CSO
North Korean hackers mix code from proven malware campaigns to avoid detection
Threat actors are combining RustBucket loader with KandyKorn payload to effect an evasive and persistent RAT attack.
The Hacker News
N. Korean Hackers 'Mixing' macOS Malware Tactics to Evade Detection
Lazarus Group's evolving cyber tactics target macOS systems by combining elements from multiple malware campaigns for better effectiveness and to avoi
SecurityWeek
US, UK Cybersecurity Agencies Publish AI Development Guidance
New guidance from US and UK cybersecurity agencies provides recommendations for secure AI system development.
-1.webp)
Cyber Security News
Hackers Using Malicious Browser Extensions to Steal Facebook Business Accounts
Ducktail is a specifically designed information stealer that can have severe consequences, such as privacy breaches and identity theft.
The Hacker News
Alert: New WailingCrab Malware Loader Spreading via Shipping-Themed Emails
New Malware Alert: WailingCrab, a sophisticated loader, is spreading via shipping-themed email messages.
Cyber Security News
WailingCrab Malware Abuse Messaging Protocol for C2 Communications
WailingCrab's backdoor component has been in contact with the C2 since the middle of 2023 via the lightweight IoT message protocol MQTT.
Security Affairs
Enterprise software provider TmaxSoft leaks 2TB of data
TmaxSoft , a Korean IT company developing and selling enterprise software has leaked over 50 million sensitive records.
CyberNews
Enterprise software provider Tmax leaks 2TB of data
Tmax has leaked over 50 million sensitive records.
The Hacker News
New Agent Tesla Malware Variant Using ZPAQ Compression in Email Attacks
New variant of Agent Tesla malware identified. It's a keylogger and remote access trojan (RAT) offered as part of a malware-as-a-service (MaaS) model.
The Hacker News
Mustang Panda Hackers Targets Philippines Government Amid South China Sea Tensions
China-linked Mustang Panda cyber actor targets Philippines government entity amid South China Sea tensions.
DarkReading
Amid Military Buildup, China Deploys Mustang Panda in the Philippines
China pairs cyber and kinetic attacks in the South Pacific as it continues to wrangle control of the South China Sea.
CyberNews
British Library ransom attack claimed, data leak confirmed
The British Library confirms data has been leaked as it struggles to recover from a November 6 ransomware attack claimed by the e Rhysida ransom gang.
SecurityWeek
CISA Releases Cybersecurity Guidance for Healthcare, Public Health Organizations
New CISA guidance details cyber threats and risks to healthcare and public health organizations and recommends mitigations.
SecurityWeek
Morgan Stanley Fined $6.5 Million for Exposing Customer Information
Morgan Stanley agrees to pay $6.5 million for exposing personal information through negligent data-security practices.
Security Affairs
APT29 group exploited WinRAR 0day in attacks against embassies
Russia-linked cyberespionage group APT29 has been observed leveraging the CVE-2023-38831 vulnerability in WinRAR in recent attacks.
Infosecurity News
Russia’s APT29 Targets Embassies With Ngrok and WinRAR Exploit
Threat group may be looking for intel on Azerbaijan
Bleeping Computer
Russian hackers use Ngrok feature and WinRAR exploit to attack embassies
After Sandworm and APT28 (known as Fancy Bear), another state-sponsored Russian hacker group, APT29, is leveraging the CVE-2023-38831 vulnerability in WinRAR for cyberattacks.
The Hacker News
Russian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted Attacks
Russian cyber espionage group linked to the FSB are using a USB worm called LitterDrifter to target Ukrainian organizations.
The Record
Remcos, again: Ukrainian agencies targeted in a new spying campaign
In a recent campaign, the hacking group tracked as UAC-0050 attempted to spread the Remcos remote access tool, according to research by Ukraine's computer emergencies response team (CERT-UA).
SecurityWeek
Bad Bots Account for 73% of Internet Traffic: Analysis
A new report estimates that 73% of all internet traffic currently (Q3, 2023) comprises bad bots and related fraud farm traffic.
The Hacker News
How to Automate the Hardest Parts of Employee Offboarding
Eliminate 90% of the time and effort in finding and offboarding cloud and SaaS accounts. Say goodbye to IT offboarding headaches.
The Hacker News
Russian Hackers Linked to 'Largest Ever Cyber Attack' on Danish Critical Infrastructure
Denmark's energy sector hit by massive cyberattack! In May 2023, 22 Danish energy sector companies were simultaneously targeted.
SecurityWeek
CISA Outlines AI-Related Cybersecurity Efforts
CISA details its efforts to promote the use of AI in cybersecurity and guide critical infrastructure in adopting AI.
SecurityWeek
Adobe Patch Tuesday: Critical Bugs in Acrobat, Reader, ColdFusion
Adobe patches 72 security bugs and calls special attention to code-execution defects in the widely deployed Acrobat and Reader software.
.jpg)
DarkReading
Royal Ransom Demands Exceed $275M, Rebrand in Offing
The swift-moving ransomware crew continues to evolve quickly and has already attacked more than 350 victims since it was first detected just over a year ago.
CyberNews
Denmark hit with largest cyberattack on record
Hackers potentially linked to Russia’s military intelligence carried out a series of highly coordinated cyberattacks on Danish energy infrastructure, a report says.
The Hacker News
Vietnamese Hackers Using New Delphi-Powered Malware to Target Indian Marketers
Vietnamese hackers behind Ducktail malware launch a new campaign targeting Indian marketing pros.
The Record
Cyber-espionage operation on embassies linked to Russia’s Cozy Bear hackers
Targets in Azerbaijan and Italy bore the brunt of the operation by the Kremlin-backed hackers of APT29, also known as Cozy Bear, according to Ukraine's National Cyber Security Coordination Center.
DarkReading
Ducktail Malware Targets the Fashion Industry
Threat actors distributed an archive containing images of new products by major clothing companies, along with a malicious executable disguised with a PDF icon.
Cyber Security News
10 Best Digital Forensic Investigation Tools - 2024
Best Free Digital Forensic Tools: 1. Sleuth Kit (+Autopsy) 2. Forensic Investigator 3.Autopsy 4. Dumpzilla 5. X-Ways Forensics.
Cyber Security News
SideCopy APT group Exploiting WinRAR Zero-Day to Deliver Ares RAT
SideCopy, the Pakistani-based threat actor, has been using the WinRAR vulnerability (CVE-2023-38831) to target Indian government entities.
Cyber Security News
Hackers Weaponize PDF Files to Deliver Multiple Ransomware Variants
PDF files are commonly used for their versatility, making them a prime target for malware delivery because they can embed malicious scripts or links.
CyberNews
Be careful what you scan: QR scams increase by 51%
Threat actors are using malicious QR codes to steal valuable data and money. Experts say it’s still difficult to detect and mitigate the threats spread by this method.
Infosecurity News
Quishing Campaigns Spike 50% in September
QR code phishing is becoming increasingly popular
Trend Micro
Threat Actors Leverage File-Sharing Service and Reverse Proxies for Credential Harvesting
We analyzed a phishing campaign involving malicious emails containing a link to a file-sharing solution, which further leads to a PDF document with a secondary link designed to steal login info and session cookies.
Cyber Security News
RedLine Malware Steals Sensitive Data and Installs More Malware
Researchers from Any Run saw again its active activity intended to develop to steal, cause financial loss, and data, targeting both enterprise and personal devices.
The Hacker News
Offensive and Defensive AI: Let’s Chat(GPT) About It
Get the full story on the dangers of the rapidly growing consumer application, ChatGPT, and learn how to resist cyber crime.
Ars Technica
OpenAI introduces custom AI assistants called “GPTs” that play different roles
Users can build and share custom-defined roles—from math mentor to sticker designer.
Cyber Security News
Threat and Vulnerability Roundup for the week of October 29th to November 4th
welcome to Cyber Writes' weekly publication - the Threat and Vulnerability Roundup! Get ready to dive into the latest and greatest in cybersecurity, as we bring you the most up-to-date information each week.
The Hacker News
Iran's MuddyWater Targets Israel in New Spear-Phishing Cyber Campaign
Iranian state-backed hackers, MuddyWater, has evolved its tactics. They're now using N-able's Advanced Monitoring Agent.
SecurityWeek
DPI: Still Effective for the Modern SOC?
DPI can still be useful in a modern SOC, but its effectiveness and relevance depend on the specific security needs of the organization.
The Hacker News
North Korean Hackers Targeting Crypto Experts with KANDYKORN macOS Malware
State-sponsored North Korean hackers are using a sneaky macOS malware called KANDYKORN to target crypto engineers via Discord.
Infosecurity News
Arid Viper Campaign Targets Arabic-Speaking Users
Cisco Talos said the group deployed customized mobile Android malware in the APK format
SecurityWeek
Extending ZTNA to Protect Against Insider Threats
Overcoming the failures and challenges of Zero Trust Network Access (ZTNA) for in-office and remote users
The Hacker News
PentestPad: Platform for Pentest Teams
Pen test team up with PentestPad to supercharge your performance & achieve exceptional results with automated report generation, real-time collaborati
Bleeping Computer
Hackers email stolen student data to parents of Nevada school district
The Clark County School District (CCSD) in Nevada is dealing with a potentially massive data breach, as hackers email parents their children's' data that was allegedly stolen during a recent cyberattack.
Cyber Security News
11 Best Cloud Access Security Broker Software (CASB) - 2023
Best Cloud Access Security Broker (CASB) Software: 1. DoControl CASB 2. Microsoft Cloud App Security 3. Forcepoint 4. Palo Alto Networks.
Ars Technica
Hackers can force iOS and macOS browsers to divulge passwords and much more
iLeakage is practical and requires minimal resources. A patch isn't (yet) available.
SecurityWeek
Personal Information Stolen in City of Philadelphia Email Hack
The City of Philadelphia says personal, health, and financial information was stolen in a cyberattack on its email environment.
Bleeping Computer
Hackers backdoor Russian state, industrial orgs for data theft
Several state and key industrial organizations in Russia were attacked with a custom Go-based backdoor that performs data theft, likely aiding espionage operations.
Cyber Security News
How To Locate Your BitLocker Recovery Key And Initiate BitLocker Recovery
A BitLocker recovery key is a unique 48-character alphanumeric code generated when you enable BitLocker drive encryption on a Windows compuer
DarkReading
Ducktail Infostealer, DarkGate RAT Linked to Same Threat Actors
Vietnamese cybercrime groups are using multiple different MaaS infostealers and RATs to target the digital marketing sector.
SecurityWeek
In Other News: Energy Services Firm Hacked, Tech CEO Gets Prison Time, X Glitch Leads to CIA Channel Hijack
Summary of notable cybersecurity news stories that may be top headlines, but are important for the week of October 16, 2023.
The Hacker News
Malvertisers Using Google Ads to Target Users Searching for Popular Software
Beware of fake software ads on Google Search! Hackers use Google Ads to direct users searching for popular software to malicious copycats.
Bleeping Computer
Fake Corsair job offers on LinkedIn push DarkGate malware
A threat actor is using fake LinkedIn posts and direct messages about a Facebook Ads specialist position at hardware maker Corsair to lure people into downloading info-stealing malware like DarkGate and RedLine.
The Hacker News
ExelaStealer: A New Low-Cost Cybercrime Weapon Emerges
Researchers warn of ExelaStealer, a new information stealer targeting Windows systems. It steals sensitive data like passwords, credit card numbers.
DarkReading
Patch Now: APTs Continue to Pummel WinRAR Bug
State-sponsored cyberespionage actors from Russia and China continue to target WinRAR users with various info-stealing and backdoor malware, as a patching lag plagues the software's footprint.
SecurityWeek
US Government Releases Anti-Phishing Guidance
CISA, NSA, FBI, and MS-ISAC have released guidance and prevention recommendations on common phishing techniques.
SecurityWeek
Three Months After Patch, Gov-Backed Actors Exploiting WinRAR Flaw
Google says it is still catching government-backed groups linked to China and Russia launching WinRAR exploits in targeted attacks.
Cyber Security News
Sophos Firewall Password Disclosure Vulnerability: Patch Now!
A serious security flaw in the Sophos Firewall system has been quickly fixed by Sophos, a leading provider of cybersecurity solutions.
SecurityWeek
Recent NetScaler Vulnerability Exploited as Zero-Day Since August
Mandiant says the recently patched Citrix NetScaler vulnerability CVE-2023-4966 had been exploited as zero-day since August.
The Record
Russia and China-linked hackers exploit WinRAR bug
Hackers connected to the governments of Russia and China are allegedly using a vulnerability in a popular Windows tool to attack targets around the world, including in Ukraine and Papua New Guinea.
Cyber Security News
Top 10 Best Insider Risk Management Platforms - 2023
Best Insider Risk Management Platforms. 1. DoControl 2.ActivTrak 3. Elevate Platform 4. Splunk 5.Varonis 6.Forcepoint 7.Securonix 8. Observe It 9. Exabeam 10.LogRhythm
SecurityWeek
Beyond Quantum: MemComputing ASICs Could Shatter 2048-bit RSA Encryption
The feared ‘cryptopocalypse’ (the death of current encryption) might be sooner than expected – caused by in-memory computing ASICs rather than quantum computers.
SecurityWeek
US Gov Expects Widespread Exploitation of Atlassian Confluence Vulnerability
CISA, FBI, and MS-ISAC warn of potential widespread exploitation of CVE-2023-22515, a critical vulnerability in Atlassian Confluence.
Latest Hacking News
DarkGate Malware Becomes Active, Spreads Via Skype Accounts
The notorious DarkGate malware has become active again, as it now spreads via compromised Skype accounts. Researchers warn users to remain cautious while interacting with unknown accounts. DarkGate Malware Spreads Via Compromised Skype Accounts According to a
The Hacker News
Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign
WinRAR users, be alert! Pro-Russian hackers exploited a recent vulnerability in the software. Ensure your version is updated!
SecurityWeek
Academics Devise Cyber Intrusion Detection System for Unmanned Robots
Australian AI researchers teach an unmanned military robot’s operating system to identify MitM cyberattacks.
-1.webp)
Cyber Security News
Hackers Abusing Skype and Teams to Deliver the DarkGate Malware
o spread the DarkGate malware to the targeted businesses, hackers utilized the Teams and Skype messaging platforms.
The Hacker News
DarkGate Malware Spreading via Messaging Services Posing as PDF Files
DarkGate malware is now spreading through instant messaging apps like Skype & Microsoft Teams.
DarkReading
DarkGate Operator Uses Skype, Teams Messages to Distribute Malware
A plurality of the targets in the ongoing campaign have been based in the Americas.
Cyber Security News
Critical Google Chrome User-After-Free Site Isolation Flaw
As part of a security update for Chrome, Google has upgraded the Stable channels to 118.0.5993.70 for Mac and Linux and 118.0.5993.70/.71 for Windows.
SecurityWeek
CISO Pay Increases Are Slowing – a Look Behind the Figures
CISO salary and total compensation levels are growing more slowly than recent years, and security budget increases are also deflated in 2023
Trend Micro
DarkGate Opens Organizations for Attack via Skype, Teams
We detail an ongoing campaign abusing messaging platforms Skype and Teams to distribute the DarkGate malware to targeted organizations. We also discovered that once DarkGate is installed on the victim’s system, additional payloads were introduced to the environment.
Ars Technica
Adobe launches new symbol to tag AI-generated content—but will anyone use it?
New icon, metadata seek to illuminate origins of content—AI-generated or otherwise.
Infosecurity News
Exploitation Accounts For 29% of Education Sector Attacks
The figures from the latest Critical Start report also suggest 30% come from phishing campaigns
SecurityWeek
US Government Releases Security Guidance for Open Source Software in OT, ICS
CISA, FBI, NSA, and US Treasury published new guidance on improving the security of open source software in OT and ICS.
The Hacker News
U.S. Cybersecurity Agency Warns of Actively Exploited Adobe Acrobat Reader Vulnerability
Adobe Acrobat Reader users, beware! CISA adds high-severity flaw in Adobe Acrobat Reader to its Known Exploited Vulnerabilities list.
SecurityWeek
Chrome 118 Patches 20 Vulnerabilities
Google has released Chrome 118 to the stable channel with patches for 20 vulnerabilities, including one rated ‘critical severity’.
Bleeping Computer
Windows 10 KB5031356 update released with 25 improvements
Microsoft has released the KB5031356 cumulative update for Windows 10 21H2 and Windows 10 22H2, with twenty-five fixes for various issues.
SecurityWeek
Patch Tuesday: Code Execution Flaws in Adobe Commerce, Photoshop
Adobe Commerce customers exposed to code execution, privilege escalation, arbitrary file system read, and security feature bypass attacks.
CyberSecurity Dive
Cloud giants sound alarm on record-breaking DDoS attacks
Google, AWS and Cloudflare warned the HTTP/2 Rapid Reset attacks are beyond anything ever recorded.
The Hacker News
Cybercriminals Using EvilProxy Phishing Kit to Target Senior Executives in U.S. Firms
A new phishing campaign is on the rise, targeting U.S. organizations. Cybercriminals use EvilProxy to hijack accounts.
SecurityWeek
Android Devices With Backdoored Firmware Found in US Schools
Tens of thousands of Android devices have been shipped to end-users with backdoored firmware, Human Security warns.
SecurityWeek
Microsoft Releases New Report on Cybercrime, State-Sponsored Cyber Operations
US, Ukraine, and Israel remain the most heavily attacked by cyberespionage and cybercrime threat actors, Microsoft says.
The Hacker News
Chinese Hackers Target Semiconductor Firms in East Asia with Cobalt Strike
Semiconductor companies in East Asia are under attack. Threat actors posing as TSMC deploy Cobalt Strike beacons via HyperBro backdoor
The Record
China-based spies are hacking East Asian semiconductor companies, report says
Researchers at EclecticIQ attributed the campaign to a China-based group known as Budworm or APT27. The hacking campaign involved lures citing a major Taiwan microchip manufacturer.
Bleeping Computer
China-linked cyberspies backdoor semiconductor firms with Cobalt Strike
Hackers engaging in cyber espionage have targeted Chinese-speaking semiconductor companies with TSMC-themed lures that infect them with Cobalt Strike beacons.
SecurityWeek
CISA, NSA Publish Guidance on IAM Challenges for Developers, Vendors
New US government guidance details the challenges that application developers and vendors face in identity and access management (IAM).
SecurityWeek
Addressing the People Problem in Cybersecurity
The people problem in cybersecurity is two-fold: a lack of security awareness among users and a lack of cybersecurity talent.
Computerworld
Are you looking forward to the new age of mobile app insecurity?
Every day, Apple’s online and physical stores handle thousands of inquiries that relate to issues with third-party products. Sideloading will make it worse.
Infosecurity News
Police Issue “Quishing” Email Warning
Organizations urged to update staff awareness programs
Cyber Security News
New Android Banking Malware Pose as Government App to Target Users
In the cybercrime landscape, researchers at Securelist have also reported on new Lumma stealer and Zanubis Android banking malware versions.
Bleeping Computer
Motel One discloses data breach following ransomware attack
The Motel One Group has announced that it has been targeted by ransomware actors who managed to steal some customer data, including the details of 150 credit cards.
The Hacker News
Cybercriminals Using New ASMCrypt Malware Loader Flying Under the Radar
Cybercriminals are currently employing ASMCrypt, an advanced iteration of DoubleFinger, to evade detection by security tools.
SecurityWeek
Researchers Extract Sounds From Still Images on Smartphone Cameras
Academic researchers devise a method of acoustic eavesdropping using still images captured with smartphone cameras.
SecurityWeek
NIST Publishes Final Version of 800-82r3 OT Security Guide
NIST has published the final version of the SP 800-82 Revision 3 guide to operational technology (OT) security.
Infosecurity News
Android Banking Trojan Zanubis Evolves to Target Peruvian Users
The Trojan utilizes the Obfuscapk obfuscator for Android APK files, Kaspersky explained
SecurityWeek
CISA Unveils New HBOM Framework to Track Hardware Components
CISA unveils a new Hardware Bill of Materials (HBOM) framework for buyers and sellers to communicate about components in physical products.
SecurityWeek
In Other News: New Analysis of Snowden Files, Yubico Goes Public, Election Hacking
Noteworthy stories that might have slipped under the radar: Snowden file analysis, Yubico starts trading, election hacking event.
SecurityWeek
SANS Survey Shows Drop in 2023 ICS/OT Security Budgets
ICS/OT security budgets have decreased in 2023 compared to last year, according to a survey conducted by SANS.
Trend Micro
Examining the Activities of the Turla APT Group
We examine the campaigns of the cyberespionage group known as Turla over the years, with a special focus on the key MITRE techniques and the corresponding IDs associated with the threat actor group.
SecurityWeek
Car Cybersecurity Study Shows Drop in Critical Vulnerabilities Over Past Decade
An automotive cybersecurity study shows that critical-risk vulnerabilities have decreased in the past decade.
SecurityWeek
DHS Publishes New Recommendations on Cyber Incident Reporting
DHS has published a new set of recommendations to help federal agencies better report cyber incidents and protect critical infrastructure.
The Hacker News
Sophisticated Phishing Campaign Targeting Chinese Users with ValleyRAT and Gh0st RAT
Chinese-language speakers under attack! Multiple email phishing campaigns are distributing dangerous malware, including ValleyRAT.
Latest Hacking News
New MidgeDropper Malware Variant Found Targeting Windows Users
Researchers have found a new variant of the MidgeDropper malware typically targeting Windows systems. In fact, the malware specifically aims at work-from-home users with Windows PCs, potentially indicating the attackers’ intentions to exploit the likely
SecurityWeek
CISA Releases New Identity and Access Management Guidance
CISA has released new guidance on how federal agencies can integrate identity and access management into their ICAM architecture.
Cyber Security News
Threat and Vulnerability Roundup For The Week Of 10th to September 16th
This week's Threat and Vulnerability Roundup from Cyber Writes brings you the most recent cybersecurity news.
DarkReading
DoD: China's ICS Cyber Onslaught Aimed at Gaining Kinetic Warfare Advantage
Escalating incursions into military base infrastructure, telecom networks, utilities, and more signal that Beijing is laying the groundwork for mass disruption.
SecurityWeek
In Other News: China Blames NSA for Hack, AI Jailbreaks, Netography Spin-Off
Noteworthy stories that might have slipped under the radar: China blames NSA for a cyberattack, AI jailbreaks, and Netography spin-off.
The Hacker News
Cybercriminals Combine Phishing and EV Certificates to Deliver Ransomware Payloads
Cybercriminals behind RedLine and Vidar info-stealers have shifted their focus towards ransomware, employing phishing campaigns.
DarkReading
Stealer Thugs Behind RedLine & Vidar Pivot to Ransomware
In a notable shift in strategy, the threat actors are abusing code-signing certificates to spread a double whammy of infostealers and ransomware payloads.
Cyber Security News
APT36 Using Customized Malware to Attack Indian Government Linux and Windows Servers
APT36 is an APT (Advanced Persistent Threat) group that is highly sophisticated, is known for conducting targeted espionage in South Asia, and is strongly linked to Pakistan.
Cyber Security News
Adobe PDF Creator Zero-day Vulnerability Exploited in the Wild
As part of its regular Patch Tuesday updates, Adobe has published a security update for Adobe Acrobat PDF and Reader for Windows and macOS.
SecurityWeek
CISOs and Board Reporting – an Ongoing Problem
For CISOs to gain board support, they must translate and report technical cybersecurity concerns and solutions into language that can be understood.
SecurityWeek
CISA Releases Open Source Software Security Roadmap
CISA details its plan to support the open source software ecosystem and secure the use of open source software within the federal government.
The Hacker News
Update Adobe Acrobat and Reader to Patch Actively Exploited Vulnerability
Adobe's September 2023 update addresses a new zero-day vulnerability (CVE-2023-26369) in Acrobat and Reader that attackers are exploiting in the wild.
Trend Micro
RedLine/Vidar Abuses EV Certificates, Shifts to Ransomware
In this blog, we investigate how threat actors used information-stealing malware with EV code signing certificates and later delivered ransomware payloads to its victims via the same delivery method.
Bleeping Computer
New 'MetaStealer' malware targets Intel-based macOS systems
A new information stealer malware named 'MetaStealer' has appeared in the wild, stealing a wide variety of sensitive information from Intel-based macOS computers.
SecurityWeek
Zero Day Summer: Microsoft Warns of Fresh New Software Exploits
Microsoft’s struggles with zero-day exploits rolled into a new month with a fresh Patch Tuesday warning about malware attacks in the wild.
SecurityWeek
Adobe Says Critical PDF Reader Zero-Day Being Exploited
Adobe raises an alarm for new in-the-wild zero-day attacks hitting users of its widely deployed Adobe Acrobat and Reader product.
Bleeping Computer
Microsoft Teams phishing attack pushes DarkGate malware
A new phishing campaign is abusing Microsoft Teams messages to send malicious attachments that install the DarkGate Loader malware.
SecurityWeek
US Aeronautical Organization Hacked via Zoho, Fortinet Vulnerabilities
APTs exploited vulnerabilities in Zoho ManageEngine and Fortinet VPNs to hack an aerospace organization in early January 2023.
SecurityWeek
The Team8 Foundry Method for Selecting Investable Startups
Team8 uses its CISO Village discussions to uncover these new areas of concern, and to determine what cybersecurity solutions are necessary.
CSO
Perception Point tackles QR code phishing attacks
A detection engine aims to stop malicious QR code email quishing campaigns at their source, preventing them from reaching the user’s inbox.
SecurityWeek
CISA Releases Guidance on Adopting DDoS Mitigations
CISA has released new guidance to help federal agencies decide upon and prioritize DDoS mitigations based on mission and reputational impact.
SecurityWeek
Password-Stealing Chrome Extension Demonstrates New Vulnerabilities
Academic researchers design a Chrome extension to steal passwords from input fields and publish it to the Chrome webstore.
Bleeping Computer
W3LL phishing kit hijacks thousands of Microsoft 365 accounts, bypasses MFA
A threat actor known as W3LL developed a phishing kit that can bypass multi-factor authentication along with other tools that compromised more than 8,000 Microsoft 365 corporate accounts.
Cyber Security News
Common Tactics Used by Threat Actors to Weaponize PDFs
Researchers bserved an uptick in threat actors using PDFs for email-based initial access, highlighting a growing trend in evasive tactics.
Infosecurity News
New Attack Technique “MalDoc in PDF” Alarms Experts
JPCERT/CC said it can elude detection by embedding a malicious Word file within a PDF document
Cyber Security News
Sophisticated Earth Estries Group Hack Government Agencies and Tech Companies
A new sophisticated cyber espionage group named Earth Estries which overlaps notorious threat group FamousSparrow was unveiled.
The Hacker News
Beware of MalDoc in PDF: A New Polyglot Attack Allowing Attackers to Evade Antivirus
Hackers are now using a sneaky "MalDoc in PDF" technique to hide malicious Word files within PDFs.
Cyber Security News
Threat and Vulnerability Roundup for the week of August 27th to September 2nd
The latest attack techniques, significant weaknesses, and exploits have all been highlighted. We also provide the most latest software upgrades available to keep your devices secure.
Infosecurity News
Sophisticated Cyber-Espionage Group Earth Estries Exposed
Trend Micro noted that “Earth Estries” employed advanced tactics to infiltrate networks
SecurityWeek
Threat Actors Adopt, Modify Open Source 'SapphireStealer' Information Stealer
Cisco has observed multiple threat actors adopting the SapphireStealer information stealer after its source code was released on GitHub.
DarkReading
Cybercriminals Team Up to Upgrade 'SapphireStealer' Malware
A hacker published a real gem of an infostealer to GitHub that requires zero coding knowledge to use. Then a community sprung up around it, polishing the code to a high shine and creating new, even more robust features.
Ars Technica
Thorny AI ownership questions have Copyright Office seeking public input
Should AI-created works be copyrighted? US regulators want to know what you think.
SecurityWeek
Healthcare Organizations Hit by Cyberattacks Last Year Reported Big Impact, Costs
Roughly 78% of healthcare organizations fell victim to a cyberattack over the past year and 60% of the incidents impacted care delivery
SecurityWeek
How Quantum Computing Will Impact Cybersecurity
Quantum computers would make current data encryption methods obsolete and require new cryptography to protect against these powerful machines
The Hacker News
FBI Dismantles QakBot Malware, Frees 700,000 Computers, Seizes $8.6 Million
Operation Duck Hunt takes down QakBot, a powerful Windows malware! Over 700,000 computers globally compromised. $8.6 Million in crypto seized.
Trend Micro
Earth Estries Targets Government, Tech for Cyberespionage
We break down a new cyberespionage campaign deployed by a cybercriminal group we named Earth Estries. Analyzing the tactics, techniques, and procedures (TTPs) employed, we observed overlaps with the advanced persistent threat (APT) group FamousSparrow as Earth Estries targets governments and organizations in the technology sector.
SecurityWeek
The Reality of Cyberinsurance in 2023
The cyberinsurance industry is maturing. In its early days, it simply accepted cyber risk with few questions asked. It lost money.
Bleeping Computer
MalDoc in PDFs: Hiding malicious Word docs in PDF files
Japan's computer emergency response team (JPCERT) is sharing a new 'MalDoc in PDF' attack detected in July 2023 that bypasses detection by embedding malicious Word files into PDFs.
-1.webp)
Cyber Security News
Hackers Use Weaponized LNK Files to Exploit Microsoft Connection Manager Profile
Threat actors have shifted from using malicious macros to malicious LNK files for initial access. This is due to Microsoft's announcement in 2022 to disable macros by default for Office documents downloaded from unknown sources or the internet.
Bleeping Computer
FBI warns of patched Barracuda ESG appliances still being hacked
The Federal Bureau of Investigation warned that patches for a critical Barracuda Email Security Gateway (ESG) remote command injection flaw are "ineffective," and patched appliances are still being compromised in ongoing attacks.
SecurityWeek
FBI: Patches for Recent Barracuda ESG Zero-Day Ineffective
The FBI says that the patches Barracuda released in May for an exploited ESG zero-day vulnerability (CVE-2023-2868) were not effective.
Bleeping Computer
WinRAR zero-day exploited since April to hack trading accounts
A WinRar zero-day vulnerability tracked as CVE-2023-38831 was actively exploited to install malware when clicking on harmless files in an archive, allowing the hackers to breach online cryptocurrency trading accounts.
SecurityWeek
US Government Publishes Guidance on Migrating to Post-Quantum Cryptography
CISA, NSA, and NIST urge organizations to create quantum-readiness roadmaps and prepare for post-quantum cryptography migration.
-1.webp)
Cyber Security News
Attackers Weaponizing QR Codes to Steal Employees Microsoft Credentials
A recent discovery highlights a significant QR code phishing campaign that targets Microsoft credentials across various industries.
Cyber Security News
Adobe Co-Founder And The Innovator Of PDF Files Passes At 82
Dr. John Warnock, co-founder of Adobe and creator of the PDF, passes away at age 82. The reason for death wasn't disclosed.
SecurityWeek
TP-Link Smart Bulb Vulnerabilities Expose Households to Hacker Attacks
Vulnerabilities in the TP-Link Tapo L530E smart bulb and accompanying mobile application can be exploited to obtain the local Wi-Fi password.
SecurityWeek
US Gov Warns of Foreign Intelligence Cyberattacks Against US Space Industry
The FBI, NCSC, and AFOSI warn US space industry organizations of foreign intelligence targeting and exploitation, including cyberattacks.
.webp)
Cyber Security News
Threat and Vulnerability Roundup for the week of August 13th to 19th
Welcome to Cyber Writes' weekly Threat and Vulnerability Roundup, where we provide the most recent information on cybersecurity news. Take advantage of our extensive coverage and keep yourself updated.
The Hacker News
WoofLocker Toolkit Hides Malicious Codes in Images to Run Tech Support Scams
New WoofLocker sophisticated toolkit tricks users with fake tech support scams, leveraging advanced fingerprinting and redirection mechanisms.
Infosecurity News
QR Code Campaign Targets Major Energy Firm
Cofense said that over 29% of the malicious emails were directed at the energy sector giant
SecurityWeek
In Other News: US Hacking China, Unfixed PowerShell Gallery Flaws, Free Train Tickets
Weekly cybersecurity news roundup that provides a summary of noteworthy stories that might have slipped under the radar for the week of August 14, 2023.
Security Affairs
APT29 is targeting Ministries of Foreign Affairs of NATO-aligned countries
Russia-linked APT29 used the Zulip Chat App in attacks aimed at ministries of foreign affairs of NATO-aligned countries EclecticIQ researchers uncovered an ongoing spear-phishing campaign conducted by Russia-linked threat actors targeting Ministries of Foreign Affairs of NATO-aligned countries. The experts detected two PDF files masqueraded as coming from the German embassy and that contained two […]
SecurityWeek
Malicious QR Codes Used in Phishing Attack Targeting US Energy Company
A widespread phishing campaign using malicious QR codes has hit organizations in various industries, including am energy company in the US.
SecurityWeek
CISA Releases Cyber Defense Plan to Reduce RMM Software Risks
CISA cyber defense plan outlining strategies to help critical infrastructure organizations reduce the risks associated with RMM software.
The Hacker News
Russian Hackers Use Zulip Chat App for Covert C&C in Diplomatic Phishing Attacks
Ongoing campaign targets NATO-aligned foreign affairs ministries. Attackers use PDFs disguised as diplomatic messages.
Security Affairs
A massive phishing campaign using QR codes targets the energy sector
A phishing campaign employing QR codes targeted a leading energy company in the US, cybersecurity firm Cofense reported. Starting from May 2023, researchers from Cofense discovered a large-scale phishing campaign using QR codes in attacks aimed at stealing the Microsoft credentials of users from multiple industries One of the organizations targeted by hackers is a […]
Bleeping Computer
Major U.S. energy org targeted in QR code phishing attack
A phishing campaign was observed predominantly targeting a notable energy company in the US, employing QR codes to slip malicious emails into inboxes and bypass security.
DarkReading
QR Code Phishing Campaign Targets Top US Energy Company
Attackers sent more than 1,000 emails with 2FA, MFA, and other security-related lures aimed at stealing Microsoft credentials.
The Record
Phishing campaign used QR codes to target large energy company
A large phishing campaign uncovered by cybersecurity researchers used malicious QR codes to target a U.S. energy firm.
Ars Technica
Ongoing scam tricks kids playing Roblox and Fortnite
The scams are often disguised as promotions, and they can all be linked to one network.
The Record
PDF lures aimed at NATO countries contain a Russian clue
Documents that appear to be from a Germany embassy contain malware, including a strain with Russian roots called Duke.
Cyber Security News
10 Best Secure Web Gateway Vendors in 2023
Best Secure Web Gateway Vendors : 1. Perimeter 81 2. Zscaler 3. Cisco 4. SonicWall 5. Cloudflare 6. Barracuda 7. McAfee 8. Check Point
Latest Hacking News
New Statc Stealer Emerges As Potent Windows Malware
A new info-stealing malware is running active campaigns against Windows users, according to the researchers. Identified as Statc stealer, the malware can pilfer various types of sensitive information, including browser details and stored data. Statc Stealer
Computerworld
As VR headset adoption grows, privacy issues could emerge
UC-Berkeley researchers found that hand and head motion data could be as good as fingerprints and facial scans at identifying users, raising a host of privacy concerns as headset adoption grows.
DarkReading
XWorm, Remcos RAT Evade EDRs to Infect Critical Infrastructure
Disguised as harmless PDF documents, LNK files trigger a PowerShell script, initiating a Rust-based injector called Freeze[.]rs and a host of malware infections.
Security Affairs
Statc Stealer, a new sophisticated info-stealing malware
Experts warn that a new info-stealer named Statc Stealer is infecting Windows devices to steal a broad range of sensitive information. Zscaler ThreatLabz researchers discovered a new information stealer malware, called Statc Stealer, that can steal a broad range of info from Windows devices. The malware can steal sensitive information from various web browsers, including login data, […]
The Hacker News
New Attack Alert: Freeze[.]rs Injector Weaponized for XWorm Malware Attacks
Malicious actors are leveraging the legitimate Rust-based injector Freeze[.]rs to deploy the XWorm malware in targeted environments.
The Hacker News
New Statc Stealer Malware Emerges: Your Sensitive Data at Risk
Researchers uncover Statc Stealer, a dangerous malware targeting Windows devices. It steals login data, cookies, crypto wallets.
The Hacker News
Interpol Busts Phishing-as-a-Service Platform '16Shop,' Leading to 3 Arrests
Interpol takes down phishing-as-a-service platform 16Shop and makes arrests in Indonesia and Japan.
Ars Technica
“Downfall” bug affects years of Intel CPUs, can leak encryption keys and more
Researchers also disclosed a separate bug called "Inception" for newer AMD CPUs.
SecurityWeek
Automated Security Control Assessment: When Self-Awareness Matters
Automated Security Control Assessment enhances security posture by verifying proper, consistent configurations of security controls.
The Record
Prospect Medical hospitals still recovering from ransomware attack
Sixteen hospitals run by Prospect Medical Holdings are still recovering from a ransomware attack that is being attributed to the Rhysida group and has caused severe outages in four states.
SecurityWeek
UK Think Tank Proposes Greater Ransomware Reporting From Cyberinsurance to Government
The Royal United Services Institute proposes greater reporting from ransomware victims to government, enforced through insurance policies.
Ars Technica
AI researchers claim 93% accuracy in detecting keystrokes over Zoom audio
Mitigating factors include typing style, multi-case passwords, uncommon laptops.
SecurityWeek
In Other News: Cybersecurity Funding Rebounds, Cloud Threats, BeyondTrust Vulnerability
Weekly cybersecurity news roundup with a summary of noteworthy stories that might have slipped under the radar for the week of July 31, 2023.
SecurityWeek
These Are the Top Five Cloud Security Risks, Qualys Says
The top cloud security issues are misconfigurations, external-facing vulnerabilities, weaponized vulnerabilities, malware, and delays in patching.
Security Affairs
OWASP Top 10 for LLM (Large Language Model) applications is out!
The OWASP Top 10 for LLM (Large Language Model) Applications version 1.0 is out, it focuses on the potential security risks when using LLMs. OWASP released the OWASP Top 10 for LLM (Large Language Model) Applications project, which provides a list of the top 10 most critical vulnerabilities impacting LLM applications. The project aims to educate […]
Cyber Security News
What are the Hidden Dangers of .zip Domains and How Can they Mislead Users?
Cybercriminals have already begun using.zip names to trick people into believing they are downloadable files rather than URLs.
Security Affairs
WikiLoader malware-as-a-service targets Italian organizations
Threat actors are targeting Italian organizations with a phishing campaign aimed at delivering a new malware called WikiLoader. WikiLoader is a new piece of malware that is employed in a phishing campaign that is targeting Italian organizations. Threat actors behind the campaign are using WikiLoader to deliver a banking trojan, stealer, and malware such as Ursnif to the […]
The Hacker News
Cybercriminals Renting WikiLoader to Target Italian Organizations with Banking Trojan
A sophisticated malware called WikiLoader is being used to install banking trojan Ursnif and spyware.
.jpg)
DarkReading
Abyss Locker Ransomware Looks to Drown VMware's ESXi Servers
The 4-month-old ransomware gang is now actively targeting VMware's virtual environments with a second variant of its custom malware.
SecurityWeek
In Other News: Data Breach Cost Rises, Russia Targets Diplomats, Tracker Alerts in Android
Weekly cybersecurity news roundup of noteworthy stories that might have slipped under the radar for the week of July 24, 2023.
The Hacker News
STARK#MULE Targets Koreans with U.S. Military-themed Document Lures
Cyber attack campaign STARK#MULE targets Korean speakers using U.S. Military-themed document lures to spread malware.
The Hacker News
Hackers Abusing Windows Search Feature to Install Remote Access Trojans
Malicious actors are exploiting a legitimate Windows search feature to download arbitrary payloads and compromise systems with RATs like AsyncRAT.
Cyber Security News
Hackers Exploit Windows Search Feature to Execute Malware on Infected Systems
Malware authors persistently seek novel approaches to exploit unsuspecting users in the active cyber threat landscape.
SecurityWeek
The Good, the Bad and the Ugly of Generative AI
Thinking through the good, the bad, and the ugly of Generative AI can affords us “the negative focus to survive, but a positive one to thrive.”
Bleeping Computer
SEC now requires companies to disclose cyberattacks in 4 days
The U.S. Securities and Exchange Commission has adopted new rules requiring publicly traded companies to disclose cyberattacks within four business days after determining they're material incidents.
The Hacker News
Casbaneiro Banking Malware Goes Under the Radar with UAC Bypass Technique
Financially motivated hackers behind Casbaneiro banking malware are evolving their tactics to avoid detection
SecurityWeek
In Other News: Military Emails Leaked, Google Restricts Internet Access, Chinese Spyware
Weekly cybersecurity news roundup that provides a summary of noteworthy stories that might have slipped under the radar
Bleeping Computer
GitHub warns of Lazarus hackers targeting devs with malicious projects
GitHub is warning of a social engineering campaign targeting the accounts of developers in the blockchain, cryptocurrency, online gambling, and cybersecurity sectors to infect their devices with malware.
SecurityWeek
Human Cyber-Risk Can Be Demonstrably Mitigated by Behavior Changing Training: Analysis
The process of encouraging secure cyber habits in end users is evolving from traditional awareness training toward changing user behavior.
Infosecurity News
Scam Job Offers Target Uni Students
Threat actors exploit volatile labor market
The Record
Scammers are targeting college kids with fake bioscience job offers
Cybercriminals are targeting college students with fake job offers in the bioscience and health industries with the hope of extracting fees out of victims, experts are warning.
SecurityWeek
US Gov Mercenary Spyware Clampdown Hits Cytrox, Intellexa
The two foreign companies are being sanctioned for “for trafficking in cyber exploits used to gain access to information systems.”
DarkReading
Sogu, SnowyDrive Malware Spreads, USB-Based Cyberattacks Surge
Two separate threat actors are using poisoned USB drives to distribute malware in cyber-espionage campaigns targeting organizations across different sectors and geographies.