Security Affairs
APT29 group exploited WinRAR 0day in attacks against embassies
Russia-linked cyberespionage group APT29 has been observed leveraging the CVE-2023-38831 vulnerability in WinRAR in recent attacks.
Infosecurity News
Russia’s APT29 Targets Embassies With Ngrok and WinRAR Exploit
Threat group may be looking for intel on Azerbaijan
Bleeping Computer
Russian hackers use Ngrok feature and WinRAR exploit to attack embassies
After Sandworm and APT28 (known as Fancy Bear), another state-sponsored Russian hacker group, APT29, is leveraging the CVE-2023-38831 vulnerability in WinRAR for cyberattacks.
The Hacker News
Russian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted Attacks
Russian cyber espionage group linked to the FSB are using a USB worm called LitterDrifter to target Ukrainian organizations.
Cyber Security News
FBI Shares Tactics & Techniques Used by Scattered Spider Hacker Group
Recently, the FBI and CISA issued a joint Cybersecurity Advisory (CSA) on Scattered Spider threat actors targeting commercial facilities.
The Hacker News
U.S. Cybersecurity Agencies Warn of Scattered Spider's Gen Z Cybercrime Ecosystem
U.S. agencies warn about Scattered Spider cybercriminals using advanced phishing to steal data and extort victims.
Bleeping Computer
FBI shares tactics of notorious Scattered Spider hacker collective
The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency released an advisory about the evasive threat actor tracked as Scattered Spider, a loosely knit hacking collective that now collaborates with the ALPHV/BlackCat Russian ransomware operation..
The Record
Cyber-espionage operation on embassies linked to Russia’s Cozy Bear hackers
Targets in Azerbaijan and Italy bore the brunt of the operation by the Kremlin-backed hackers of APT29, also known as Cozy Bear, according to Ukraine's National Cyber Security Coordination Center.
Bleeping Computer
Microsoft: Octo Tempest is one of the most dangerous financial hacking groups
Microsoft has published a detailed profile of a native English-speaking threat actor with advanced social engineering capabilities it tracks as Octo Tempest, that targets companies in data extortion and ransomware attacks.
Bleeping Computer
Microsoft: Octo Tempest one of the most dangerous financial hacking groups
Microsoft has published a detailed profile of a native English-speaking threat actor with advanced social engineering capabilities it tracks as Octo Tempest, that targets companies in data extortion and ransomware attacks.
Bleeping Computer
New BunnyLoader threat emerges as a feature-rich malware-as-a-service
Security researchers discovered a new malware-as-a-service (MaaS) named 'BunnyLoader' advertised on multiple hacker forums as a fileless loader that can steal and replace the contents of the system clipboard.
Cyber Security News
Multiple APT Hackers Exploiting Fortinet & ManageEngine Vulnerability
FortiOS SSL-VPN safeguards against data breaches, while ManageEngine ServiceDesk Plus offers an integrated help desk and asset management for IT resources.
SecurityWeek
US Aeronautical Organization Hacked via Zoho, Fortinet Vulnerabilities
APTs exploited vulnerabilities in Zoho ManageEngine and Fortinet VPNs to hack an aerospace organization in early January 2023.
Cyber Security News
Hackers Attacking MSSQL Servers To Deploy Ransomware
Threat actors have been utilizing brute force attacks to compromise exposed MSSQL databases to distribute the FreeWorld ransomware.
The Hacker News
Threat Actors Targeting Microsoft SQL Servers to Deploy FreeWorld Ransomware
Hackers target poorly secured MS SQL servers to deploy Cobalt Strike and the new FreeWorld ransomware.
The Hacker News
Hackers Abusing Cloudflare Tunnels for Covert Communications
New research reveals that threat actors are exploiting Cloudflare Tunnels for covert communication channels from compromised hosts.
The Hacker News
TeamTNT's Cloud Credential Stealing Campaign Now Targets Azure and Google Cloud
A malicious actor expands their target beyond AWS. Azure and Google Cloud Platform (GCP) services are now at risk.
Cyber Security News
XSS Vulnerabilities in Azure Services Let Attackers Execute Malicious Scripts
Two severe vulnerabilities in Azure services, Azure Bastion and Azure Container Registry—that allow Cross-Site Scripting (XSS) by leveraging a flaw in the postMessage iframe have been discovered.
The Hacker News
Severe Vulnerabilities Reported in Microsoft Azure Bastion and Container Registry
🔓 Two severe security vulnerabilities have been disclosed in Azure Bastion and Azure Container Registry, potentially enabling unauthorized access.
The Hacker News
New APT Group Red Stinger Targets Military and Critical Infrastructure in Eastern Europe
Researchers uncover new APT group Red Stinger targeting Eastern Europe since 2020. Attackers exfiltrated snapshots, USB drives, keyboard strokes.
Security Affairs
Intro to phishing: simulating attacks to build resiliency
Phishing attacks are a major threat to organizations, they remain a perennial choice of cybercriminals when it comes to hacking their victims. Original post at https://cybernews.com/security/phishing-intro-to-build-resiliency/ While organizations must still account for flashy vulnerability exploitations, denial-of-service campaigns, or movie-themed cyber-heists, phishing-based social engineering attacks remain a perennial choice of cybercriminals when it comes to hacking […]
Security Affairs
CERT of Ukraine says Russia-linked APT backdoored multiple govt sites
The CERT of Ukraine (CERT-UA) revealed that Russia-linked threat actors have compromised multiple government websites this week. The Computer Emergency Response Team of Ukraine (CERT-UA) said that Russia-linked threat actors have breached multiple government websites this week. The government experts attribute the attack to UAC-0056 group (DEV-0586, unc2589, Nodaria, or Lorec53). “the Government Computer Emergency […]
Bleeping Computer
Ukraine says Russian hackers backdoored govt websites in 2021
The Computer Emergency Response Team of Ukraine (CERT-UA) says Russian state hackers have breached multiple government websites this week using backdoors planted as far back as December 2021.
Bleeping Computer
Bluebottle hackers used signed Windows driver in attacks on banks
A signed Windows driver has been used in attacks on banks in French-speaking countries, likely from a threat actor that stole more than $11 million from various banks.
DarkReading
Iranian APT Targets US With Drokbk Spyware via GitHub
The custom malware used by the state-backed Iranian threat group Drokbk has so far flown under the radar by using GitHub as a "dead-drop resolver" to more easily evade detection.
The Hacker News
Researchers Uncover New Drokbk Malware that Uses GitHub as a Dead Drop Resolver
Iranian nation-state hackers are using a new custom malware dubbed Drokbk that uses GitHub as a dead drop resolver to exfiltrate data from an infected
Cyber Security News
U.S Federal Network Hacked - APT Hackers Gained Access to the Domain Controller
A Potential cyber attack on the U.S Federal network where attackers compromised the organization’s DC and possibly deployed crypto Miners.
Infosecurity News
US: Iranian Hackers Breached Government with Log4Shell
Threat actors installed crypto-miner and achieved persistence
Security Affairs
Iran-linked threat actors compromise US Federal Network
Iran-linked threat actors compromised a Federal Civilian Executive Branch organization using a Log4Shell exploit and installed a cryptomining malware. According to a joint advisory published by the FBI and CISA, an Iran-linked APT group compromised a Federal Civilian Executive Branch (FCEB) organization using an exploit for the Log4Shell flaw (CVE-2021-44228) and deployed a cryptomining malware. Log4Shell impacts […]
The Hacker News
Iranian Hackers Compromised a U.S. Federal Agency’s Network Using Log4Shell Exploit
Iranian government-sponsored hackers have been blamed for compromising a U.S. federal agency by exploiting the Log4Shell vulnerability.
SecurityWeek
US Gov Warning: Start Hunting for Iranian APTs That Exploited Log4j
Iranian government-sponsored APT actors hacked into at least one Federal Civilian Executive Branch (FCEB) organization with an exploit for a Log4j vulnerability in an unpatched VMware Horizon server.
CyberScoop
Iranian hackers use Log4Shell to mine crypto on federal computer system
Iranian hackers utilized a flaw in the ubiquitous open-source software library Log4j to breach a U.S. federal agency.
Bleeping Computer
US govt: Iranian hackers breached federal agency using Log4Shell exploit
The FBI and CISA revealed in a joint advisory published today that an unnamed Iranian-backed threat group hacked a Federal Civilian Executive Branch (FCEB) organization to deploy XMRig cryptomining malware.
CyberSecurity Dive
Iran-linked threat actors exploiting Log4Shell via unpatched VMware, feds warn
The actors compromised a federal civilian agency, CISA and the FBI said. Authorities warned VMware users to assume breach and hunt for threats if they skipped patches or workarounds.
Infosecurity News
Ukrainian CERT Discloses New Data-Wiping ‘Ransomware’ Campaign
Somnia malware hijacks Telegram and VPN accounts
Bleeping Computer
Ukraine says Russian hacktivists use new Somnia ransomware
Russian hacktivists have infected multiple organizations in Ukraine with a new ransomware strain called 'Somnia,' encrypting their systems and causing operational problems.
Security Affairs
Daixin Team targets health organizations with ransomware, US agencies warn
US government agencies warned that the Daixin Team cybercrime group is actively targeting the U.S. Healthcare and Public Health sector with ransomware. CISA, the FBI, and the Department of Health and Human Services (HHS) warned that the Daixin Team cybercrime group is actively targeting U.S. businesses, mainly in the Healthcare and Public Health (HPH) Sector, […]
DarkReading
Researchers Spot Snowballing BianLian Ransomware Gang Activity
The operators of the emerging cross-platform ransomware BianLian increased their command and control infrastructure this month, indicating an acceleration in their operational pace.
Infosecurity News
New Ransomware Group BianLian Activity Exploding
The threat actor using the common Go programming language and a custom toolkit claims twenty victims
.jpg)
The Hacker News
Researchers Detail Emerging Cross-Platform BianLian Ransomware Attacks
Researchers describe the operations and techniques used by the operators of the emerging cross-platform BianLian ransomware.
Bleeping Computer
Evasive phishing mixes reverse tunnels and URL shortening services
Security researchers are seeing an uptick in the use of reverse tunnel services along with URL shorteners for large-scale phishing campaigns, making the malicious activity more difficult to stop.
Bleeping Computer
Iranian hackers target VMware Horizon servers with Log4j exploits
An Iranian-aligned hacking group tracked as TunnelVision was spotted exploiting Log4j on VMware Horizon servers to breach corporate networks in the Middle East and the United States.
Security Affairs
Iran-linked TunnelVision APT is actively exploiting the Log4j vulnerability
Iran-linked TunnelVision APT group is actively exploiting the Log4j vulnerability to deploy ransomware on unpatched VMware Horizon servers. Researchers from SentinelOne have observed the potentially destructive Iran-linked APT group TunnelVision is actively exploiting the Log4j vulnerability to deploy ransomware on unpatched VMware Horizon servers. TunnelVision’s TTPs overlap with the ones associated with Iran-linked nation-state actors Phosphorus, Charming Kitten […]
The Hacker News
Iranian Hackers Targeting VMware Horizon Log4j Flaws to Deploy Ransomware
Iranian hackers are actively exploiting VMware Horizon Log4j flaws in order to infect targeted servers with ransomware.
Ars Technica
VMware Horizon servers are under active exploit by Iranian state hackers
TunnelVision group exploits critical Log4j flaw to infect targets with ransomware.
Trend Micro
Defending Systems Against Attacks With Layers of Remote Control
The Trend Micro™ Managed XDR team addressed a stealthy multilayered attack that progressed from an exploited endpoint vulnerability to the use of legitimate remote access tools including Remote Desktop Protocol (RDP) as its final means of intrusion.
The Record
Meta (Facebook) sues operators of 39,000 phishing sites
Meta, the parent company for Facebook, Instagram, and WhatsApp, has filed a lawsuit today in a California court against the operators of more than 39,000 phishing sites that have been hosted through the Ngrok service.
Trend Micro
This Week in Security News: AWS Outposts Ready Launches With 32 Validated Partners and Staples Hit by a Data Breach -
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about how solutions from 32 Amazon Web Services partners – including Trend Micro – are now available for AWS customers to use with their deployments of...