr.it/SlHCJ8
http://dlvr.it/SlHCJ8
Tuesday, March 21, 2023
Researchers Shed Light on CatB Ransomware's Evasion Techniques
The threat actors behind the CatB ransomware operation have been observed using a technique called DLL search order hijacking to evade detection and launch the payload.
CatB, also referred to as CatB99 and Baxtoy, emerged late last year and is said to be an "evolution or direct rebrand" of another ransomware strain known as Pandora based on code-level similarities.
It's worth noting that the use
http://dlvr.it/SlD84H
http://dlvr.it/SlD84H
Monday, March 20, 2023
Emotet Rises Again: Evades Macro Security via OneNote Attachments
The notorious Emotet malware, in its return after a short hiatus, is now being distributed via Microsoft OneNote email attachments in an attempt to bypass macro-based security restrictions and compromise systems.
Emotet, linked to a threat actor tracked as Gold Crestwood, Mummy Spider, or TA542, continues to be a potent and resilient threat despite attempts by law enforcement to take it down.
A
http://dlvr.it/Sl99MN
http://dlvr.it/Sl99MN
Sunday, March 19, 2023
Chinese Hackers Exploit Fortinet Zero-Day Flaw for Cyber Espionage Attack
The zero-day exploitation of a now-patched medium-severity security flaw in the Fortinet FortiOS operating system has been linked to a suspected Chinese hacking group.
Threat intelligence firm Mandiant, which made the attribution, said the activity cluster is part of a broader campaign designed to deploy backdoors onto Fortinet and VMware solutions and maintain persistent access to victim
http://dlvr.it/Sl7143
http://dlvr.it/Sl7143
Saturday, March 18, 2023
Google Uncovers 18 Severe Security Vulnerabilities in Samsung Exynos Chips
Google is calling attention to a set of severe security flaws in Samsung's Exynos chips, some of which could be exploited remotely to completely compromise a phone without requiring any user interaction.
The 18 zero-day vulnerabilities affect a wide range of Android smartphones from Samsung, Vivo, Google, wearables using the Exynos W920 chipset, and vehicles equipped with the Exynos Auto T5123
http://dlvr.it/Sl4s7h
http://dlvr.it/Sl4s7h
Friday, March 17, 2023
Multiple Hacker Groups Exploit 3-Year-Old Vulnerability to Breach U.S. Federal Agency
Multiple threat actors, including a nation-state group, exploited a critical three-year-old security flaw in Progress Telerik to break into an unnamed federal entity in the U.S.
The disclosure comes from a joint advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC).
http://dlvr.it/Sl20JG
http://dlvr.it/Sl20JG
Thursday, March 16, 2023
Tick APT Targeted High-Value Customers of East Asian Data-Loss Prevention Company
A cyberespionage actor known as Tick has been attributed with high confidence to a compromise of an East Asian data-loss prevention (DLP) company that caters to government and military entities.
"The attackers compromised the DLP company's internal update servers to deliver malware inside the software developer's network, and trojanized installers of legitimate tools used by the company, which
http://dlvr.it/SkyxpV
http://dlvr.it/SkyxpV
Wednesday, March 15, 2023
Researcher Dr Mamello Thinyane to lead Optus and UniSA cyber ... - iTWire
Researcher Dr Mamello Thinyane to lead Optus and UniSA cyber ... iTWire
http://dlvr.it/SkvvWX
http://dlvr.it/SkvvWX
Splunk SOAR Cyber Security: A Comprehensive Overview - Security Boulevard
Splunk SOAR Cyber Security: A Comprehensive Overview Security Boulevard
http://dlvr.it/SkvvH3
http://dlvr.it/SkvvH3
Tuesday, March 14, 2023
Ivanti Cybersecurity Report Cites Risks in Hybrid Government Work ... - Executive Gov
Ivanti Cybersecurity Report Cites Risks in Hybrid Government Work ... Executive Gov
http://dlvr.it/Skrr2M
http://dlvr.it/Skrr2M
Monday, March 13, 2023
KamiKakaBot Malware Used in Latest Dark Pink APT Attacks on Southeast Asian Targets
The Dark Pink advanced persistent threat (APT) actor has been linked to a fresh set of attacks targeting government and military entities in Southeast Asian countries with a malware called KamiKakaBot.
Dark Pink, also called Saaiwc, was first profiled by Group-IB earlier this year, describing its use of custom tools such as TelePowerBot and KamiKakaBot to run arbitrary commands and exfiltrate
http://dlvr.it/SknsCq
http://dlvr.it/SknsCq
Sunday, March 12, 2023
BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads
The malware downloader known as BATLOADER has been observed abusing Google Ads to deliver secondary payloads like Vidar Stealer and Ursnif.
According to cybersecurity company eSentire, malicious ads are used to spoof a wide range of legitimate apps and services such as Adobe, OpenAPI's ChatGPT, Spotify, Tableau, and Zoom.
BATLOADER, as the name suggests, is a loader that's responsible for
http://dlvr.it/SklplQ
http://dlvr.it/SklplQ
Saturday, March 11, 2023
North Korean UNC2970 Hackers Expands Operations with New Malware Families
A North Korean espionage group tracked as UNC2970 has been observed employing previously undocumented malware families as part of a spear-phishing campaign targeting U.S. and European media and technology organizations since June 2022.
Google-owned Mandiant said the threat cluster shares "multiple overlaps" with a long-running operation dubbed "Dream Job" that employs job recruitment lures in
http://dlvr.it/Skjkzz
http://dlvr.it/Skjkzz
Friday, March 10, 2023
SecurityScorecard and ILTA join forces to create a cyber resilient ... - Help Net Security
SecurityScorecard and ILTA join forces to create a cyber resilient ... Help Net Security
http://dlvr.it/SkfwRk
http://dlvr.it/SkfwRk
Thursday, March 9, 2023
TSA rolls out new mandates to thwart cyberattacks - The Hill
TSA rolls out new mandates to thwart cyberattacks The Hill
http://dlvr.it/Skbw04
http://dlvr.it/Skbw04
Wednesday, March 8, 2023
Why Healthcare Can't Afford to Ignore Digital Identity
Investing in digital identity can improve security, increase clinical productivity, and boost healthcare's bottom line. — by Gus Malezis, CEO of Imprivata
Digitalization has created immeasurable opportunities for businesses over the past two decades. But the growth of hybrid work and expansion of Internet of Things (IoT) has outpaced traditional 'castle and moat' cybersecurity, introducing
http://dlvr.it/SkXvC5
http://dlvr.it/SkXvC5
Shein's Android App Caught Transmitting Clipboard Data to Remote Servers
An older version of Shein's Android application suffered from a bug that periodically captured and transmitted clipboard contents to a remote server.
The Microsoft 365 Defender Research Team said it discovered the problem in version 7.9.2 of the app that was released on December 16, 2021. The issue has since been addressed as of May 2022.
Shein, originally named ZZKKO, is a Chinese online fast
http://dlvr.it/SkXtxr
http://dlvr.it/SkXtxr
Tuesday, March 7, 2023
Experts Discover Flaw in U.S. Govt's Chosen Quantum-Resistant Encryption Algorithm
A group of researchers has revealed what it says is a vulnerability in a specific implementation of CRYSTALS-Kyber, one of the encryption algorithms chosen by the U.S. government as quantum-resistant last year.
The exploit relates to "side-channel attacks on up to the fifth-order masked implementations of CRYSTALS-Kyber in ARM Cortex-M4 CPU," Elena Dubrova, Kalle Ngo, and Joel Gärtner of KTH
http://dlvr.it/SkTnFB
http://dlvr.it/SkTnFB
Monday, March 6, 2023
Australian National Maritime Museum suffers internal cyber attack - Cyber Security Connect
Australian National Maritime Museum suffers internal cyber attack Cyber Security Connect
http://dlvr.it/SkQn8M
http://dlvr.it/SkQn8M
Sunday, March 5, 2023
New FiXS ATM Malware Targeting Mexican Banks
A new ATM malware strain dubbed FiXS has been observed targeting Mexican banks since the start of February 2023.
"The ATM malware is hidden inside another not-malicious-looking program," Latin American cybersecurity firm Metabase Q said in a report shared with The Hacker News.
Besides requiring interaction via an external keyboard, the Windows-based ATM malware is also vendor-agnostic and is
http://dlvr.it/SkNdzL
http://dlvr.it/SkNdzL
Saturday, March 4, 2023
Chinese Hackers Targeting European Entities with New MQsTTang Backdoor
The China-aligned Mustang Panda actor has been observed using a hitherto unseen custom backdoor called MQsTTang as part of an ongoing social engineering campaign that commenced in January 2023.
"Unlike most of the group's malware, MQsTTang doesn't seem to be based on existing families or publicly available projects," ESET researcher Alexandre Côté Cyr said in a new report.
Attack chains
http://dlvr.it/SkLWQq
http://dlvr.it/SkLWQq
Friday, March 3, 2023
SysUpdate Malware Strikes Again with Linux Version and New Evasion Tactics
The threat actor known as Lucky Mouse has developed a Linux version of a malware toolkit called SysUpdate, expanding on its ability to target devices running the operating system.
The oldest version of the updated artifact dates back to July 2022, with the malware incorporating new features designed to evade security software and resist reverse engineering.
Cybersecurity company Trend Micro said
http://dlvr.it/SkHgrk
http://dlvr.it/SkHgrk
Thursday, March 2, 2023
Cybersecurity | Greylock - Greylock Partners
Cybersecurity | Greylock Greylock Partners
http://dlvr.it/SkDc1c
http://dlvr.it/SkDc1c
Wednesday, March 1, 2023
Funding Files: Cyber security, AI and cloud deal roundup - ETCIO South East Asia
Funding Files: Cyber security, AI and cloud deal roundup ETCIO South East Asia
http://dlvr.it/Sk9XLs
http://dlvr.it/Sk9XLs
Tuesday, February 28, 2023
PlugX Trojan Disguised as Legitimate Windows Debugger Tool in Latest Attacks
The PlugX remote access trojan has been observed masquerading as an open source Windows debugger tool called x64dbg in an attempt to circumvent security protections and gain control of a target system.
"This file is a legitimate open-source debugger tool for Windows that is generally used to examine kernel-mode and user-mode code, crash dumps, or CPU registers," Trend Micro researchers Buddy
http://dlvr.it/Sk6VVr
http://dlvr.it/Sk6VVr
Monday, February 27, 2023
Dutch Police Arrest 3 Hackers Involved in Massive Data Theft and Extortion Scheme
The Dutch police announced the arrest of three individuals in connection with a "large-scale" criminal operation involving data theft, extortion, and money laundering.
The suspects include two 21-year-old men from Zandvoort and Rotterdam and an 18-year-old man without a permanent residence. The arrests were made on January 23, 2023.
It's estimated that the hackers stole personal data belonging
http://dlvr.it/Sk3ZR3
http://dlvr.it/Sk3ZR3
Sunday, February 26, 2023
Palo Alto Networks Is the Leading Cyber Security Play - Investing.com
Palo Alto Networks Is the Leading Cyber Security Play Investing.com
http://dlvr.it/Sk1Q2s
http://dlvr.it/Sk1Q2s
Saturday, February 25, 2023
Some Indigo employee data was stolen in ransomware attack, retailer now says - CBC News
Some Indigo employee data was stolen in ransomware attack, retailer now says CBC News
http://dlvr.it/SjzD2q
http://dlvr.it/SjzD2q
Friday, February 24, 2023
SSU alumnus launches career in cybersecurity - The Highland County Press
SSU alumnus launches career in cybersecurity The Highland County Press
http://dlvr.it/SjwK4q
http://dlvr.it/SjwK4q
Thursday, February 23, 2023
Hydrochasma: New Threat Actor Targets Shipping Companies and Medical Labs in Asia
Shipping companies and medical laboratories in Asia have been the subject of a suspected espionage campaign carried out by a never-before-seen threat actor dubbed Hydrochasma.
The activity, which has been ongoing since October 2022, "relies exclusively on publicly available and living-off-the-land tools," Symantec, by Broadcom Software, said in a report shared with The Hacker News.
There is no
http://dlvr.it/SjsCSR
http://dlvr.it/SjsCSR
Wednesday, February 22, 2023
Election, cybersecurity officials warn about foreign threats ahead of 2024 - KTAR.com
Election, cybersecurity officials warn about foreign threats ahead of 2024 KTAR.com
http://dlvr.it/Sjp6p9
http://dlvr.it/Sjp6p9
Tuesday, February 21, 2023
Cyber Espionage Group Earth Kitsune Deploys WhiskerSpy Backdoor in Latest Attacks
The cyber espionage threat actor tracked as Earth Kitsune has been observed deploying a new backdoor called WhiskerSpy as part of a social engineering campaign.
Earth Kitsune, active since at least 2019, is known to primarily target individuals interested in North Korea with self-developed malware such as dneSpy and agfSpy. Previously documented intrusions have entailed the use of watering holes
http://dlvr.it/Sjl4y6
http://dlvr.it/Sjl4y6
Monday, February 20, 2023
Cyber security breaches are up multiple times as Internet penetration grows - Business Standard
Cyber security breaches are up multiple times as Internet penetration grows Business Standard
http://dlvr.it/SjhF0x
http://dlvr.it/SjhF0x
Samsung Introduces New Feature to Protect Users from Zero-Click Malware Attacks
Samsung has announced a new feature called Message Guard that comes with safeguards to protect users from malware and spyware via what's referred to as zero-click attacks.
The South Korean chaebol said the solution "preemptively" secures users' devices by "limiting exposure to invisible threats disguised as image attachments."
The security feature, available on Samsung Messages and Google
http://dlvr.it/SjhDZs
http://dlvr.it/SjhDZs
Sunday, February 19, 2023
GoDaddy Discloses Multi-Year Security Breach Causing Malware Installations and Source Code Theft
Web hosting services provider GoDaddy on Friday disclosed a multi-year security breach that enabled unknown threat actors to install malware and siphon source code related to some of its services.
The company attributed the campaign to a "sophisticated and organized group targeting hosting services."
GoDaddy said in December 2022, it received an unspecified number of customer complaints about
http://dlvr.it/Sjf74z
http://dlvr.it/Sjf74z
Saturday, February 18, 2023
New Mirai Botnet Variant 'V3G4' Exploiting 13 Flaws to Target Linux and IoT Devices
A new variant of the notorious Mirai botnet has been found leveraging several security vulnerabilities to propagate itself to Linux and IoT devices.
Observed during the second half of 2022, the new version has been dubbed V3G4 by Palo Alto Networks Unit 42, which identified three different campaigns likely conducted by the same threat actor.
"Once the vulnerable devices are compromised, they
http://dlvr.it/Sjc5PF
http://dlvr.it/Sjc5PF
Friday, February 17, 2023
CAGS students impress in national cyber security competition - Shepparton News
CAGS students impress in national cyber security competition Shepparton News
http://dlvr.it/SjYPbP
http://dlvr.it/SjYPbP
Thursday, February 16, 2023
Cyber security for telecom - Pakistan Observer
Cyber security for telecom Pakistan Observer
http://dlvr.it/SjVSPn
http://dlvr.it/SjVSPn
Wednesday, February 15, 2023
Hackers Create Malicious Dota 2 Game Modes to Secretly Access Players' Systems
An unknown threat actor created malicious game modes for the Dota 2 multiplayer online battle arena (MOBA) video game that could have been exploited to establish backdoor access to players' systems.
The modes exploited a high-severity flaw in the V8 JavaScript engine tracked as CVE-2021-38003 (CVSS score: 8.8), which was exploited as a zero-day and addressed by Google in October 2021.
"Since V8
http://dlvr.it/SjRWpW
http://dlvr.it/SjRWpW
Tuesday, February 14, 2023
Philadelphia Orchestra, Kimmel Center ticketing systems remain hampered after cyber attack - The Philadelphia Inquirer
Philadelphia Orchestra, Kimmel Center ticketing systems remain hampered after cyber attack The Philadelphia Inquirer
http://dlvr.it/SjNdSd
http://dlvr.it/SjNdSd
Monday, February 13, 2023
Chinese Tonto Team Hackers' Second Attempt to Target Cybersecurity Firm Group-IB Fails
The advanced persistent threat (APT) actor known as Tonto Team carried out an unsuccessful attack on cybersecurity company Group-IB in June 2022.
The Singapore-headquartered firm said that it detected and blocked malicious phishing emails originating from the group targeting its employees. It's also the second attack aimed at Group-IB, the first of which took place in March 2021.
Tonto Team,
http://dlvr.it/SjL9Nf
http://dlvr.it/SjL9Nf
Hackers Targeting U.S. and German Firms Monitor Victims' Desktops with Screenshotter
A previously unknown threat actor has been targeting companies in the U.S. and Germany with bespoke malware designed to steal confidential information.
Enterprise security company Proofpoint, which is tracking the activity cluster under the name Screentime, said the group, dubbed TA866, is likely financially motivated.
"TA866 is an organized actor able to perform well thought-out attacks at
http://dlvr.it/SjKpHk
http://dlvr.it/SjKpHk
Sunday, February 12, 2023
Enigma, Vector, and TgToxic: The New Threats to Cryptocurrency Users
Suspected Russian threat actors have been targeting Eastern European users in the crypto industry with fake job opportunities as bait to install information-stealing malware on compromised hosts.
The attackers "use several highly obfuscated and under-development custom loaders in order to infect those involved in the cryptocurrency industry with Enigma stealer," Trend Micro researchers Aliakbar
http://dlvr.it/SjHp1P
http://dlvr.it/SjHp1P
Saturday, February 11, 2023
U.K. and U.S. Sanction 7 Russians for TrickBot, Ryuk, and Conti Ransomware Attacks
In a first-of-its-kind coordinated action, the U.K. and U.S. governments on Thursday levied sanctions against seven Russian nationals for their affiliation to the TrickBot, Ryuk, and Conti cybercrime operation.
The individuals designated under sanctions are Vitaly Kovalev (aka Alex Konor, Bentley, or Bergen), Maksim Mikhailov (aka Baget), Valentin Karyagin (aka Globus), Mikhail Iskritskiy (aka
http://dlvr.it/SjFrsj
http://dlvr.it/SjFrsj
Friday, February 10, 2023
OpenSSL Fixes Multiple New Security Flaws with Latest Update
The OpenSSL Project has released fixes to address several security flaws, including a high-severity bug in the open source encryption toolkit that could potentially expose users to malicious attacks.
Tracked as CVE-2023-0286, the issue relates to a case of type confusion that may permit an adversary to "read memory contents or enact a denial-of-service," the maintainers said in an advisory.
The
http://dlvr.it/SjCFdv
http://dlvr.it/SjCFdv
Thursday, February 9, 2023
(ISC)² Makes Certified in Cybersecurity Exam Available in More ... - Dark Reading
(ISC)² Makes Certified in Cybersecurity Exam Available in More ... Dark Reading
http://dlvr.it/Sj8XYK
http://dlvr.it/Sj8XYK
Wednesday, February 8, 2023
VMware Finds No Evidence of 0-Day in Ongoing ESXiArgs Ransomware Spree
VMware on Monday said it found no evidence that threat actors are leveraging an unknown security flaw, i.e., a zero-day, in its software as part of an ongoing ransomware attack spree worldwide.
"Most reports state that End of General Support (EoGS) and/or significantly out-of-date products are being targeted with known vulnerabilities which were previously addressed and disclosed in VMware
http://dlvr.it/Sj5pF0
http://dlvr.it/Sj5pF0
Tuesday, February 7, 2023
OpenSSH Releases Patch for New Pre-Auth Double Free Vulnerability
The maintainers of OpenSSH have released OpenSSH 9.2 to address a number of security bugs, including a memory safety vulnerability in the OpenSSH server (sshd).
Tracked as CVE-2023-25136, the shortcoming has been classified as a pre-authentication double free vulnerability that was introduced in version 9.1.
"This is not believed to be exploitable, and it occurs in the unprivileged pre-auth
http://dlvr.it/Sj31sD
http://dlvr.it/Sj31sD
FormBook Malware Spreads via Malvertising Using MalVirt Loader to Evade Detection
An ongoing malvertising campaign is being used to distribute virtualized .NET loaders that are designed to deploy the FormBook information-stealing malware.
"The loaders, dubbed MalVirt, use obfuscated virtualization for anti-analysis and evasion along with the Windows Process Explorer driver for terminating processes," SentinelOne researchers Aleksandar Milenkoski and Tom Hegel said in a
http://dlvr.it/Sj31ct
http://dlvr.it/Sj31ct
Monday, February 6, 2023
NFPs “inherently vulnerable” to cyber security attacks - Pro Bono Australia
NFPs “inherently vulnerable” to cyber security attacks Pro Bono Australia
http://dlvr.it/Sj0J6h
http://dlvr.it/Sj0J6h
Sunday, February 5, 2023
Transelectrica Establishing Its Own Operational Security Centre - Energy Industry Review
Transelectrica Establishing Its Own Operational Security Centre Energy Industry Review
http://dlvr.it/ShzWMl
http://dlvr.it/ShzWMl
PixPirate: New Android Banking Trojan Targeting Brazilian Financial Institutions
A new Android banking trojan has set its eyes on Brazilian financial institutions to commit fraud by leveraging the PIX payments platform.
Italian cybersecurity company Cleafy, which discovered the malware between the end of 2022 and the beginning of 2023, is tracking it under the name PixPirate.
"PixPirate belongs to the newest generation of Android banking trojan, as it can perform ATS (
http://dlvr.it/ShyKGj
http://dlvr.it/ShyKGj
Saturday, February 4, 2023
Atlassian's Jira Service Management Found Vulnerable to Critical Vulnerability
Atlassian has released fixes to resolve a critical security flaw in Jira Service Management Server and Data Center that could be abused by an attacker to pass off as another user and gain unauthorized access to susceptible instances.
The vulnerability is tracked as CVE-2023-22501 (CVSS score: 9.4) and has been described as a case of broken authentication with low attack complexity.
"An
http://dlvr.it/ShwQXt
http://dlvr.it/ShwQXt
Friday, February 3, 2023
North Korean Hackers Exploit Unpatched Zimbra Devices in 'No Pineapple' Campaign
A new intelligence gathering campaign linked to the prolific North Korean state-sponsored Lazarus Group leveraged known security flaws in unpatched Zimbra devices to compromise victim systems.
That's according to Finnish cybersecurity company WithSecure (formerly F-Secure), which codenamed the incident No Pineapple in reference to an error message that's used in one of the backdoors.
Targets of
http://dlvr.it/ShsrKB
http://dlvr.it/ShsrKB
Thursday, February 2, 2023
Prilex PoS Malware Evolves to Block Contactless Payments to Steal from NFC Cards
The Brazilian threat actors behind an advanced and modular point-of-sale (PoS) malware known as Prilex have reared their head once again with new updates that allow it to block contactless payment transactions.
Russian cybersecurity firm Kaspersky said it detected three versions of Prilex (06.03.8080, 06.03.8072, and 06.03.8070) that are capable of targeting NFC-enabled credit cards, taking its
http://dlvr.it/Shpz75
http://dlvr.it/Shpz75
Wednesday, February 1, 2023
Researchers Uncover Packer Used by Several Malware to Evade Detection for 6 Years
A shellcode-based packer dubbed TrickGate has been successfully operating without attracting notice for over six years, while enabling threat actors to deploy a wide range of malware such as TrickBot, Emotet, AZORult, Agent Tesla, FormBook, Cerber, Maze, and REvil over the years.
"TrickGate managed to stay under the radar for years because it is transformative – it undergoes changes periodically
http://dlvr.it/Shm4NK
http://dlvr.it/Shm4NK
Tuesday, January 31, 2023
Titan Stealer: A New Golang-Based Information Stealer Malware Emerges
A new Golang-based information stealer malware dubbed Titan Stealer is being advertised by threat actors through their Telegram channel.
"The stealer is capable of stealing a variety of information from infected Windows machines, including credential data from browsers and crypto wallets, FTP client details, screenshots, system information, and grabbed files," Uptycs security researchers
http://dlvr.it/Shj9Sw
http://dlvr.it/Shj9Sw
Realtek Vulnerability Under Attack: Over 134 Million Attempts to Hack IoT Devices
Researchers are warning about a spike in exploitation attempts weaponizing a now-patched critical remote code execution flaw in Realtek Jungle SDK since the start of August 2022.
According to Palo Alto Networks Unit 42, the ongoing campaign is said to have recorded 134 million exploit attempts as of December 2022, with 97% of the attacks occurring in the past four months.
Close to 50% of the
http://dlvr.it/Shj9FV
http://dlvr.it/Shj9FV
Monday, January 30, 2023
Black swans events are shaping the cybersecurity present and future - VentureBeat
Black swans events are shaping the cybersecurity present and future VentureBeat
http://dlvr.it/ShfHB2
http://dlvr.it/ShfHB2
Sunday, January 29, 2023
ISC Releases Security Patches for New BIND DNS Software Vulnerabilities
The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could lead to a denial-of-service (DoS) condition.
"A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions and system failures," the U.S. Cybersecurity
http://dlvr.it/ShcBr0
http://dlvr.it/ShcBr0
Saturday, January 28, 2023
British Cyber Agency Warns of Russian and Iranian Hackers Targeting Key Industries
The U.K. National Cyber Security Centre (NCSC) on Thursday warned of spear-phishing attacks mounted by Russian and Iranian state-sponsored actors for information-gathering operations.
"The attacks are not aimed at the general public but targets in specified sectors, including academia, defense, government organizations, NGOs, think tanks, as well as politicians, journalists and activists," the
http://dlvr.it/ShZBKM
http://dlvr.it/ShZBKM
Friday, January 27, 2023
Researchers Uncover Connection b/w Moses Staff and Emerging Abraham's Ax Hacktivists Group
New research has linked the operations of a politically motivated hacktivist group known as Moses Staff to another nascent threat actor named Abraham's Ax that emerged in November 2022.
This is based on "several commonalities across the iconography, videography, and leak sites used by the groups, suggesting they are likely operated by the same entity," Secureworks Counter Threat Unit (CTU) said
http://dlvr.it/ShWT3T
http://dlvr.it/ShWT3T
Is Once-Yearly Pen Testing Enough for Your Organization?
Any organization that handles sensitive data must be diligent in its security efforts, which include regular pen testing. Even a small data breach can result in significant damage to an organization's reputation and bottom line.
There are two main reasons why regular pen testing is necessary for secure web application development:
Security: Web applications are constantly evolving, and new
http://dlvr.it/ShWSpd
http://dlvr.it/ShWSpd
Thursday, January 26, 2023
The Definitive Browser Security Checklist
Security stakeholders have come to realize that the prominent role the browser has in the modern corporate environment requires a re-evaluation of how it is managed and protected. While not long-ago web-borne risks were still addressed by a patchwork of endpoint, network, and cloud solutions, it is now clear that the partial protection these solutions provided is no longer sufficient. Therefore,
http://dlvr.it/ShSc1H
http://dlvr.it/ShSc1H
North Korean Hackers Turn to Credential Harvesting in Latest Wave of Cyberattacks
A North Korean nation-state group notorious for crypto heists has been attributed to a new wave of malicious email attacks as part of a "sprawling" credential harvesting activity targeting a number of industry verticals, marking a significant shift in its strategy.
The state-aligned threat actor is being tracked by Proofpoint under the name TA444, and by the larger cybersecurity community as
http://dlvr.it/ShSblM
http://dlvr.it/ShSblM
Wednesday, January 25, 2023
Apple Issues Updates for Older Devices to Fix Actively Exploited Vulnerability
Apple has backported fixes for a recently disclosed critical security flaw affecting older devices, citing evidence of active exploitation.
The issue, tracked as CVE-2022-42856, is a type confusion vulnerability in the WebKit browser engine that could result in arbitrary code execution when processing maliciously crafted web content.
While it was originally addressed by the company on November
http://dlvr.it/ShPjJk
http://dlvr.it/ShPjJk
Tuesday, January 24, 2023
Threat Actors Turn to Sliver as Open Source Alternative to Popular C2 Frameworks
The legitimate command-and-control (C2) framework known as Sliver is gaining more traction from threat actors as it emerges as an open source alternative to Cobalt Strike and Metasploit.
The findings come from Cybereason, which detailed its inner workings in an exhaustive analysis last week.
Sliver, developed by cybersecurity company BishopFox, is a Golang-based cross-platform post-exploitation
http://dlvr.it/ShLnLc
http://dlvr.it/ShLnLc
Subscribe to:
Posts (Atom)
German and South Korean Agencies Warn of Kimsuky's Expanding Cyber Attack Tactics
German and South Korean government agencies have warned about cyber attacks mounted by a threat actor tracked as Kimsuky using rogue browser...

-
Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution via an unserialize pop chain in __...
-
Cybersecurity quarterly benchmarks: Q1, 2022 Cybersecurity Dive http://dlvr.it/SPdcjS
-
NCUA cyber breach rule would give credit unions longer reporting window than banks Banking Dive http://dlvr.it/SVVF51