CSO
North Korean hackers mix code from proven malware campaigns to avoid detection
Threat actors are combining RustBucket loader with KandyKorn payload to effect an evasive and persistent RAT attack.
The Hacker News
N. Korean Hackers 'Mixing' macOS Malware Tactics to Evade Detection
Lazarus Group's evolving cyber tactics target macOS systems by combining elements from multiple malware campaigns for better effectiveness and to avoi
Security Affairs
Lazarus is using a MagicLine4NX zero-day in supply chain attack
UK and South Korea agencies warn that North Korea-linked APT Lazarus is using a MagicLine4NX zero-day flaw in a supply-chain attack.
The Hacker News
Konni Group Using Russian-Language Malicious Word Docs in Latest Attacks
Threat actor Konni, potentially tied to North Korea, deploys RAT in cyber espionage using Russian Word doc, exploiting WinRAR flaw.
Infosecurity News
North Korean Supply Chain Threat is Booming, UK and South Korea Warn
The UK’s NCSC and South Korea’s NIS issued a joint advisory describing some of North Korean hackers’ tactics in deploying supply chain attacks
DarkReading
Fake Browser Updates Targeting Mac Systems With Infostealer
A pervasive ClearFake campaign targeting Windows systems with Atomic Stealer has expanded its social engineering scams to MacOS users, analysts warn.
CyberNews
Appin group legacy: Indian cyber mercenaries will hack for coin
Researchers from SentilenLabs with a high confidence level attributed intrusions in Norway, Pakistan, China, and India to Appin.
SecurityWeek
Yamaha Motor Confirms Data Breach Following Ransomware Attack
Yamaha Motor discloses ransomware attack impacting the personal information of its Philippines subsidiary’s employees.
The Hacker News
LummaC2 Malware Deploys New Trigonometry-Based Anti-Sandbox Technique
New LummaC2 malware uses trigonometry-based tactic to differentiate between users and security systems, evading sandboxes and security analyses.
The Hacker News
Indian Hack-for-Hire Group Targeted U.S., China, and More for Over 10 Years
Indian Hack-for-Hire Group targeted U.S., China, Pakistan, and more for over a decade.
DarkReading
Shadowy Hack-for-Hire Group Behind Sprawling Web of Global Cyberattacks
For several years operators at New Delhi-based Appin hacked into, spied on, and stole data from targets around the world for clients that included private investigators, government agencies, law enforcement, and others.
Bleeping Computer
Yamaha Motor confirms ransomware attack on Philippines subsidiary
Yamaha Motor's Philippines motorcycle manufacturing subsidiary was hit by a ransomware attack last month, resulting in the theft and leak of some employees' personal information.
SecurityWeek
Researchers Dive Into Activities of Indian Hack-for-Hire Firm Appin
Researchers uncover the activities of Appin, a hack-for-hire Indian firm involved in espionage, surveillance, and disruptive attacks.
The Record
Yamaha and WellLife Network confirm cyber incidents after ransomware gang claims attacks
A ransomware group that has been exploiting a vulnerability in Citrix products posted both companies to its leak site.
Cyber Security News
SentinelOne Set to Acquire a Cybersecurity Consulting Firm, Krebs Stamos Group
In a strategic move aimed at addressing the escalating challenges posed by cyber threats in today's interconnected world, SentinelOne, a global leader in AI security, has unveiled the PinnacleOne Strategic Advisory Group.
SecurityWeek
In Other News: EU Government Surveillance, Rewards for Iranian Hackers, Evolution of Chinese Spying
EU regulation enables government surveillance, US offering rewards for Iranian hackers, evolution of Chinese spying.
The Hacker News
Iran-Linked Imperial Kitten Cyber Group Targeting Middle East's Tech Sectors
Iranian hacker group Imperial Kitten launches cyberattacks on transportation, logistics, and tech sectors, including Israel.
The Record
SentinelOne to acquire cybersecurity consulting firm Krebs Stamos Group
Cybersecurity giant SentinelOne said it is acquiring advisory firm Krebs Stamos Group and creating a new entity called PinnacleOne Strategic Advisory Group.
The Hacker News
N. Korean BlueNoroff Blamed for Hacking macOS Machines with ObjCShellz Malware
BlueNoroff, linked to North Korea's Lazarus Group, is behind a new macOS malware called ObjCShellz.
The Hacker News
Pro-Hamas Hacktivists Targeting Israeli Entities with Wiper Malware
Pro-Hamas hacktivist group using a new Linux-based malware, BiBi-Linux Wiper, to target Israeli entities amid ongoing conflict.
The Hacker News
Malvertising Campaign Targets Brazil's PIX Payment System with GoPIX Malware
Brazil's popular PIX payment system is under attack! Cybercriminals are using a new malware, GoPIX, to target users searching for "WhatsApp web."
The Record
Espionage group uses webmail server zero-day to target European governments
Researchers at security firm ESET said they have been tracking a new campaign by Winter Vivern, which typically supports Russia and Belarus.
The Record
Pro-Ukraine group says it took down Trigona ransomware website
The Ukrainian Cyber Alliance hacktivism group says it wiped out the Trigona gang's servers, defaced its website and exfiltrated data about the operation.
SecurityWeek
In Other News: Ex-Uber Security Chief Appeal, New Offerings From Tech Giants, Crypto Bounty
Noteworthy stories that might have slipped under the radar: Ex-Uber security chief files appeal, tech giants announce new security offerings.
DarkReading
Cloud Security Demand Drives Better Cyber-Firm Valuations — and Deals
Cisco's $28 billion purchase of Splunk was the biggest story, but there were other big security acquisitions and investments during a richer-than-expected quarter.
DarkReading
Reasonable Valuations Drove Mergers and Acquisition Activity in Q3, 2023
Cisco's $28 billion purchase of Splunk was the biggest story, but other security majors made strategic acquisitions as well in a better-than-expected quarter.
SecurityWeek
BlackBerry to Split Cybersecurity, IoT Business Units
BlackBerry plans to split its cybersecurity and IOT (Internet of Things) businesses and pursue an IPO for the IOT unit early next year.
CyberSecurity Dive
Cyberattack against Johnson Controls sparks downstream concerns
Worries mounted quickly after the attack on the building automation and industrial control systems vendor, which works extensively with multiple federal agencies.
SecurityWeek
China's Offensive Cyber Operations in Africa Support Soft Power Efforts
Chinese state-sponsored threat groups have targeted telecoms, financial and government organizations in Africa as part of soft power efforts.
DarkReading
Mysterious 'Sandman' APT Targets Telecom Sector With Novel Backdoor
The Sandman group's main malware is among the very few that use the Lua scripting language and its just-in-time compiler.
The Hacker News
Mysterious 'Sandman' Threat Actor Targets Telecom Providers Across Three Continents
Sandman, a new cyber threat actor, is targeting telecom providers across continents. Read more about this cyber espionage campai
Bleeping Computer
‘Sandman’ hackers backdoor telcos with new LuaDream malware
A previously unknown threat actor dubbed 'Sandman' targets telecommunication service providers in the Middle East, Western Europe, and South Asia, using a modular info-stealing malware named 'LuaDream.'
SecurityWeek
Pakistani APT Uses YouTube-Mimicking RAT to Spy on Android Devices
New versions of Pakistan-linked APT Transparent Tribe’s CapraRAT Android trojan mimic the appearance of YouTube.
The Hacker News
Transparent Tribe Uses Fake YouTube Android Apps to Spread CapraRAT Malware
Suspected Pakistani group, Transparent Tribe, evolves tactics! Using fake YouTube apps to spread CapraRAT trojan, targeting Indian entities.
Latest Hacking News
MetaStealer Emerges As The New Malware Threat For Mac Devices
Researchers have found the new macOS malware “MetaStealer” running active campaigns against Mac devices. The Go-based infostealer lures victims via social engineering, specifically infecting Intel-based Mac systems. MetaStealer Actively Targeting Macs In Recent Malware Campaigns In a
SecurityWeek
macOS Info-Stealer Malware 'MetaStealer' Targeting Businesses
The MetaStealer macOS information stealer has been targeting businesses to exfiltrate keychain and other valuable information.
Bleeping Computer
New 'MetaStealer' malware targets Intel-based macOS systems
A new information stealer malware named 'MetaStealer' has appeared in the wild, stealing a wide variety of sensitive information from Intel-based macOS computers.
SecurityWeek
Finding Your Way in Cloud Security
Framing your cloud security needs around workloads, identity, posture, and enterprise can help you better understand your specific needs.
The Hacker News
Beware: MetaStealer Malware Targets Apple macOS in Recent Attacks
Beware, Mac users! MetaStealer, a new info-stealer malware, is targeting macOS. Learn how it's posing as prospective clients to trick victims into lau
Bleeping Computer
The Week in Ransomware - September 8th 2023 - Conti Indictments
It started as a slow ransomware news week but slowly picked up pace with the Department of Justice announcing indictments on TrickBot and Conti operations members.
Bleeping Computer
Cisco warns of VPN zero-day exploited by ransomware gangs
Cisco is warning of a zero-day vulnerability in its Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) that is actively exploited by ransomware operations to gain initial access to corporate networks.
SecurityWeek
In Other News: LastPass Vault Hacking, Russia Targets Ukraine Energy Facility, NXP Breach
Stories that might have slipped under the radar: LastPass vault hacking, Russia targets energy facility in Ukraine, NXP data breach.
The Hacker News
North Korean Hackers Exploit Zero-Day Bug to Target Cybersecurity Researchers
North Korean hackers using fake social media accounts and exploiting zero-day bugs to compromise cybersecurity researchers.
The Hacker News
Mac Users Beware: Malvertising Campaign Spreads Atomic Stealer macOS Malware
Beware of the latest macOS threat! A new malvertising campaign is actively spreading Atomic Stealer malware, targeting gamers and crypto users.
The Hacker News
North Korean Hackers Deploy New Malicious Python Packages in PyPI Repository
Researchers uncover 3 more malicious Python packages in PyPI repository under VMConnect campaign.
CyberSecurity Dive
CrowdStrike soars on security tool consolidation demand
CEO George Kurtz said the company will consider potential acquisition targets as M&A discussions heat up across the industry.
Bleeping Computer
Hacking campaign bruteforces Cisco VPNs to breach networks
Hackers are targeting Cisco Adaptive Security Appliance (ASA) SSL VPNs in credential stuffing and brute-force attacks that take advantage of lapses in security defenses, such as not enforcing multi-factor authentication (MFA).
SecurityWeek
Acquisition Chatter Swirls Around SentinelOne, BlackBerry
Cybersecurity vendors SentinelOne and BlackBerry have been separately named in public acquisition chatter with a surprise suitor emerging.
The Hacker News
Developers Beware: Malicious Rust Libraries Caught Transmitting OS Info to Telegram Channel
Attention developers! Malicious packages found on Rust's crate registry. They target your machines, capture OS info, and use Telegram for data transfe
Cyber Security News
Threat and Vulnerability Roundup for the week of August 20th to 26th
Critical flaws, exploits, and recent techniques for attacking have all been highlighted. We also offer the most latest software upgrades to keep your devices safe.
SecurityWeek
In Other News: Africa Cybercrime Crackdown, Unpatched macOS Flaw, Investor Disclosures
Cybersecurity news on Africa cybercrime, unpatched macOS vulnerabilities, investor cyber disclosures, and SentinelOne sale
Ars Technica
Microsoft signing keys keep getting hijacked, to the delight of Chinese threat actors
What's the point of locks when hackers can easily get the keys to unlock them?
CyberSecurity Dive
Ransoming Linux and ESXi systems is getting easier
Threat actors are using memory-safe languages to release payloads for Windows, Linux and ESXi simultaneously, SentinelOne researchers warn.
Infosecurity News
XLoader MacOS Malware Variant Returns With OfficeNote Facade
SentinelOne observed that the imitating application targeted users within work environments
-1.webp)
Cyber Security News
XLoader malware Attacking macOS Users Disguised as Signed OfficeNote App
XLoader has been serving as a particularly persistent and adaptable threat since 2015. It has undergone a transformative evolution that demands the attention of security experts.
Security Affairs
Akira ransomware gang spotted targeting Cisco VPN products to hack organizations
The Akira ransomware gang targets Cisco VPN products to gain initial access to corporate networks and steal their data. The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate. Like other ransomware gangs, the […]
Bleeping Computer
Akira ransomware targets Cisco VPNs to breach organizations
There's mounting evidence that Akira ransomware targets Cisco VPN (virtual private network) products as an attack vector to breach corporate networks, steal, and eventually encrypt data.
CyberSecurity Dive
SentinelOne pursues potential sale amid slow growth, report says
The cybersecurity firm recently announced job cuts and is competing in a turbulent market in recent months.
The Hacker News
New Variant of XLoader macOS Malware Disguised as 'OfficeNote' Productivity App
Beware macOS users! A sneaky variant of the XLoader malware hides inside an app called "OfficeNote."
The Record
MacOS version of info-stealing XLoader gets an upgrade
A previous macOS-oriented version of XLoader had some limitations. Researchers say the info-stealer now can run on more machines while potentially dodging detection.
.webp)
Cyber Security News
Threat and Vulnerability Roundup for the week of August 13th to 19th
Welcome to Cyber Writes' weekly Threat and Vulnerability Roundup, where we provide the most recent information on cybersecurity news. Take advantage of our extensive coverage and keep yourself updated.
Security Affairs
Bronze Starlight targets the Southeast Asian gambling sector
Experts warn of an ongoing campaign attributed to China-linked Bronze Starlight that is targeting the Southeast Asian gambling sector. SentinelOne observed China-linked APT group Bronze Starlight (aka APT10, Emperor Dragonfly or Storm-0401) targeting the gambling sector within Southeast Asia. The malware and infrastructure employed in the campaign are linked to the ones observed in Operation ChattyGoblin attributed by the […]
The Hacker News
China-Linked Bronze Starlight Group Targeting Gambling Sector with Cobalt Strike Beacons
Espionage Disguised as Ransomware? Ongoing cyber attacks traced back to China target Southeast Asian gambling.
The Record
Chinese hackers accused of targeting Southeast Asian gambling sector
Hackers based in China are targeting the gambling sector across Southeast Asia in a campaign that researchers say is closely related to data collection and surveillance operations identified earlier this year.
Cyber Security News
Cyber Criminals Turned Mac Systems into Proxy Exit Nodes
Cybersecurity analysts at AT&T Alien Labs recently observed that threat actors are actively turning Mac systems into proxy exit nodes.
SecurityWeek
SecureWorks Laying Off 15% of Employees
Threat detection and response firm SecureWorks is laying off 15% of its staff (roughly 300 people) in the second round of firings this year.
Infosecurity News
Authorities Take Down Lolek Bulletproof Hosting Provider
A Polish national arrested in the US could face up to 45 years in prison if convicted on all counts
.webp)
Cyber Security News
Threat and Vulnerability Roundup for the week of August 6th to 12th
Join us at Cyber Writes for our weekly Threat and Vulnerability Roundup, where we provide the latest updates on cybersecurity news. Keep yourself informed and stay ahead of potential threats with our comprehensive coverage.
SecurityWeek
Black Hat USA 2023 - Announcements Summary
Hundreds of companies and organizations showcased their products and services this week at the 2023 edition of Black Hat in Las Vegas.
The Record
‘MoustachedBouncer’ espionage hackers targeting embassies in Belarus
Four embassies in Belarus were targeted by an espionage campaign, including two from Europe and one each from South Asia and Africa.
Bleeping Computer
Rhysida ransomware behind recent attacks on healthcare
The Rhysida ransomware as a service (RaaS) operation that emerged in May 2023 is gradually leaving the period of obscurity behind, as a recent wave of attacks on healthcare organizations has forced government agencies and cybersecurity companies to pay closer attention to its operations.
SecurityWeek
Cloud Security Firm Kivera Raises $3.5 Million in Seed Funding
Cloud security firm Kivera raised $3.5 million seed funding from General Advance, Round 13 Capital and angel investors.
The Record
Pro-Russian hackers claim attacks on French, Dutch websites
A pro-Russian hacking group NoName057(16) claimed responsibility for cyberattacks on government and public services websites in France and the Netherlands.
CSO
North Korea hacked into Russian missile company: Report
SentinelLabs analyzed leaked emails and associated implants to confirm two North Korea-backed hacker groups intruded into a Russian missile maker.
Security Affairs
North Korea compromised Russian missile engineering firm NPO Mashinostroyeniya
Two North Korea-linked APT groups compromised the infrastructure of the major Russian missile engineering firm NPO Mashinostroyeniya. Cybersecurity firm SentinelOne linked the compromise of the major Russian missile engineering firm NPO Mashinostroyeniya to two different North Korea-linked APT groups. NPO Mashinostroyeniya (JSC MIC Mashinostroyenia, NPO Mash) is a leading Russian manufacturer of missiles and military […]
Cyber Security News
North Korean Hackers Breached Leading Russian Missile & Military Engineering Company
North Korean threat actors actively grabbed the attention of security experts, revealing fruitful campaign insights over the year.
SecurityWeek
North Korean Hackers Targeted Russian Missile Developer
A sanctioned Russian missile maker appears to have been targeted by two important North Korean hacking groups.
The Hacker News
North Korean Hackers Targets Russian Missile Engineering Firm
Two North Korean groups launch a targeted cyber operation on NPO Mashinostroyeniya
The Record
Pro-Russian hackers claim attacks on Italian banks
A pro-Russian hacking group has claimed responsibility for cyberattacks on Italian banks, businesses, and government agencies which flooded networks and disrupted services.
.jpg)
DarkReading
Abyss Locker Ransomware Looks to Drown VMware's ESXi Servers
The 4-month-old ransomware gang is now actively targeting VMware's virtual environments with a second variant of its custom malware.
Latest Hacking News
Fake Games Deliver Redline, Realst Malware On Windows and Mac
Heads up, gamers! If you receive access codes for seemingly lucrative blockchain games, beware! A new malware campaign targets gamers via fake blockchain games, delivering Redline stealer on Windows systems and Realst malware on Mac
DarkReading
Massive macOS Campaign Targets Crypto Wallets, Data
Threat actors are distributing new "Realst" infostealer via fake blockchain games, researchers warn.
The Hacker News
Rust-based Realst Infostealer Targeting Apple macOS Users' Cryptocurrency Wallets
A new malware family called Realst is targeting Apple macOS systems, including macOS 14 Sonoma! Written in Rust programming language.
Bleeping Computer
New Realst macOS malware steals your cryptocurrency wallets
A new Mac malware named "Realst" is being used in a massive campaign targeting Apple computers, with some of its latest variants including support for macOS 14 Sonoma, which is still in development.
Bleeping Computer
Realst info-stealing malware targets macOS cryptocurrency users
A new Mac malware named "Realst" is being used in a massive campaign targeting Apple computers, with some of its latest variants including support for macOS 14 Sonoma, which is still in development.
Bleeping Computer
JumpCloud hack linked to North Korea after OPSEC mistake
A hacking unit of North Korea's Reconnaissance General Bureau (RGB) was linked to the JumpCloud breach after the attackers made an operational security (OPSEC) mistake, inadvertently exposing their real-world IP addresses.
Trend Micro
Trend Vision One™ - A Cybersecurity Consolidation Path
A single-platform approach delivers value greater than the sum of its parts
SecurityWeek
GitHub Warns of North Korean Social Engineering Attacks Targeting Tech Firm Employees
North Korean hackers are targeting employees at technology firms with repository invitations and malicious NPM packages.
Security Affairs
Experts believe North Korea behind JumpCloud supply chain attack
SentinelOne researchers attribute the recent supply chain attacks on JumpCloud to North Korea-linked threat actors. JumpCloud is a cloud-based directory service platform designed to manage user identities, devices, and applications in a seamless and secure manner. It allows IT administrators to centralize and simplify their identity and access management tasks across various systems and applications. […]
Infosecurity News
GitHub Warns Devs of North Korean Attacks
Social engineering campaign designed to deliver malicious npm packages
DarkReading
North Korean Attackers Targeted Crypto Companies in JumpCloud Breach
Analysts continue piecing together who breached JumpCloud, why, and what else they've managed to pull off.
SecurityWeek
JumpCloud Cyberattack Linked to North Korean Hackers
SentinelOne has linked the recent JumpCloud cyberattack to North Korean hackers, based on the published IOCs.
The Hacker News
North Korean State-Sponsored Hackers Suspected in JumpCloud Supply Chain Attack
North Korean state-sponsored groups suspected in the recent supply chain attack on JumpCloud! They used the breach to target cryptocurrency firms.
Bleeping Computer
JumpCloud breach traced back to North Korean state hackers
US-based enterprise software company JumpCloud was breached by North Korean Lazarus Group hackers, according to security researchers at SentinelOne and CrowdStrike.
The Record
North Korean hackers linked to attempted supply-chain attack on JumpCloud customers
The company had initially attributed the incident to a "sophisticated nation-state sponsored threat actor." Reports tied the attack to North Korean hackers in search of cryptocurrency to support the regime.
DarkReading
AWS Cloud Credential Stealing Campaign Spreads to Azure, Google Cloud
The TeamTNT threat actor appears to be setting the stage for broader cloud worm attacks, researchers say.
CyberScoop
Chinese hacking operation puts Microsoft in the crosshairs over security failures
Security deficiencies and business practices have researchers and officials furious at Microsoft for enabling an espionage operation.
SecurityWeek
In Other News: Security Firm Hit by Investor Lawsuit, Satellite Hacking, Cloud Attacks
Weekly cybersecurity news roundup: satellite hacking, security firm lawsuit, cloud attacks, and vulnerability patches.
The Hacker News
TeamTNT's Cloud Credential Stealing Campaign Now Targets Azure and Google Cloud
A malicious actor expands their target beyond AWS. Azure and Google Cloud Platform (GCP) services are now at risk.
SecurityWeek
Microsoft Revokes Many Signed Drivers Used by Chinese Cybercriminals
Microsoft has revoked signed drivers used for post-exploitation activity, in many cases by Chinese cybercriminals.
Infosecurity News
Mexican Hacker Unleashes Android Malware on Global Banks
Neo_Net’s campaign mainly targeted Spanish and Chilean financial institutions
Security Affairs
Neo_Net runs eCrime campaign targeting clients of banks globally
A Mexican threat actor that goes online with the moniker Neo_Net is behind an Android malware campaign targeting banks worldwide. A joint study conducted by vx-underground and SentinelOne recently revealed that a Mexican threat actor that goes online with the moniker Neo_Net is behind an Android malware campaign targeting financial institutions worldwide. The case was […]
Cyber Security News
Neo_Net Hackers Group Targeting users of prominent banks globally
Neo_Net - a Spanish-based threat actor, has conducted campaigns against financial institutions and banks and achieved the highest success rate in spite of its unsophisticated tools.
The Hacker News
DDoSia Attack Tool Evolves with Encryption, Targeting Multiple Sectors
DDoSia attack tool gets an upgrade! Now conceals target lists with new encryption methods.
The Hacker News
Mexico-Based Hacker Targets Global Banks with Android Malware
Neo_Net, a Mexican e-crime actor, is behind an Android malware campaign that's stolen €350,000+ and compromised PII data.
The Hacker News
BlackCat Operators Distributing Ransomware Disguised as WinSCP via Malvertising
BlackCat ransomware now spreading via malvertising! Watch out for rogue installers disguised as legitimate apps like WinSCP.
Cyber Security News
JokerSpy - Multi-Stage macOS Malware Attacking Organisation Worldwide
MacOS is reported to be one of the most security Operating Systems. As of the beginning of 2023, there are over 100 million macOS devices worldwide. Due to its popularity, threat actors have begun to target macOS devices recently.
The Hacker News
ScarCruft Hackers Exploit Ably Service for Stealthy Wiretapping Attacks
ScarCruft, a North Korean threat group linked to state-sponsored activities, has developed a new information-stealing malware with wiretapping feature
Bleeping Computer
The Week in Ransomware - June 16th 2023 - Wave of Extortion
The MOVEit Transfer extortion attacks continue to dominate the news cycle, with the Clop ransomware operation now extorting organizations breached in the attacks.
Bleeping Computer
Rhysida ransomware leaks documents stolen from Chilean Army
Threat actors behind a recently surfaced ransomware operation known as Rhysida have leaked online what they claim to be documents stolen from the network of the Chilean Army (Ejército de Chile).
Ars Technica
Russia-backed hackers unleash new USB-based malware on Ukraine’s military
Shuckworm's relentless attacks seek intel for use in Russia's invasion of Ukraine.
Security Affairs
Experts detail a new Kimsuky social engineering campaign
North Korea-linked APT Kimsuky has been linked to a social engineering campaign aimed at experts in North Korean affairs. SentinelLabs researchers uncovered a social engineering campaign by the North Korea-linked APT group Kimsuky that is targeting experts in North Korean affairs. The attacks are part of a broader campaign recently detailed in a joint advisory published by […]
The Hacker News
Kimsuky Targets Think Tanks and News Media with Social Engineering Attacks
North Korean hacking group Kimsuky targets think tanks, academia, and news media in a sophisticated social engineering campaign.
Infosecurity News
North Korean APT Group Kimsuky Expands Social Engineering Tactics
SentinelOne said the campaign specifically targets experts in North Korean affairs
The Hacker News
New Botnet Malware 'Horabot' Targets Spanish-Speaking Users in Latin America
Heads up, Latin America! A powerful botnet named Horabot is targeting Outlook users with phishing emails, compromising their accounts.
The Hacker News
North Korea's Kimsuky Group Mimics Key Figures in Targeted Cyber Attacks
North Korea's Kimsuky group, a.k.a APT43, wields spear-phishing campaigns and is leveraging social engineering to compromise high-value targets.
Bleeping Computer
Terminator antivirus killer is a vulnerable Windows driver in disguise
A threat actor known as Spyboy is promoting a Windows defense evasion tool called "Terminator" on the Russian-speaking forum RAMP (short for Russian Anonymous Marketplace).
DarkReading
'Operation Magalenha' Attacks Gives Window Into Brazil's Cybercrime Ecosystem
A campaign against customers of Portuguese banks uses a capable financial malware strain dubbed PeepingTitle, written in the Delphi programming language.
The Hacker News
Alert: Brazilian Hackers Targeting Users of Over 30 Portuguese Banks
Portuguese bank users beware! Brazilian hackers are on the prowl, targeting over 30 financial institutions.
The Hacker News
North Korean Kimsuky Hackers Strike Again with Advanced Reconnaissance Malware
Kimsuky, the North Korean APT group, is back in action! They're using a new custom malware called RandomQuery to conduct reconnaissance.
Bleeping Computer
Malicious Windows kernel drivers used in BlackCat ransomware attacks
The ALPHV ransomware group (aka BlackCat) was observed employing signed malicious Windows kernel drivers to evade detection by security software during attacks.
The Hacker News
8220 Gang Exploiting Oracle WebLogic Flaw to Hijack Servers and Mine Cryptocurrency
8220 Hackers are exploiting a six-year-old critical security flaw in Oracle WebLogic servers to build a botnet for crypto mining.
DarkReading
Attackers Target macOS With 'Geacon' Cobalt Strike Tool
Threat actors seen using Go-language implementation of the red-teaming tool on Intel and Apple silicon-based macOS systems.
DarkReading
'MichaelKors' Showcases Ransomware's Fashionable VMware ESXi Hypervisor Trend
Wide use and lack of support for malware detection technologies has made VMware's virtualization technology a prime target for cyberattackers.
Bleeping Computer
Open-source Cobalt Strike port 'Geacon' used in macOS attacks
Geacon, a Go-based implementation of the beacon from the widely abused penetration testing suite Cobalt Strike, is being used more and more to target macOS devices.
The Hacker News
Hackers Using Golang Variant of Cobalt Strike to Target Apple macOS Systems
A Golang variant of Cobalt Strike, known as Geacon, is drawing attention in the cybersecurity world due to a rise in Geacon payloads.
Infosecurity News
Qilin's Dark Web Ransomware Targets Critical Sectors
Group-IB's threat intelligence team said it infiltrated and analyzed Qilin's inner workings
Security Affairs
New RA Group ransomware gang is the latest group using leaked Babuk source code
A previously unknown ransomware group known as RA Group is targeting companies in U.S. and South Korea with leaked Babuk source code. Cisco Talos researchers recently discovered a new ransomware operation called RA Group that has been active since at least April 22, 2023. The group has already compromised three organizations in the U.S. and […]
The Hacker News
New Ransomware Gang RA Group Hits U.S. and South Korean Organizations
RA Group, a newly emerged ransomware gang, is rapidly expanding its operations, targeting organizations in the U.S. and South Korea.
The Hacker News
New 'MichaelKors' Ransomware-as-a-Service Targeting Linux and VMware ESXi Systems
Beware of hypervisor jackpotting! Linux and VMware ESXi systems under attack by the new ransomware-as-service (RaaS) operation MichaelKors.
Bleeping Computer
The Week in Ransomware - May 12th 2023 - New Gangs Emerge
This week we have multiple reports of new ransomware families targeting the enterprise, named Cactus and Akira, both increasingly active as they target the enterprise.
Security Affairs
Leaked source code of Babuk ransomware used by 10 different ransomware families targeting VMware ESXi
The leak of the source code of the Babuk ransomware allowed 9 ransomware gangs to create their own ransomware targeting VMware ESXi systems. SentinelLabs researchers have identified 10 ransomware families using VMware ESXi lockers based on the source code of the Babuk ransomware that was leaked in 2021. The experts pointed out that these ransomware […]
Infosecurity News
Threat Actors Use Babuk Code to Build Hypervisor Ransomware
According to SentinelOne, these novel variants emerged between 2022 and 2023
The Hacker News
Babuk Source Code Sparks 9 Different Ransomware Strains Targeting VMware ESXi Systems
9 new ransomware families emerge from leaked Babuk source code, capable of targeting Linux and ESXi environments
DarkReading
Free Tool Unlocks Some Encrypted Data in Ransomware Attacks
"White Phoenix" automated tool for recovering data on partially encrypted files hit with ransomware is available on GitHub.
Security Affairs
Microsoft Patch Tuesday for May 2023 fixed 2 actively exploited zero-day flaws
Microsoft Patch Tuesday Security updates for May 2023 address a total of 40 vulnerabilities, including two zero-day actively exploited in attacks. Microsoft’s May 2023 security updates address 40 vulnerabilities, including two zero-day flaws actively exploited in attacks. The flaws affect Microsoft Windows and Windows Components; Office and Office Components; Microsoft Edge (Chromium-based); SharePoint Server; Visual […]
DarkReading
North Korean APT Uses Malicious Microsoft OneDrive Links to Spread New Malware
ReconShark, aimed at gaining initial access to targeted systems, is a component of previous malware used by the Kimsuky group.
Infosecurity News
North Korean APT Kimsuky Launches Global Spear-Phishing Campaign
ReconShark is sent via emails containing OneDrive links leading to documents with malicious macros
Security Affairs
North Korea-linked Kimsuky APT uses new recon tool ReconShark
North Korea-linked APT group Kimsuky has been observed using a new reconnaissance tool dubbed ReconShark in a recent campaign. SentinelOne researchers observed an ongoing campaign from North Korea-linked Kimsuky Group that is using a new malware called ReconShark. The reconnaissance tool is delivered through spear-phishing emails, OneDrive links leading to document weaponized downloads, and the execution of malicious […]
The Hacker News
N. Korean Kimsuky Hackers Using New Recon Tool ReconShark in Latest Cyberattacks
North Korean hackers Kimsuky using new ReconShark reconnaissance tool to target individuals via spear-phishing.
Bleeping Computer
Kimsuky hackers use new recon tool to find security gaps
The North Korean Kimsuky hacking group has been observed employing a new version of its reconnaissance malware, now called 'ReconShark,' in a cyberespionage campaign with a global reach.
Infosecurity News
RTM Locker Ransomware Targets Linux Architecture
Security researchers at Uptycs shared the findings in an advisory published on Wednesday
DarkReading
Cisco Unveils Solution to Rapidly Detect Advanced Cyber Threats and Automate Response
Cisco's XDR strategy converges its deep expertise and visibility across the network and endpoints into one turnkey, risk-based solution. Now in Beta with General Availability coming in July 2023, Cisco XDR simplifies investigating incidents and enables security operations centers (SOCs) to immediately remediate threats.
Bleeping Computer
The Week in Ransomware - April 21st 2023 - Macs in the Crosshairs
A lot of news broke this week related to ransomware, with the discovery of LockBit testing macOS encryptors to an outage on NCR, causing massive headaches for restaurants.
DarkReading
'AuKill' Malware Hunts & Kills EDR Processes
Attackers are using custom malware to exploit drivers and terminate security processes so they can deploy ransomware.
Bleeping Computer
3CX hack caused by trading software supply chain attack
An investigation into last month's 3CX supply chain attack discovered that it was caused by another supply chain compromise where suspected North Korean attackers breached the site of stock trading automation company Trading Technologies to push trojanized software builds.
The Hacker News
Daggerfly Cyberattack Campaign Hits African Telecom Services Providers
China-linked Bronze Highland hackers aka Daggerfly group is targeting telecom services providers in Africa using spear-phishing and MgBot malware.
The Hacker News
FIN7 and Ex-Conti Cybercrime Gangs Join Forces in Domino Malware Attacks
Cybercriminal syndicates FIN7 and ex-Conti members have teamed up to launch Domino malware attacks.
The Hacker News
Vice Society Ransomware Using Stealthy PowerShell Tool for Data Exfiltration
Vice Society ransomware gang spotted using bespoke PowerShell tool to exfiltrate data discreetly. The tool enables threat actors to avoid detection.
Bleeping Computer
Vice Society ransomware uses new PowerShell data theft tool in attacks
The Vice Society ransomware gang is deploying a new, rather sophisticated PowerShell script to automate data theft from compromised networks.
Infosecurity News
Pakistan-Aligned Hackers Disrupt Indian Education Sector
APT36 targeted institutions with malicious Office documents distributing Crimson RAT
The Hacker News
New Python-Based "Legion" Hacking Tool Emerges on Telegram
Cybersecurity researchers are warning about a new malware called Legion that's being marketed via Telegram.
The Hacker News
Pakistan-based Transparent Tribe Hackers Targeting Indian Educational Institutions
Pakistan-based Transparent Tribe hacker group is targeting India's education sector with Crimson RAT, a malware.
Bleeping Computer
3CX confirms North Korean hackers behind supply chain attack
VoIP communications company 3CX confirmed today that a North Korean hacking group was behind last month's supply chain attack.
Latest Hacking News
Phone Systems Giant 3CX Supply-Chain Attack Induces A Domino Effect
The popular communication software business 3CX has admitted a supply-chain attack, potentially affecting its customers too. As the attackers trojanized the legit app version, deleting the 3CX Desktop App remains the only working fix for
Security Affairs
3CX Supply chain attack allowed targeting cryptocurrency companies
Threat actors behind the 3CX supply chain attack have targeted a limited number of cryptocurrency companies with a second-state implant. As of Mar 22, 2023, SentinelOne observed a spike in behavioral detections of the 3CXDesktopApp, which is a popular voice and video conferencing software product. The products from multiple cybersecurity vendors started detecting the popular […]
Cyber Security News
AlienFox - A Hacking Toolkit That Steals Credential From Multiple Cloud Services
A recently discovered comprehensive toolset dubbed AlienFox toolkit is circulating on Telegram to scan for poorly configured servers.
Infosecurity News
Modular
Harvesting API keys and secrets from AWS SES, Microsoft Office 365 and other services
CyberSecurity Dive
IBM file transfer service under active exploit, security researchers warn
Ransomware groups are still exploiting a vulnerability in unpatched versions of Aspera Faspex almost four months after IBM issued a patch.
Ars Technica
3CX knew its app was flagged as malicious, but took no action for 7 days
"It's not exactly our place to comment on it," 3CX rep says of malicious detection.
Security Affairs
3CX voice and video conferencing software victim of a supply chain attack
Popular voice and video conferencing software 3CX was the victim of a supply chain attack, SentinelOne researchers reported. As of Mar 22, 2023, SentinelOne observed a spike in behavioral detections of the 3CXDesktopApp, which is a popular voice and video conferencing software product. The products from multiple cybersecurity vendors started detecting the popular software as […]
CSO
3CX DesktopApp compromised by supply chain attack
3CX will be releasing an update for the DesktopApp in the next few hours; meanwhile, users are urged to use the PWA Client instead.
The Hacker News
AlienFox Malware Targets API Keys and Secrets from AWS, Google, and Microsoft Cloud Services
AlienFox, a highly modular & constantly evolving toolset distributed on Telegram, enables attackers to harvest API keys & secrets from cloud services.
The Hacker News
3CX Desktop App Targeted in Supply Chain Cyber Attack, Affecting Millions of Users
Active supply chain attack targets popular voice & video conferencing software 3CX Desktop App, affecting hundreds of well-known brands.
Bleeping Computer
Hackers compromise 3CX desktop app in a supply chain attack
A digitally signed and trojanized version of the 3CX Voice Over Internet Protocol (VOIP) desktop client is reportedly being used to target the company's customers in an ongoing supply chain attack.
Bleeping Computer
Cybersecurity firms warn of 3CX desktop app supply chain attack
A digitally signed and trojanized version of the 3CX Voice Over Internet Protocol (VOIP) desktop client is reportedly being used to target the company's customers in an ongoing supply chain attack.
CyberSecurity Dive
Supply chain attack against 3CX communications app could impact thousands
Researchers warn a state-linked actor has launched malicious activity against a voice application widely used by major corporate customers.
The Hacker News
Stealthy DBatLoader Malware Loader Spreading Remcos RAT and Formbook in Europe
New phishing campaign targets European entities using Remcos RAT & Formbook via DBatLoader malware!
The Hacker News
New MacStealer macOS Malware Steals iCloud Keychain Data and Passwords
New MacStealer malware targets Apple devices running macOS Catalina & later, M1/M2 CPUs and uses Telegram for C&C, stealing documents, browser cookies
Infosecurity News
China-Aligned
The deployment of custom credential theft malware is the main novelty of the new campaign
The Hacker News
Operation Soft Cell: Chinese Hackers Breach Middle East Telecom Providers
Middle East telecom providers under cyber attack from China-linked threat actors in a long-running campaign dubbed Operation Soft Cell.
The Hacker News
New DotRunpeX Malware Delivers Multiple Malware Families via Malicious Ads
dotRunpeX is a new malware injector that's distributing various known malware families via phishing emails & malicious Google Ads.
The Hacker News
Researchers Shed Light on CatB Ransomware's Evasion Techniques
🚨CatB ransomware operation utilizes DLL search order hijacking to evade detection and launch payloads.
Infosecurity News
Pro-Russian Winter Vivern APT Targets Governments and Telecom Firm
SentinelOne shared details about the new campaign in an advisory published on Thursday
DarkReading
Low-Budget 'Winter Vivern' APT Awakens After 2-Year Hibernation
The "underreported" APT has returned to focus after attacks promoting Russian and Belarusian government interests and going after targets with humor, zest, and scrappiness.
The Hacker News
Winter Vivern APT Group Targeting Indian, Lithuanian, Slovakian, and Vatican Officials
Winter Vivern, an advanced persistent threat, has targeted government officials in India, Lithuania, Slovakia, and the Vatican.
Infosecurity News
US Government IIS Server Breached via Telerik Software Flaw
The critical vulnerability allows remote code execution and was assigned a CVSS v3.1 score of 9.8
Infosecurity News
IceFire Ransomware Targets Linux Enterprise Networks
The campaign leveraged the exploitation of a flaw in IBM's Aspera Faspex file-sharing software
DarkReading
IceFire Ransomware Portends a Broader Shift From Windows to Linux
IceFire has changed up its OS target in recent cyberattacks, emblematic of ransomware actors increasingly targeting Linux enterprise networks, despite the extra work involved.
Security Affairs
Recently discovered IceFire Ransomware now also targets Linux systems
The recently discovered Windows ransomware IceFire now also targets Linux enterprise networks in multiple sectors. SentinelLabs researchers discovered new Linux versions of the recently discovered IceFire ransomware that was employed in attacks against several media and entertainment organizations worldwide. The ransomware initially targeted only Windows-based systems, with a focus on technology companies. IceFire was first detected in […]
The Hacker News
IceFire Ransomware Exploits IBM Aspera Faspex to Attack Linux-Powered Enterprise Networks
IceFire, a Windows-based ransomware strain, is now targeting Linux-powered enterprise networks by exploiting a vulnerability in IBM Aspera Faspex.
DarkReading
Remcos RAT Spyware Scurries Into Machines via Cloud Servers
Attackers use phishing emails that appear to come from reputable organizations, dropping the payload using public cloud servers and an old Windows UAC bypass technique.
Cyber Security News
Beware! Hackers Abusing Public Cloud Infrastructure to Host DBatLoader Malware
phishing campaigns have been identified by the security analysts at SentinelOne using the DBatLoader malware loader.
Bleeping Computer
Old Windows ‘Mock Folders’ UAC bypass used to drop malware
A new phishing campaign targets organizations in Eastern European countries with the Remcos RAT malware with aid from an old Windows User Account Control bypass discovered over two years ago.
DarkReading
Canadian Telecom Firm Telus Reportedly Investigating Breach
A threat actor has leaked data — purportedly, samples of Telus employee payroll data and source code — on a hacker site.
DarkReading
Novel Spy Group Targets Telecoms in 'Precision-Targeted' Cyberattacks
The primary victims so far have been employees of telcos in the Middle East, who were hit with custom backdoors via the cloud, in a likely precursor to a broader attack.
Infosecurity News
Cloud Infrastructure Used By WIP26 For Espionage Attacks on Telcos
The threat actor initiated infection chains by targeting employees through WhatsApp messages
The Hacker News
New Threat Actor WIP26 Targeting Telecom Service Providers in the Middle East
Cybersecurity experts are cautioning of a new, previously unreported threat actor located in the Middle East that is targeting telecommunications s
The Hacker News
Hackers Targeting U.S. and German Firms Monitor Victims' Desktops with Screenshotter
Researchers are tracking a new financially motivated threat actor, TA866, which has been active since October 2022 and using custom hacking tools.
Security Affairs
New Linux variant of Clop Ransomware uses a flawed encryption algorithm
A new Linux variant of the Clop ransomware has been observed in the wild, the good news is that its encryption algorithm is flawed. SentinelLabs researchers have observed the first Linux variant of the Clop ransomware. The researchers noticed that the encryption algorithm implemented in the ELF executable is flawed and can allow victims to […]
DarkReading
Fresh (Buggy) Clop Ransomware Variant Targets Linux Systems
For the moment, victims can decrypt data without paying a ransom. But Clop is a ransomware variant that has caused havoc on Windows systems, so that's bound to change.
ZDNet
This notorious ransomware has now found a new target
The authors of Clop ransomware are experimenting with a Linux variant - a warning that multiple different platforms are in the sights of cyber extortionists.
The Hacker News
Linux Variant of Clop Ransomware Spotted, But Uses Faulty Encryption Algorithm
First-ever Linux variant of Clop ransomware has been spotted! But do not panic, it uses a flawed encryption algorithm.
The Hacker News
FormBook Malware Spreads via Malvertising Using MalVirt Loader to Evade Detection
Researchers have uncovered a malvertising campaign that distributes virtualized . NET MalVirt loaders to evade detection and infect victims' computers
Infosecurity News
MalVirt Loaders Exploit .NET Virtualization to Deliver Malvertising Attacks
The new loaders also leverage obfuscated virtualization techniques to avoid detection
Security Affairs
New LockBit Green ransomware variant borrows code from Conti ransomware
Lockbit ransomware operators have released a new version of their malware, LockBit Green, that also targets cloud-based services. Lockbit ransomware operators have implemented a new version of their malware, dubbed LockBit Green, which was designed to include cloud-based services among its targets. This is the third version of the ransomware developed by the notorious gang, […]
The Hacker News
You Don't Know Where Your Secrets Are
Secrets are not just things you hide from your partner, they're also crucial parts of your organization's security. Big or small, it doesn't matter..
DarkReading
SentinelOne and KPMG Announce Alliance To Accelerate Cyber Investigations and Response
SentinelOne (NYSE: S), an autonomous cybersecurity platform company, today announced an alliance with KPMG LLP, the audit, tax and advisory firm, to accelerate investigations and response to cyberattacks.
CyberSecurity Dive
Microsoft surpasses $20B in security revenue as enterprise customers consolidate
The company’s cybersecurity business is growing, but CEO Satya Nadella warned that customers, in an uncertain economy, are exercising caution.
Security Affairs
DragonSpark threat actor avoids detection using Golang source code Interpretation
Chinese threat actor tracked as DragonSpark targets organizations in East Asia with a Golang malware to evade detection. SentinelOne researchers spotted a Chinese-speaking actor, tracked as DragonSpark, that is targeting organizations in East Asia. The attackers employed an open source tool SparkRAT along with Golang malware that implements an uncommon technique to evade detection. “The threat […]