SecurityWeek
Police Dismantle Major Ukrainian Ransomware Operation
Police from several countries have dismantled a major Ukraine-based ransomware operation and arrested its alleged ringleader.
-1.webp)
Cyber Security News
APT Hackers Behind SysJoker Attacking Critical Industrial Sectors
SysJoker malware was initially discovered to be used by the APT group dubbed "WildCard" and was targeting the educational sector of Israel.
The Hacker News
Key Cybercriminals Behind Notorious Ransomware Families Arrested in Ukraine
A coordinated effort led to the arrest of key figures in Ukraine linked to various ransomware attacks, involving LockerGoga, MegaCortex, and Dharma.
Infosecurity News
Ukraine Police Dismantle Major Ransomware Group
Affiliate deployed LockerGoga, MegaCortex, Hive and Dharma
Bleeping Computer
Police dismantle ransomware group behind attacks in 71 countries
In cooperation with Europol and Eurojust, law enforcement agencies from seven nations have arrested in Ukraine the core members of a ransomware group linked to attacks against organizations in 71 countries.
The Record
High-profile ransomware gang suspects arrested in Ukraine
The international operation, centered on Kyiv, essentially neutralized a group known for deploying variants of LockerGoga, MegaCortex, Hive and Dharma ransomware, authorities said.
Infosecurity News
SysJoker Malware: Hamas-Related Threat Expands With Rust Variant
CPR said the malware now uses OneDrive instead of Google Drive for storing dynamic C2 server URLs
Bleeping Computer
New Rust-based SysJoker backdoor linked to Hamas hackers
A new version of the multi-platform malware known as 'SysJoker' has been spotted, featuring a complete code rewrite in the Rust programming language.
SecurityWeek
Citrix, Gov Agencies Issue Fresh Warnings on CitrixBleed Vulnerability
Administrators are urged to patch the recent CitrixBleed NetScaler vulnerability as LockBit starts exploiting it.
The Hacker News
LockBit Ransomware Exploiting Critical Citrix Bleed Vulnerability to Break In
LockBit ransomware affiliates are exploiting the Citrix NetScaler flaw ("Citrix Bleed") to hijack user sessions and gain unauthorized access.
Trend Micro
Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing
The Trend Micro Managed XDR team encountered malicious operations that used techniques similar to the ones used by Genesis Market, a website for facilitating fraud that was taken down in April 2023.
.webp)
Cyber Security News
Rhysida Ransomware Attacking Windows Machine Through VPN Devices and RDP
Rhysida, a new ransomware group, hit its first victim in May 2023. They use their ransomware, offered as RaaS (Ransomware-as-a-Service), with at least 50 global victims listed on their website.
Security Affairs
Experts warn of a surge in NetSupport RAT attacks
Experts warn of a surge in NetSupport RAT attacks against education, government, and business services sectors.
Bleeping Computer
Gamaredon's LittleDrifter USB malware spreads beyond Ukraine
A recently discovered worm that researchers call LittleDrifter has been spreading over USB drives infecting systems in multiple countries as part of a campaign from the Gamaredon state-sponsored espionage group.
Bleeping Computer
Microsoft fixes ‘Something Went Wrong’ Office sign-in errors
Microsoft is rolling out fixes for known Microsoft 365 issues causing 'Something Went Wrong [1001]' sign-in errors and rendering desktop applications unusable for many customers.
The Hacker News
NetSupport RAT Infections on the Rise - Targeting Government and Business Sectors
Education, government, and businesses are under attack by NetSupport RAT, a dangerous remote access trojan.
The Hacker News
DarkGate and PikaBot Malware Resurrect QakBot's Tactics in New Phishing Attacks
New high-volume phishing campaigns mimic tactics of defunct QakBot trojan, hijacking email threads and using unique URLs to deliver DarkGate & PikaBot
The Hacker News
Product Walkthrough: Silverfort's Unified Identity Protection Platform
Silverfort's Unified Identity Protection Platform: A game-changer in cybersecurity. Discover how it protects organizations from identity-based attacks
.webp)
Cyber Security News
LitterDrifter Powershell Worm Rapidly Spreads on USB Drives by Itself
Gamaredon (aka Primitive Bear, ACTINIUM, and Shuckworm), stands out in Russian espionage by exclusively targeting Ukrainian entities.
Security Affairs
APT29 group exploited WinRAR 0day in attacks against embassies
Russia-linked cyberespionage group APT29 has been observed leveraging the CVE-2023-38831 vulnerability in WinRAR in recent attacks.
Infosecurity News
Russia’s APT29 Targets Embassies With Ngrok and WinRAR Exploit
Threat group may be looking for intel on Azerbaijan
Bleeping Computer
Russian hackers use Ngrok feature and WinRAR exploit to attack embassies
After Sandworm and APT28 (known as Fancy Bear), another state-sponsored Russian hacker group, APT29, is leveraging the CVE-2023-38831 vulnerability in WinRAR for cyberattacks.
Security Affairs
Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine
Russia-linked cyberespionage group Gamaredon has been spotted propagating a worm called LitterDrifter via USB.
The Hacker News
Russian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted Attacks
Russian cyber espionage group linked to the FSB are using a USB worm called LitterDrifter to target Ukrainian organizations.
Security Affairs
FBI and CISA warn of attacks by Rhysida ransomware gang
The FBI and CISA warn of attacks carried out by the Rhysida ransomware group against organizations across multiple industry sectors.
Cyber Security News
Hackers Deliver Weaponized LNK Files Through Legitimate Websites
Hackers may exploit LNK files to deliver malicious payloads by disguising them as legitimate shortcuts, and execution of malicious code.
Ars Technica
Teens with “digital bazookas” are winning the ransomware war, researcher laments
LockBit victims, among the world's most powerful firms, can't be bothered to patch, it seems.
The Hacker News
Vietnamese Hackers Using New Delphi-Powered Malware to Target Indian Marketers
Vietnamese hackers behind Ducktail malware launch a new campaign targeting Indian marketing pros.
Trend Micro
A Closer Look at ChatGPT's Role in Automated Malware Creation
This blog entry explores the effectiveness of ChatGPT's safety measures, the potential for AI technologies to be misused by criminal actors, and the limitations of current AI models.
DarkReading
Ducktail Malware Targets the Fashion Industry
Threat actors distributed an archive containing images of new products by major clothing companies, along with a malicious executable disguised with a PDF icon.
.webp)
Cyber Security News
Hackers Trick Windows Users With Malicious Ads to Deliver Malware
Cybersecurity researchers at Malwarebytes recently identified a malicious campaign that mimics the WindowsReport.com portal.
Cyber Security News
Batloader: A Batch File That Delivers Several Different Types of Malware
One of the common methods used for delivering the ransomware, RATs, and Cryptojackers was the use of a batloader.
Bleeping Computer
Hackers breach healthcare orgs via ScreenConnect remote access
Security researchers are warning that hackers are targeting multiple healthcare organizations in the U.S. by abusing the ScreenConnect remote access tool.
CyberNews
New malvertising campaign targets Windows geeks
A threat actor copied a legitimate Windows news website to deliver an infostealer for the CPU-Z processor tool.
Trend Micro
Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518
We encountered the Cerber ransomware exploiting the Atlassian Confluence vulnerability CVE-2023-22518 in its operations.
The Hacker News
Zero-Day Alert: Lace Tempest Exploits SysAid IT Support Software Vulnerability
Microsoft exposes Lace Tempest's latest move: exploiting a zero-day flaw in SysAid IT support software.
Bleeping Computer
Google ads push malicious CPU-Z app from fake Windows news site
A threat actor has been abusing Google Ads to distribute a trojanized version of the CPU-Z tool to deliver the Redline info-stealing malware.
Bleeping Computer
Microsoft: SysAid zero-day flaw exploited in Clop ransomware attacks
Threat actors are exploiting a zero-day vulnerability in the service management software SysAid to gain access to corporate servers for data theft and to deploy Clop ransomware.
The Hacker News
New Malvertising Campaign Uses Fake Windows News Portal to Distribute Malicious Installers
Malicious sites posing as legit Windows news portals spotted distributing malware disguised as CPU-Z.
The Hacker News
MuddyC2Go: New C2 Framework Iranian Hackers Using Against Israel
MuddyWater expands its cyber arsenal with MuddyC2Go, a new C2 framework used in sophisticated attacks targeting Israel.
DarkReading
Evasive Jupyter Infostealer Campaign Showcases Dangerous Variant
The attacks are another manifestation of the concerning rise in information stealers for harvesting data and enabling persistent access to enterprise networks.
Infosecurity News
GootBot Implant Heightens Risk of Post-Infection Ransomware
IBM found Gootloader group opting for GootBot over off-the-shelf tools for lateral movement
The Hacker News
New GootLoader Malware Variant Evades Detection and Spreads Rapidly
A variant of GootLoader, known as GootBot, is enabling hackers to sneak past defenses, spreading rapidly through networks.
Ars Technica
Critical vulnerability in Atlassian Confluence server is under “mass exploitation”
Atlassian's senior management is all but begging customers to take immediate action.
The Hacker News
New Jupyter Infostealer Version Emerges with Sophisticated Stealth Tactics
Jupyter Infostealer is back with stealthy changes. Cyber attackers use manipulated SEO tactics to trick users into downloading malware.
The Hacker News
StripedFly Malware Operated Unnoticed for 5 Years, Infecting 1 Million Devices
StripedFly, a stealthy malware posing as a crypto miner, has infected over a million devices worldwide and has flown under the radar for 5 years.
CSO
Iran-linked spy APT MuddyWater ratchets up anti-Israel attacks: Report
Fake folders and remote access tools are part of the MuddyWater advanced persistent threat (APT) espionage group’s latest campaign against Israeli targets, according to cybersecurity firm Deep Instinct.
Infosecurity News
Israeli Entities Under Attack By MuddyWater’s Advanced Tactics
Deep Instinct said MuddyWater leveraged a new file-sharing service called “Storyblok”
Cyber Security News
Kubernetes Security Flaw Let Attackers Escalate to Admin Privileges
A new escalation vulnerability has been discovered in Kubernetes which allows threat actors to gain administrative privileges on affected pods.
SecurityWeek
Malicious NuGet Packages Abuse MSBuild Integrations for Code Execution
Threat actors are constantly publishing malicious NuGet packages to automatically execute code on developers’ machines.
DarkReading
Malware 'Meal Kits' Serve Up No-Fuss RAT Attacks
The wider availability of turnkey cyberattack kits in the criminal underground is leading to a glut of campaigns using remote access Trojans (RATs).
Bleeping Computer
Malicious NuGet packages abuse MSBuild to install malware
A new NuGet typosquatting campaign pushes malicious packages that abuse Visual Studio's MSBuild integration to execute code and install malware stealthily.
Cyber Security News
Hackers Infect Windows Users with Weaponized MSIX App Packages
MSIX packages can be distributed & installed without administrative privileges, allowing malicious software to traditional security controls.
Cyber Security News
CISA Announces New Logging Tool for Windows-based Devices
CISA has launched a new version of Logging Made Easy (LME), a free and simple log management solution for Windows-based devices.
CSO
New malware campaign uses MSIX packages to infect Windows PCs
The Ghostpulse loader, injected through MSIX packages, is a stealthy dropper that avoids detection by the victim’s scanners.
The Hacker News
Hackers Using MSIX App Packages to Infect Windows PCs with GHOSTPULSE Maware
Cyber criminals are using fake MSIX Windows app packages of popular software to deliver GHOSTPULSE malware loader
The DFIR Report
Netsupport Intrusion Results in Domain Compromise - The DFIR Report
NetSupport Manager is one of the oldest third-party remote access tools still currently on the market with over 33 years of history. This is the first time we will report … Read More
Ars Technica
Microsoft profiles new threat group with unusual but effective practices
Octo Tempest employs tactics that many of its targets aren't prepared for.
DarkReading
Octo Tempest Group Threatens Physical Violence as Social Engineering Tactic
The financially motivated English-speaking threat actors use advanced social engineering techniques, SIM swapping, and even threats of violence to breach targets.
Bleeping Computer
Microsoft 365 users get workaround for ‘Something Went Wrong’ errors
Microsoft shared a workaround for a known Microsoft 365 issue triggering 'Something Went Wrong [1001]' sign-in errors and making desktop applications unusable for many customers.
SecurityWeek
Advanced 'StripedFly' Malware With 1 Million Infections Shows Similarities to NSA-Linked Tools
The StripedFly malware has APT-like capabilities, but remained unnoticed for five years, posing as a cryptocurrency miner.
Infosecurity News
Generative AI A Boon for Organizations Despite the Risk
Experts highlighted the ways generative AI tools can help security teams, and how to mitigate the risks they pose
Bleeping Computer
France says Russian state hackers breached numerous critical networks
The Russian APT28 hacking group (aka 'Strontium' or 'Fancy Bear') has been targeting government entities, businesses, universities, research institutes, and think tanks in France since the second half of 2021.
Bleeping Computer
StripedFly malware framework infects 1 million Windows, Linux hosts
A sophisticated cross-platform malware platform named StripedFly flew under the radar of cybersecurity researchers for five years, infecting over a million Windows and Linux systems during that time.
DarkReading
Complex Spy Platform StripedFly Bites 1M Victims
Sophisticated Windows and Linux malware for stealing data and conducting cyber espionage has flown under the radar, disguised as a cryptominer.
The Hacker News
YoroTrooper: Researchers Warn of Kazakhstan's Stealthy Cyber Espionage Group
YoroTrooper is a unique threat actor - likely originating from Kazakhstan. Get the latest info on tactics, techniques, tools, and targeting of this ac
SecurityWeek
'YoroTrooper' Espionage Group Linked to Kazakhstan
The YoroTrooper espionage group likely consists of individuals from Kazakhstan, Cisco’s Talos security researchers report.
Bleeping Computer
Windows 11 to let admins mandate SMB encryption for outbound connections
Windows 11 will let admins mandate SMB client encryption for all outbound connections, starting with today's Windows 11 Insider Preview Build 25982 rolling out to Insiders in the Canary Channel.
Infosecurity News
Winter Vivern: Zero-Day XSS Exploit Targets Roundcube Servers
ESET Research reported the vulnerability to the Roundcube team on October 12
The Hacker News
Malvertising Campaign Targets Brazil's PIX Payment System with GoPIX Malware
Brazil's popular PIX payment system is under attack! Cybercriminals are using a new malware, GoPIX, to target users searching for "WhatsApp web."
Cyber Security News
Iranian Crambus Actors Modify Windows Firewall Rules To Enable Remote Access
The Crambus espionage group, formally known as OilRig or APT34, has a lengthy history and a great deal of experience conducting prolonged attack.
SecurityWeek
Iranian Hackers Lurked for 8 Months in Government Network
Iran-linked hacking group Crambus spent eight months inside a compromised network of a Middle Eastern government
DarkReading
North Korean State Actors Attack Critical Bug in TeamCity Server
Known threat groups Diamond Sleet and Onyx Sleet focus on cyber espionage, data theft, network sabotage, and other malicious actions, Microsoft says.
Bleeping Computer
Fake KeePass site uses Google Ads and Punycode to push malware
A Google Ads campaign was found pushing a fake KeePass download site that used Punycode to appear as the official domain of the KeePass password manager to distribute malware.
Bleeping Computer
Iranian hackers lurked in Middle Eastern govt network for 8 months
The Iranian hacking group tracked as MuddyWater (aka APT34 or OilRig) breached at least twelve computers belonging to a Middle Eastern government network and maintained access for eight months between February and September 2023.
DarkReading
Iran-Linked 'MuddyWater' Spies on Mideast Gov't for 8 Months
The state-sponsored threat actors (aka APT34, Crambus, Helix Kitten, or OilRig) spent months seemingly taking whatever government data they wished, using never-before-seen tools.
DarkReading
Patch Now: APTs Continue to Pummel WinRAR Bug
State-sponsored cyberespionage actors from Russia and China continue to target WinRAR users with various info-stealing and backdoor malware, as a patching lag plagues the software's footprint.
Infosecurity News
North Korean Attackers Exploiting Critical CI/CD Vulnerability
Microsoft has warned organizations using JetBrains TeamCity server to take immediate steps to mitigate this threat
The Hacker News
Iran-Linked OilRig Targets Middle East Governments in 8-Month Cyber Campaign
Iran-linked cyber threat group, OilRig, conducted an extensive 8-month-long campaign targeting a Middle East government
The Hacker News
Google TAG Detects State-Backed Threat Actors Exploiting WinRAR Flaw
Google TAG security experts uncover Russian and Chinese state-backed threat actors exploiting WinRAR vulnerability (CVE-2023-38831)
Bleeping Computer
Google links WinRAR exploitation to Russian, Chinese state hackers
Google says that several state-backed hacking groups have joined ongoing attacks exploiting a high-severity vulnerability in WinRAR, a compression software used by over 500 million users, aiming to gain arbitrary code execution on targets' systems.
Bleeping Computer
Google links WinRAR exploitation to multiple state hacking groups
Google says multiple state-backed hacking groups are gaining arbitrary code execution on targets' systems by exploiting a high-severity vulnerability in WinRAR, a compression software with over 500 million users.
The Hacker News
Discord: A Playground for Nation-State Hackers Targeting Critical Infrastructure
Nation-state hackers are turning to Discord! Discover how they're using this social platform for potential cyber-espionage.
The Hacker News
Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign
WinRAR users, be alert! Pro-Russian hackers exploited a recent vulnerability in the software. Ensure your version is updated!
Bleeping Computer
The Week in Ransomware - October 13th 2023 - Increasing Attacks
Ransomware gangs continue to pummel the enterprise, with attacks causing disruption in business operations and resulting in data breaches if a ransom is not paid.
DarkReading
Feds: Beware AvosLocker Ransomware Attacks on Critical Infrastructure
CISA and FBI warn the RaaS provider's affiliates are striking critical industries, with more attacks expected to come from additional ransomware groups in the months ahead.
The Hacker News
FBI, CISA Warn of Rising AvosLocker Ransomware Attacks Against Critical Infrastructure
The FBI and CISA issue advisory on AvosLocker ransomware gang. They use open-source tools, leave minimal traces.
Bleeping Computer
FBI shares AvosLocker ransomware technical details, defense tips
The U.S. government has updated the list of tools AvosLocker ransomware affiliates use in attacks to include open-source utilities along with custom PowerShell, and batch scripts.
Bleeping Computer
Malicious Solana, Kucoin packages infect NuGet devs with SeroXen RAT
Malicious NuGet packages appearing to have over 2 million downloads impersonate crypto wallets, crypto exchange, and Discord libraries to infect developers with the SeroXen remote access trojan.
The Hacker News
Malicious NuGet Package Targeting .NET Developers with SeroXen RAT
Malicious NuGet package distributing SeroXen RAT targets .NET developers.
Cyber Security News
Large-scale Akira Ransomware Attacking Unsecured Computers
In order to disrupt human-operated ransomware attacks and prevent attackers from advancing their objectives through lateral movement, it is crucial to swiftly contain any compromised user accounts. Taking this step is essential to limit the attackers’ ability to spread their malicious activity and protect the affected systems and data. Lateral movement success relies on compromising […]
DarkReading
Data Thieves Test-Drive Unique Certificate Abuse Tactic
An SEO poisoning campaign is spreading the RecordBreaker/Raccoon Stealer and LummaC2 infostealers by attempting to confound software certificate checks.
Bleeping Computer
Microsoft Exchange gets ‘better’ patch to mitigate critical bug
The Exchange Team asked admins to deploy a new and "better" patch for a critical Microsoft Exchange Server vulnerability initially addressed in August.
Bleeping Computer
Hackers hijack Citrix NetScaler login pages to steal credentials
Hackers are conducting a large-scale campaign to exploit the recent CVE-2023-3519 flaw in Citrix NetScaler Gateways to steal user credentials.
Trend Micro
Exposing Infection Techniques Across Supply Chains and Codebases
This entry delves into threat actors' intricate methods to implant malicious payloads within seemingly legitimate applications and codebases.
Bleeping Computer
Hundreds of malicious Python packages found stealing sensitive data
A malicious campaign that researchers observed growing more complex over the past half year, has been planting on open-source platforms hundreds of info-stealing packages that counted about 75,000 downloads.
Bleeping Computer
Microsoft: Hackers target Azure cloud VMs via breached SQL servers
Hackers have been observed trying to breach cloud environments through Microsoft SQL Servers vulnerable to SQL injection.
The Hacker News
Microsoft Warns of Cyber Attacks Attempting to Breach Cloud via SQL Server Instance
Microsoft warns of attackers attempting to exploit SQL injection to breach a cloud environment. The company shares details on the attack, highlighting
The Hacker News
Silent Skimmer: A Year-Long Web Skimming Campaign Targeting Online Payment Businesses
Silent Skimmer - A year-long web skimming campaign targets businesses in Asia, North America, and Latin America, stealing sensitive payment data.
Cyber Security News
Threat Actors Use Abnormal Certificates to Deliver Info-stealing Malware
Recently, cybersecurity researchers at ASEC identified that threat actors are actively exploiting abnormal certificates to deliver info-stealing malware.
Cyber Security News
Hackers Lures Drone Manual to Deliver Notorious MerlinAgent malware
Securonix Threat Research has recently uncovered a noteworthy campaign, dubbed STARK#VORTEX, seemingly originating from the threat group UAC-0154
The Hacker News
Ukrainian Military Targeted in Phishing Campaign Leveraging Drone Manuals
Ukrainian military hit by a phishing campaign using drone manuals as bait to deliver a Go-based open-source post-exploitation toolkit called Merlin.
The DFIR Report
From ScreenConnect to Hive Ransomware in 61 hours - The DFIR Report
In 2022, The DFIR Report observed an increase in the adversarial usage of Remote Management and Monitoring (RMM) tools. When compared to post-exploitation channels that heavily rely on terminals, such … Read More
DarkReading
Akira Ransomware Mutates to Target Linux Systems, Adds TTPs
The newly emerged ransomware actively targets both Windows and Linux systems with a double-extortion approach.
The Hacker News
New Variant of Banking Trojan BBTok Targets Over 40 Latin American Banks
Beware Latin America! BBTok banking trojan strikes Brazil & Mexico. Crafty phishing emails, unique payloads, and a sneaky approach.
Trend Micro
Examining the Activities of the Turla APT Group
We examine the campaigns of the cyberespionage group known as Turla over the years, with a special focus on the key MITRE techniques and the corresponding IDs associated with the threat actor group.
Cyber Security News
Silent Skimmer Group Attacking Online Shopping Websites
The "Silent Skimmer" is a financially motivated group that has been detected targeting vulnerable online payment infrastructure
Bleeping Computer
Fake WinRAR proof-of-concept exploit drops VenomRAT malware
A hacker is spreading a fake proof-of-concept (PoC) exploit for a recently fixed WinRAR vulnerability on GitHub, attempting to infect downloaders with the VenomRAT malware.
Cyber Security News
Researchers Uncover the Bond Between the Infamous Remcos RAT and GuLoader
Threat actors adopting the use of two software GuLoader (also known as CloudEyE Protector) and Remcos (Remote administration tool) for malicious purposes
SecurityWeek
Chinese Hackers Target North American, APAC Firms in Web Skimmer Campaign
A Chinese threat actor has been observed targeting organizations in multiple industries to deploy web skimmers on online payment pages.
Cyber Security News
Massive Phishing Attack Targeting 40+ Prominent Companies
Remcos is categorized as a Remote Access Trojan (RAT), granting attackers complete control over compromised computers.
Bleeping Computer
Windows Subsystem for Linux gets new 'mirrored' network mode
Microsoft has released Windows Subsystem for Linux (WSL) 2.0.0 with a set of new opt-in experimental features, including a new network mode and automated memory and disk size cleanup.
The Hacker News
Think Your MFA and PAM Solutions Protect You? Think Again
Identity attacks are on the rise! Are your MFA and PAM solutions truly protecting your organization? New report reveals critical protection gaps.
The Hacker News
NodeStealer Malware Now Targets Facebook Business Accounts on Multiple Browsers
⚠️ Attention Facebook Business Users: Python-based NodeStealer malware has returned. It now targets multiple web browsers to hack accounts.
Bleeping Computer
Fake Cisco Webex Google Ads abuse tracking templates to push malware
Threat actors use Google Ads tracking templates as a loophole to create convincing Webex software search ads that redirect users to websites that distribute the BatLoader malware.
SecurityWeek
Kubernetes Vulnerability Leads to Remote Code Execution
A high-severity vulnerability can be exploited to execute code remotely on any Windows endpoint within a Kubernetes cluster.
Cyber Security News
Kubernetes Command Injection Flaw Allows SYSTEM Code Execution
As per recent reports, Kubernetes has been discovered with a remote code execution vulnerability which could allow a threat actor to execute code on the affected Windows
Bleeping Computer
New Windows 11 feature blocks NTLM-based attacks over SMB
Microsoft added a new security feature to Windows 11 that lets admins block NTLM over SMB to prevent pass-the-hash, NTLM relay, or password-cracking attacks.
The Hacker News
Alert: New Kubernetes Vulnerabilities Enable Remote Attacks on Windows Endpoints
Critical security flaws discovered in Kubernetes could lead to remote code execution with elevated privileges on Windows endpoints within a cluster
The Hacker News
Chinese Redfly Group Compromised a Nation's Critical Grid in 6-Month ShadowPad Campaign
Redfly's espionage operation exposed! For 6 months, they compromised an Asian national grid, stealing credentials and infiltrating computers.
Bleeping Computer
'Redfly' hackers infiltrated power supplier's network for 6 months
An espionage threat group tracked as 'Redfly' hacked a national electricity grid organization in Asia and quietly maintained access to the breached network for six months.
The Hacker News
Cybercriminals Using PowerShell to Steal NTLMv2 Hashes from Compromised Windows
"Steal-It" campaign targets Windows systems in Australia, Poland, and Belgium. Learn how attackers use PowerShell scripts to steal NTLMv2 hashes.
The Hacker News
Cybercriminals Weaponizing Legitimate Advanced Installer Tool in Crypto-Mining Attacks
Discover how cybercriminals are abusing Advanced Installer, a popular software installation packaging tool, to deploy cryptocurrency mining malware.
Bleeping Computer
Windows cryptomining attacks target graphic designer's high-powered GPUs
Cybercriminals are leveraging a legitimate Windows tool called 'Advanced Installer' to infect the computers of graphic designers with cryptocurrency miners.
The Record
GPU-thirsty hackers target architects, designers with cryptomining malware
Hackers are trying to sneak cryptomining malware onto personal computers with powerful graphics processing units (GPUs), which are good at handling complex mathematical puzzles — including those involved with mining cryptocurrency, Cisco Talos said.
(1).png)
Cyber Security News
AttackCrypt: A Payload Encryptor That Allows Malware to Evade Antivirus Scanners
AttackCrypt, an open-source "crypter," was recently used by cybercriminals to hide malware binaries and avoid antivirus detection.
Cyber Security News
Beware of New Fileless Malware that Propagates Through Spam Mail
Threat actors have used phishing emails to distribute fileless malware. The attachment consists of a .hta (HTML Application) file, which can be used for deploying other malware like AgentTesla, Remcos, and LimeRAT.
Cyber Security News
Sophisticated Earth Estries Group Hack Government Agencies and Tech Companies
A new sophisticated cyber espionage group named Earth Estries which overlaps notorious threat group FamousSparrow was unveiled.
The Hacker News
Vietnamese Cybercriminals Targeting Facebook Business Accounts with Malvertising
Cybercriminals are exploiting social media ads on Meta-owned Facebook for malware distribution. With fraudulent ads, they're targeting businesses and
The Hacker News
Beware of MalDoc in PDF: A New Polyglot Attack Allowing Attackers to Evade Antivirus
Hackers are now using a sneaky "MalDoc in PDF" technique to hide malicious Word files within PDFs.
Infosecurity News
Sophisticated Cyber-Espionage Group Earth Estries Exposed
Trend Micro noted that “Earth Estries” employed advanced tactics to infiltrate networks
SecurityWeek
In Other News: Hacking Encrypted Linux Computers, Android Fuzzing, Skype Leaking IPs
Weekly cybersecurity news roundup providing a summary of noteworthy stories that might have slipped under the radar.
The Hacker News
New SuperBear Trojan Emerges in Targeted Phishing Attack on South Korean Activists
Did you know about SuperBear? A recent phishing attack in South Korea exposed this dangerous remote access trojan. Read how this remote access trojan
The Hacker News
Earth Estries' Espionage Campaign Targets Governments and Tech Titans Across Continents
Earth Estries, a hacking group with pro-level skills, targets gov't and tech sectors across 6 countries.
Cyber Security News
Hackers Attack Unpatched Citrix NetScaler Systems to Deploy Ransomware
Threat actors targeting unpatched Citrix NetScaler systems exposed to the internet are being tracked by Sophos X-Ops.
SecurityWeek
'Earth Estries' Cyberespionage Group Targets Government, Tech Sectors
Earth Estries, a cyberspy group possibly linked to China, has targeted governments and tech firms in the US, Germany, South Africa and Asia.
Trend Micro
Earth Estries Targets Government, Tech for Cyberespionage
We break down a new cyberespionage campaign deployed by a cybercriminal group we named Earth Estries. Analyzing the tactics, techniques, and procedures (TTPs) employed, we observed overlaps with the advanced persistent threat (APT) group FamousSparrow as Earth Estries targets governments and organizations in the technology sector.
DarkReading
Unpatched Citrix NetScaler Devices Targeted by Ransomware Group FIN8
Citrix issued a patch for the critical remote code execution bug in July for its NetScaler devices.
Bleeping Computer
Microsoft adds HSTS support to Exchange Server 2016 and 2019
Microsoft announced today that Exchange Server 2016 and 2019 now come with support for HTTP Strict Transport Security (also known as HSTS).
The Hacker News
Citrix NetScaler Alert: Ransomware Hackers Exploiting Critical Vulnerability
Unpatched Citrix systems under attack! Unknown threat actors are exploiting a critical vulnerability (CVE-2023-3519) for ransomware attacks.
Bleeping Computer
Attacks on Citrix NetScaler systems linked to ransomware actor
A threat actor believed to be tied to the FIN8 hacking group exploits the CVE-2023-3519 remote code execution flaw to compromise unpatched Citrix NetScaler systems in domain-wide attacks.
The DFIR Report
HTML Smuggling Leads to Domain Wide Ransomware - The DFIR Report
We’ve previously reported on a Nokoyawa ransomware case in which the initial access was via an Excel macro and IcedID malware. This case, which also ended in Nokoyawa Ransomware, involved … Read More
DarkReading
China Unleashes Flax Typhoon APT to Live Off the Land, Microsoft Warns
The cyber espionage group has created a stealthy, hard-to-mitigate network of persistent access across a range of organizations, but the endgame is unclear.
Bleeping Computer
Microsoft: Stealthy Flax Typhoon hackers use LOLBins to evade detection
Microsoft has identified a new hacking group it now tracks as Flax Typhoon that argets government agencies and education, critical manufacturing, and information technology organizations likely for espionage purposes.
Security Affairs
China-linked Flax Typhoon APT targets Taiwan
China-linked APT group Flax Typhoon targeted dozens of organizations in Taiwan as part of a suspected espionage campaign. Microsoft linked the Chinese APT Flax Typhoon (aka Ethereal Panda) to a cyber espionage campaign that targeted dozens of organizations in Taiwan. The researchers observed Flax Typhoon gaining and maintaining long-term access to Taiwanese organizations’ networks with […]
SecurityWeek
In Other News: Africa Cybercrime Crackdown, Unpatched macOS Flaw, Investor Disclosures
Cybersecurity news on Africa cybercrime, unpatched macOS vulnerabilities, investor cyber disclosures, and SentinelOne sale
Cyber Security News
Flax Typhoon Group Abusing Built-in Operating System Tools to Deploy Malware
Recently, cybersecurity analysts at Microsoft have linked this campaign to 'Flax Typhoon,' a Chinese nation-state actor that has links with 'ETHEREAL PANDA.'
-1.webp)
Cyber Security News
Hackers Use Weaponized LNK Files to Exploit Microsoft Connection Manager Profile
Threat actors have shifted from using malicious macros to malicious LNK files for initial access. This is due to Microsoft's announcement in 2022 to disable macros by default for Office documents downloaded from unknown sources or the internet.
Cyber Security News
Top 3 Malware Threatening Businesses in Q2 2023
ANY.RUN, an interactive online sandbox for fast malware analysis, has published the results of its research into the top cyber threat trends in Q2 2023.
SecurityWeek
In Other News: US Hacking China, Unfixed PowerShell Gallery Flaws, Free Train Tickets
Weekly cybersecurity news roundup that provides a summary of noteworthy stories that might have slipped under the radar for the week of August 14, 2023.
Bleeping Computer
Microsoft PowerShell Gallery vulnerable to spoofing, supply chain attacks
Lax policies for package naming on Microsoft's PowerShell Gallery code repository allow threat actors to perform typosquatting attacks, spoof popular packages and potentially lay the ground for massive supply chain attacks.
Infosecurity News
Critical Flaws in PowerShell Gallery Enable Malicious Exploits
Aqua Nautilus exposed naming policy, ownership verification and module exposure vulnerabilities
DarkReading
'Play' Ransomware Group Targeting MSPs Worldwide in New Campaign
Attackers use remote monitoring and management tools at MSPs to gain unfettered access to target networks.
DarkReading
Cyber Defenders Lead the AI Arms Race for Now
Cyberattackers are slow to implement AI in their attack chains, according to Mandiant's analysis.
CSO
Report: PowerShell Gallery susceptible to typosquatting and other package-management attacks
Aqua Security says PowerShell issue can allow attacks involving registration of malicious packages with names similar to existing popular package names when developers make mistakes.
The Hacker News
Experts Uncover Weaknesses in PowerShell Gallery Enabling Supply Chain Attacks
Security gaps found in Microsoft's PowerShell Gallery enable typosquatting and metadata spoofing. Fake packages deceive users, leading to supply chain
Bleeping Computer
Back to school security against ransomware attacks on K-12 and colleges
As we get back to school, K-12 and colleges are increasingly at risk from ransomware and data theft attacks. Learn more from Specops Software on the steps IT teams at education institutes can take to protect their care orgs from disruption and stolen data.
Latest Hacking News
New Statc Stealer Emerges As Potent Windows Malware
A new info-stealing malware is running active campaigns against Windows users, according to the researchers. Identified as Statc stealer, the malware can pilfer various types of sensitive information, including browser details and stored data. Statc Stealer
DarkReading
XWorm, Remcos RAT Evade EDRs to Infect Critical Infrastructure
Disguised as harmless PDF documents, LNK files trigger a PowerShell script, initiating a Rust-based injector called Freeze[.]rs and a host of malware infections.
The Hacker News
Researchers Uncover Decade-Long Cyber Espionage on Foreign Embassies in Belarus
MoustachedBouncer targets foreign embassies in Belarus. Discover how this skilled group employs AitM attacks and advanced tools.
Security Affairs
Statc Stealer, a new sophisticated info-stealing malware
Experts warn that a new info-stealer named Statc Stealer is infecting Windows devices to steal a broad range of sensitive information. Zscaler ThreatLabz researchers discovered a new information stealer malware, called Statc Stealer, that can steal a broad range of info from Windows devices. The malware can steal sensitive information from various web browsers, including login data, […]
Bleeping Computer
Microsoft Exchange updates pulled after breaking non-English installs
Microsoft has pulled Microsoft Exchange Server's August security updates from Windows Update after finding they break Exchange on non-English installs.
Bleeping Computer
MoustachedBouncer hackers use AiTM attacks to spy on diplomats
A cyberespionage group named 'MoustachedBouncer' has been observed using adversary-in-the-middle (AitM) attacks at ISPs to hack foreign embassies in Belarus.
The Hacker News
New Attack Alert: Freeze[.]rs Injector Weaponized for XWorm Malware Attacks
Malicious actors are leveraging the legitimate Rust-based injector Freeze[.]rs to deploy the XWorm malware in targeted environments.
The Hacker News
New Statc Stealer Malware Emerges: Your Sensitive Data at Risk
Researchers uncover Statc Stealer, a dangerous malware targeting Windows devices. It steals login data, cookies, crypto wallets.
Bleeping Computer
Hackers use open source Merlin post-exploitation toolkit in attacks
Ukraine is warning of a wave of attacks targeting state organizations using 'Merlin,' an open-source post-exploitation and command and control framework.
Naked Security
Microsoft Patch Tuesday: 74 CVEs plus 2 “Exploit Detected” advisories
74 CVEs, and two “Exploitation Detected” advisories, which are nearly but not quite the same as 0-days. Also, two potential Teams treacheries that you really want to fix.
Bleeping Computer
Rhysida ransomware behind recent attacks on healthcare
The Rhysida ransomware as a service (RaaS) operation that emerged in May 2023 is gradually leaving the period of obscurity behind, as a recent wave of attacks on healthcare organizations has forced government agencies and cybersecurity companies to pay closer attention to its operations.
Infosecurity News
Rhysida Ransomware Analysis Reveals Vice Society Connection
Check Point highlighted the necessity of understanding the the entire attack process of ransomware groups
The Hacker News
Microsoft Releases Patches for 74 New Vulnerabilities in August Update
Microsoft's Patch Tuesday for August 2023 addresses 74 vulnerabilities in its software, including 6 Critical and 67 Important security flaws.
The Hacker News
New Report Exposes Vice Society's Collaboration with Rhysida Ransomware
New report uncovers connections between Rhysida and Vice Society ransomware groups. Provides details on targeting, tools, and victim profiles.
Trend Micro
An Overview of the New Rhysida Ransomware
In this blog entry, we will provide details on Rhysida, including its targets and what we know about its infection chain.
Infosecurity News
#BHUSA: Identity Compromise Now the Cause of Most Breaches, CrowdStrike Finds
Pushed to the edges by efficient EDRs, threat actors are forced to use living-off-the-land techniques
Trend Micro
TargetCompany Ransomware Abuses FUD Obfuscator Packers
In this entry, we detail our analysis of how the TargetCompany ransomware abused an iteration of fully undetectable (FUD) obfuscator engine BatCloak to infect vulnerable systems.
CSO
Researchers warn Amazon's AWS System Manager agent can be used as a RAT
Mitiga researchers found that the AWS SSM agent could be hijacked and turned into a remote access trojan that is difficult to detect.
The Hacker News
New Version of Rilide Data Theft Malware Adapts to Chrome Extension Manifest V3
Upgraded version of Rilide malware discovered. Targets Chromium-based web browsers. New version now adopts Chrome Extension Manifest V3.
The Hacker News
New NodeStealer Targeting Facebook Business Accounts and Crypto Wallets
Cybersecurity researchers have discovered a Python variant of NodeStealer malware capable of fully taking over Facebook business accounts.
Bleeping Computer
How to manage a mass password reset due to a ransomware attack
Resetting the passwords for thousands of people after a ransomware attack is challenging, to say the least, for any IT team. Learn more from Specops Software on why organizations are forced into mass password resets and how to make the process manageable.
Infosecurity News
Ongoing STARK#MULE Attack Campaign Discovered
The campaign appears directed at Korean-speaking victims, indicating an origin in North Korea
Bleeping Computer
Microsoft fixes WSUS servers not pushing Windows 11 22H2 updates
Microsoft fixed a known issue impacting WSUS (Windows Server Update Services) servers upgraded to Windows Server 2022, causing them not to push Windows 11 22H2 updates to enterprise endpoints.
Cyber Security News
Weekly Roundup of Threat and Vulnerability from July 23rd to 29th
This week's Threat and Vulnerability Roundup is here! We at Cyber Writes take pride in delivering a weekly roundup of the most up-to-date cybersecurity news.
The Hacker News
Hackers Abusing Windows Search Feature to Install Remote Access Trojans
Malicious actors are exploiting a legitimate Windows search feature to download arbitrary payloads and compromise systems with RATs like AsyncRAT.
Cyber Security News
Hackers Exploit Windows Search Feature to Execute Malware on Infected Systems
Malware authors persistently seek novel approaches to exploit unsuspecting users in the active cyber threat landscape.
Cyber Security News
Hackers Distribute PurpleFox Malware Using Vulnerable MS-SQL Servers
The purple fox malware has been active since 2018, adopting a new technique to deliver its payload through MS SQL servers.
The Hacker News
Fenix Cybercrime Group Poses as Tax Authorities to Target Latin American Users
Fenix, a Mexico-based cyber group, is targeting taxpayers in Mexico and Chile by cloning official tax portals to steal sensitive data.
Cyber Security News
Hackers Use Fake Update Page Mimicking Victim's Browser to Deliver NetSupport RAT
Threat actors deliver NetSupport RAT through a new campaign called Fake SG which could rival with SocGholish.
Cyber Security News
Mallox Ransomware Attacking MS-SQL Servers to Compromise Victims' Networks
A new ransomware strain dubbed, Mallox (aka TargetCompany, FARGO, and Tohnichi) actively targeting and attacking Microsoft SQL (MS-SQL) servers.
DarkReading
Mallox Ransomware Group Activity Shifts Into High Gear
Malicious activity targeting vulnerable SQL servers has surged 174% compared to 2022, Palo Alto's Unit 42 says.
The Hacker News
Mallox Ransomware Exploits Weak MS-SQL Servers to Breach Networks
Mallox ransomware surges 174% in 2023, employing double extortion tactics by stealing data before encryption.
SecurityWeek
P2PInfect: New Peer-to-Peer Worm Targeting Redis Servers
The Rust-based peer-to-peer worm ‘P2PInfect’ is targeting a Lua sandbox escape vulnerability in internet-accessible Redis servers.
Security Affairs
P2PInfect, a Rusty P2P worm targets Redis Servers on Linux and Windows systems
Cybersecurity researchers discovered a new peer-to-peer (P2P) worm called P2PInfect that targets Redis servers. Palo Alto Networks Unit 42 researchers have discovered a new peer-to-peer (P2P) worm called P2PInfect that targets Redis servers running on both Linux and Windows systems. The capability to target Redis servers running on both Linux and Windows operating systems makes P2PInfect more scalable and […]
The Hacker News
Turla's New DeliveryCheck Backdoor Breaches Ukrainian Defense Sector
A new cyber threat named DeliveryCheck has targeted the defense sector in Ukraine and Eastern Europe. DeliveryCheck spreads through malicious macros.
The Hacker News
New P2PInfect Worm Targeting Redis Servers on Linux and Windows Systems
Cybersecurity researchers have discovered a powerful cloud-targeting worm called P2PInfect. It exploits vulnerable Redis instances on Linux and Window
Bleeping Computer
Microsoft: Hackers turn Exchange servers into malware control centers
Microsoft and the Ukraine CERT warn of new attacks by the Russian state-sponsored Turla hacking group, targeting the defense industry and Microsoft Exchange servers with a new 'DeliveryCheck' malware backdoor.
The Record
Russia’s Turla hackers target Ukraine’s defense with spyware
The Russian hacking group Turla is attacking Ukrainian defense forces with spying malware, according to new research from the country’s computer emergency response team (CERT-UA).
Security Affairs
FIN8 Group spotted delivering the BlackCat Ransomware
The cybercrime group FIN8 is using a revamped version of the Sardonic backdoor to deliver the BlackCat ransomware. The financially motivated group FIN8 (aka Syssphinx) was spotted using a revamped version of a backdoor tracked as Sardonic to deliver the BlackCat ransomware (aka Noberus ransomware). Sardonic is a sophisticated backdoor that supports a wide range of features that was designed […]
The Hacker News
FIN8 Group Using Modified Sardonic Backdoor for BlackCat Ransomware Attacks
FIN8, known for targeting PoS systems, is now using Sardonic backdoor to deploy BlackCat ransomware
SecurityWeek
Two New Adobe ColdFusion Vulnerabilities Exploited in Attacks
At least two new Adobe ColdFusion vulnerabilities have been exploited in the wild, including one that has not been completely patched
Infosecurity News
Ukraine's CERT-UA Exposes Gamaredon's Rapid Data Theft Methods
The group utilize malware like GAMMASTEEL to rapidly exfiltrate files within 30-50 minutes
The Hacker News
CERT-UA Uncovers Gamaredon's Rapid Data Exfiltration Tactics Following Initial Compromise
New report reveals the alarming activities of Gamaredon, a notorious Russian hacking crew. They exploit email and messaging platforms to compromise.