CSO
US AI experts targeted in cyberespionage campaign using SugarGh0st RAT
Threat actors use phishing techniques to obtain non-public information about generative artificial intelligence.
DarkReading
US AI Experts Targeted in SugarGh0st RAT Campaign
Researchers believe the attacker is likely China-affiliated, since a previous version of the malware was used by a China nation-state attack group.
Infosecurity News
SugarGh0st RAT Variant Used in Targeted AI Industry Attacks
Proofpoint said the attackers modified registry key names for persistence
Bleeping Computer
Russian hackers use new Lunar malware to breach a European govt's agencies
Security researchers discovered two previously unseen backdoors dubbed LunarWeb and LunarMail that were used to compromise a European government's diplomatic institutions abroad.
The Hacker News
North Korean Hackers Exploit Facebook Messenger in Targeted Malware Campaign
Kimsuky hackers launch new social engineering attack using fake Facebook accounts. Learn how they target activists via Messenger and deliver malware.
Bleeping Computer
Kimsuky hackers deploy new Linux backdoor in attacks on South Korea
The North Korean hacker group Kimsuki has been using a new Linux malware called Gomir that is a version of the GoBear backdoor delivered via trojanized software installers.
Bleeping Computer
Kimsuky hackers deploy new Linux backdoor via trojanized installers
The North Korean hacker group Kimsuki has been using trojanized software packages to deliver a new Linux malware called Gomir in cyberespionage campaigns against targets in South Korea.
Cyber Security News
Hackers Exploiting Microsoft's Quick Assist Tool To Deliver Ransomware
Remote assist tools are often targeted by hackers as they create a direct channel that can be used to get into desired systems while using
.webp)
Cyber Security News
Turla APT Group Attacking European Ministry of Foreign Affairs
The well-known advanced persistent threat (APT) group Turla, which is based in Russia, is said to be going after the European Ministry.
.webp)
Cyber Security News
Hackers Abusing to GitHub to Host Malicious Infrastructure
Cybercriminals have been exploiting GitHub, a platform widely trusted by developers, to host malicious infrastructure.
HACKRead
Android Malware Poses as WhatsApp, Instagram, Snapchat to Steal Data
A new Android malware poses as popular applications like WhatsApp, Instagram, and Snapchat to steal user data, including login credentials.
Infosecurity News
Russian Actors Weaponize Legitimate Services in Multi-Malware Attack
Recorded Future details a novel campaign that abuses legitimate internet services to deploy multiple malware variants for credential theft
HACKRead
DNS Tunneling Used for Stealthy Scans and Email Tracking
DNS tunneling is being used to bypass security filters by hiding malicious traffic in DNS packets, allowing hackers to steal stolen data.
DarkReading
DNS Tunneling Abuse Expands to Tracking & Scanning Victims
Several campaigns are leveraging the evasive tactic to provide useful insights into victims' online activities, and find new ways to compromise organizations.
The Hacker News
Ongoing Campaign Bombarded Enterprises with Spam Emails and Phone Calls
A new social engineering campaign is targeting enterprises with spam emails to gain initial access. The threat actor overwhelms users' email and calls
Cyber Security News
Hackers Weaponize Word Files To Deliver DanaBot Malware
Recent email campaigns distribute DanaBot malware through two document types: those using equation editor exploits and those containing
Security Affairs
Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware
Experts reported that since April, the Phorpiex botnet sent millions of phishing emails to spread LockBit Black ransomware
Bleeping Computer
PyPi package backdoors Macs using the Sliver pen-testing suite
A new package mimicked the popular 'requests' library on the Python Package Index (PyPI) to target macOS devices with the Sliver C2 adversary framework, used for gaining initial access to corporate networks.
DarkReading
500 Victims In, Black Basta Reinvents With Novel Vishing Strategy
Ransomware groups have always created problems for their victims that only they could solve. Black Basta is taking that core idea in a creative, new direction.
Bleeping Computer
Hackers use DNS tunneling for network scanning, tracking victims
Threat actors are using Domain Name System (DNS) tunneling to track when their targets open phishing emails and click on malicious links, and to scan networks for potential vulnerabilities.
Cyber Security News
Malicious Python Package Hides Sliver C2 Framework Within PNG File
An attacker published a malicious package on PyPI named "requests-darwin-lite," masquerading as a variant of the popular "requests" library,
The Hacker News
Malicious Python Package Hides Sliver C2 Framework in Fake Requests Library Logo
Researchers found a malicious Python package called requests-darwin-lite hiding a sneaky malware.
SC Magazine
Malicious PyPI ‘requests’ fork hides backdoor in PNG file
The “requests-darwin-lite” package was downloaded more than 400 times before its removal.
Security Affairs
Russia-linked APT28 targets government Polish institutions
CERT Polska warns of a large-scale malware campaign against Polish government institutions conducted by Russia-linked APT28.
The Hacker News
Malicious Android Apps Pose as Google, Instagram, WhatsApp, Spread via Smishing
Fake Android apps mimicking popular platforms like Google & WhatsApp are stealing user data.
Cyber Security News
FIN7 Hackers Abuse Sponsored Google Ads To Deliver MSIX Payloads
Hackers take advantage of sponsored Google Ads as they provide an excellent chance to quickly reach a large audience.
Bleeping Computer
Poland says Russian military hackers target its govt networks
Poland says a state-backed threat group linked to Russia's military intelligence service (GRU) has been targeting Polish government institutions throughout the week.
DarkReading
Chinese Hackers Deployed Backdoor Quintet to Down MITRE
MITRE's hackers made use of at least five different Web shells and backdoors as part of their attack chain.
Security Affairs
MITRE attributes the recent attack to China-linked UNC5221
MITRE published more details on the recent security breach, including a timeline of the attack and attribution evidence.
%20(1).webp)
Cyber Security News
SandStorm Hackers Added New Kapeka Tool to it’s Arsenal
Kapeka, also known as KnuckleTouch, is a sophisticated backdoor malware that has been making waves in the cybersecurity world.
DarkReading
DBIR: Supply Chain Breaches Up 68% Year Over Year
As Verizon Business redefines "supply chain breach," it could either help organizations address third-party risk holistically or just conflate and confuse.
The Hacker News
China-Linked Hackers Suspected in ArcaneDoor Cyberattacks Targeting Network Devices
New findings suggest the ArcaneDoor cyber espionage campaign targeting network devices from Cisco (CVE-2024-20353, CVE-2024-20359).
Bleeping Computer
Iranian hackers pose as journalists to push backdoor malware
The Iranian state-backed threat actor tracked as APT42 is employing social engineering attacks, including posing as journalists, to breach corporate networks and cloud environments of Western and Middle Eastern targets.
Security Affairs
Russia-linked APT28 and crooks are still using the Moobot botnet
The Ubiquiti EdgeRouter botnet is still used by Russia-linked group APT28 and cybercriminals organizations.
SC Magazine
Attackers evade detection by leveraging Microsoft Graph API
Microsoft Graph API has become popular with hackers because running criminal ops on widely used cloud services raises less suspicion.
The Hacker News
New "Goldoon" Botnet Targets D-Link Routers With Decade-Old Flaw
A new botnet called Goldoon is targeting D-Link routers with a critical vulnerability from 2015 (CVE-2015-2051).
DarkReading
Microsoft Graph API Emerges as a Top Attacker Tool to Plot Data Theft
Weaponizing Microsoft's own services for command-and-control is simple and costless, and helps attackers better avoid detection.
The Hacker News
New Cuttlefish Malware Hijacks Router Connections, Sniffs for Cloud Credentials
Attention SOHO router users! A new malware called Cuttlefish is on the prowl, stealthily monitoring your traffic and stealing authentication data.
DarkReading
'DuneQuixote' Shows Stealth Cyberattack Methods Are Evolving
A recent campaign targeting Middle Eastern government organizations plays standard detection tools like a fiddle. Cyber defenders must keep pace.
Security Affairs
Cuttlefish targets enterprise-grade SOHO routers
Cuttlefish malware targets enterprise-grade and small office/home office (SOHO) routers to harvest public cloud authentication data.
DarkReading
'Cuttlefish' Zero-Click Malware Steals Private Cloud Data
The newly discovered malware, which has so far mainly targeted Turkish telcos and has links to HiatusRat, infects routers and performs DNS and HTTP hijacking attacks on connections to private IP addresses
The Hacker News
Android Malware Wpeeper Uses Compromised WordPress Sites to Hide C2 Servers
Researchers have uncovered a new Android malware called Wpeeper that uses compromised WordPress sites to hide its true command-and-control servers.
Bleeping Computer
New Cuttlefish malware infects routers to monitor traffic for credentials
A new malware named 'Cuttlefish' has been spotted infecting enterprise-grade and small office/home office (SOHO) routers to monitor data that passes through them and steal authentication information.
SecurityWeek
Wpeeper Android Trojan Uses Compromised WordPress Sites to Shield Command-and-Control Server
Chinese cybersecurity firm QAX XLab uncovered an Android trojan that hides its command-and-control server behind compromised WordPress sites.
Bleeping Computer
New Wpeeper Android malware hides behind hacked WordPress sites
A new Android backdoor malware named 'Wpeeper' has been spotted in at least two unofficial app stores mimicking the Uptodown App Store, a popular third-party app store for Android devices with over 220 million downloads.
Infosecurity News
Millions of Malicious Containers Found on Docker Hub
According to JFrog, approximately 25% of all repositories lack useful functionality and serve as vehicles for spam and malware
The Hacker News
Millions of Malicious 'Imageless' Containers Planted on Docker Hub Over 5 Years
Millions of malicious "imageless" containers have been planted on Docker Hub over the past 5 years in multiple cybercriminal campaigns.
.webp)
Cyber Security News
Beware of New Android Trojan That Executes Malicious Commands on Your Phone
This sophisticated backdoor Trojan to infiltrate Android systems & execute a malicious commands, posing a threat to unsuspecting users.
Cyber Security News
Hackers Took Just 29-Days From IcedID Infection to Dagon Locker Ransomware
In a sophisticated cyberattack that unfolded over 29 days, cybersecurity analysts have meticulously traced the steps of threat actors from the initial infection with IcedID malware to the eventual deployment of Dagon Locker ransomware. The detailed account of this cyber intrusion provides a chilling example of how quickly and stealthily cybercriminals can compromise an organization’s […]
The DFIR Report
From IcedID to Dagon Locker Ransomware in 29 Days - The DFIR Report
Key Takeaways In August 2023, we observed an intrusion that started with a phishing campaign using PrometheusTDS to distribute IcedID. IcedID dropped and executed a Cobalt Strike beacon, which was … Read More
Security Affairs
Targeted operation against Ukraine exploited 7-year-old MS Office bug
A hacking campaign targeted Ukraine exploiting a seven-year-old vulnerability in Microsoft Office to deliver Cobalt Strike.
The Hacker News
Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw
Cybersecurity researchers have uncovered a targeted cyber attack against Ukraine that leveraged a 7-year-old Microsoft Office flaw to deploy Cobalt St
Security Affairs
Brokewell supports an extensive set of Device Takeover capabilities
ThreatFabric researchers identified a new Android malware called Brokewell, which implements a wide range of device takeover capabilities.
HACKRead
7-Year-Old 0-Day in Microsoft Office Exploited to Drop Cobalt Strike
A recent attack exploited vulnerabilities in systems running outdates Microsoft Office to deliver Cobalt Strike malware. Learn how to protect yourself!
Bleeping Computer
Fake job interviews target developers with new Python backdoor
A new campaign tracked as "Dev Popper" is targeting software developers with fake job interviews in an attempt to trick them into installing a Python remote access trojan (RAT).
DarkReading
Military Tank Manual, 2017 Zero-Day Anchor Latest Ukraine Cyberattack
The targeted operation utilized CVE-2017-8570 as the initial vector and employed a notable custom loader for Cobalt Strike, yet attribution to any known threat actor remains elusive.
Bleeping Computer
Researchers sinkhole PlugX malware server with 2.5 million unique IPs
Researchers have sinkholed a command and control server for a variant of the PlugX malware and observed in six months more than 2.5 million connections from unique IP addresses.
Cyber Security News
Hackers Exploit Google Ads to Spread IP Scanner with Concealed Backdoor
Malicious actors are distributing a new backdoor, MadMxShell, through a Google Ads campaign that impersonates an IP scanner.
The Hacker News
North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures
North Korean hackers used fake job offers to deliver a new Trojan called Kaolin RAT. It can change file timestamps and load malware.
.webp)
Cyber Security News
PlugX USB worm Infected Over 2.5M Devices
The PlugX USB worm, a piece of malware, has been reported to have infected over 2.5 million devices, posing a threat to global cybersecurity.
Cyber Security News
Hackers Employ Black Hat SEO Techniques To Deliver Malware
Black hat SEO methods are used by hackers to manipulate search engine rankings and make malicious or fraudulent websites more visible.
Security Affairs
Hackers hijacked the eScan Antivirus update mechanism in malware campaign
A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners.
The Hacker News
Researchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt Strike
A sophisticated attack campaign dubbed "FROZEN#SHADOW" is underway, using phishing emails to infect systems with the stealthy malware SSLoad.
The Hacker News
eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners
A sophisticated malware called GuptiMiner has been leveraging a flaw in eScan antivirus updates to spread backdoors and crypto miners across corporate
SC Magazine
CoralRaider leverages CDN cache domains in new infostealer campaign
A new CryptBot variant targets password managers and authentication apps in the new campaign.
Bleeping Computer
CoralRaider attacks use CDN cache to push info-stealer malware
A threat actor has been using a content delivery network cache to store information-stealing malware in an ongoing campaign targeting systems U.S., the U.K., Germany, and Japan.
DarkReading
MITRE ATT&CKED: InfoSec's Most Trusted Name Falls to Ivanti Bugs
The irony is lost on few, as a Chinese threat actor used eight MITRE techniques to breach MITRE itself — including exploiting the Ivanti bugs that attackers have been swarming on for months.
The Hacker News
Russian Hacker Group ToddyCat Uses Advanced Tools for Industrial-Scale Data Theft
Kaspersky has uncovered a concerning threat actor, ToddyCat, targeting government and military entities.
Cyber Security News
Meet the New Flexible Kapeka Backdoor With Destructive Attacking Capabilities
A new backdoor named "Kapeka" has been identified to be attacking victims in Eastern Europe since mid-2022.
HACKRead
Malvertising: Fake Popular Software Ads Deliver New MadMxShell Backdoor
Cybersecurity researchers at Zscaler ThreatLabz believe that the primary target of the MadMxShell backdoor seems to be IT professionals.
Security Affairs
DuneQuixote campaign targets Middle East with a complex backdoor
Threat actors target government entities in the Middle East with a new backdoor dubbed CR4T as part of an operation tracked as DuneQuixote.
HACKRead
Androxgh0st Malware Compromises Servers Worldwide for Botnet Attack
A surge in attacks from the Androxgh0st malware family uncovers over 600 servers compromised primarily in the U.S., India and Taiwan.
The Hacker News
New RedLine Stealer Variant Disguised as Game Cheats Using Lua Bytecode for Stealth
A new variant of the RedLine Stealer malware has been discovered, utilizing Lua bytecode for stealth and effectiveness.
The Hacker News
BlackTech Targets Tech, Research, and Gov Sectors New 'Deuterbear' Tool
China-linked hacking group Earth Hundun is targeting Asia-Pacific tech, research, and government sectors with advanced malware, including "Waterbear"
The Hacker News
How Attackers Can Own a Business Without Touching the Endpoint
How attackers are hacking organizations without touching the endpoint by targeting cloud identities.
Security Affairs
FBI chief says China is preparing to attack US critical infrastructure
China-linked threat actors are preparing cyber attacks against U.S. critical infrastructure warned FBI Director Christopher Wray.
The Hacker News
Hackers Target Middle East Governments with Evasive "CR4T" Backdoor
A new threat, 'DuneQuixote', targets Middle East governments with sophisticated evasion tactics.
Bleeping Computer
Fake cheat lures gamers into spreading infostealer malware
A new info-stealing malware linked to Redline poses as a game cheat called 'Cheat Lab,' promising downloaders a free copy if they convince their friends to install it too.
Infosecurity News
New Cyber-Threat MadMxShell Exploits Typosquatting and Google Ads
Zscaler also confirmed MadMxShell uses DLL sideloading and DNS tunneling for C2 communication
Cyber Security News
New Redline Stealer Variant Leverages Lua Bytecode For Stealthiness
Redline Stealer is a powerful information-stealing malware and hackers often exploit this stealthy stealer to gain unauthorized access to a
The Hacker News
How to Conduct Advanced Static Analysis in a Malware Sandbox
Ever worried about malware in PDFs? ANY.RUN's sandbox can expose hidden threats just by analyzing the file's structure.
Security Affairs
Previously unknown Kapeka backdoor linked to Sandworm APT
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since 2022.
.webp)
Cyber Security News
Poisoned Google Ads Targeting Infra Teams with Weaponized IP Scanners
Security researchers uncovered a sophisticated malvertising campaign targeting IT professionals, particularly those in security.
The Hacker News
Hackers Exploit OpenMetadata Flaws to Mine Crypto on Kubernetes
Vulnerabilities in OpenMetadata are being exploited. These critical security flaws enable hackers to get into Kubernetes environments.
The Hacker News
Malicious Google Ads Pushing Fake IP Scanner Software with Hidden Backdoor
Hackers are using fake domains of popular IP scanners like Advanced IP Scanner & ManageEngine in a Google Ads malvertising scheme to spread malware.
SC Magazine
‘MadMxShell’ leverages Google Ads to deploy malware via Windows backdoor
Security pros say using Windows backdoor in a malvertising campaign could expose companies to other malware attacks.
SC Magazine
Microsoft finds Kubernetes clusters targeted by OpenMetadata exploits
A cryptominer campaign leveraged five vulnerabilities in OpenMetadata to infect environments.
SecurityWeek
Kapeka: A New Backdoor in Sandworm’s Arsenal of Aggression
Kapeka is a new backdoor that may be a new addition to Russia-link Sandworm’s malware arsenal and possibly a successor to GreyEnergy.
Security Affairs
Linux variant of Cerber ransomware targets Atlassian servers
Threat actors are exploiting the CVE-2023-22518 flaw in Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware.
DarkReading
Various Botnets Pummel Year-Old TP-Link Flaw in IoT Attacks
Moobot, Miori, AGoent, and a Gafgyt variant have joined the infamous Mirai botnet in attacking unpatched versions of vulnerable Wi-Fi routers.
The Hacker News
Russian APT Deploys New 'Kapeka' Backdoor in Eastern European Attacks
A new stealthy backdoor malware called Kapeka, likely created by Russia's APT group Sandworm, has been targeting Eastern Europe.
The Hacker News
Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware
Hackers are exploiting a critical vulnerability in Atlassian servers to gain admin access and deploy a Linux variant of Cerber ransomware.
The Hacker News
Hackers Exploit Fortinet Flaw, Deploy ScreenConnect, Metasploit in New Campaign
If you use Fortinet FortiClient EMS, patch NOW. Hackers are actively using a new exploit
Infosecurity News
Russian Sandworm Group Using Novel Backdoor to Target Ukraine
WithSecure researchers said it is likely Russian state group Sandworm has added a novel backdoor dubbed ‘Kapeka’ to its arsenal
SC Magazine
Atlassian Confluence Linux instances targeted with Cerber ransomware
Attackers exploited a critical vulnerability to create a new administrator account.
Security Affairs
A renewed espionage campaign targets South Asia with iOS spyware LightSpy
Researchers warn of a renewed cyber espionage campaign targeting users in South Asia with the Apple iOS spyware LightSpy
Bleeping Computer
New SteganoAmor attacks use steganography to target 320 orgs globally
A new campaign conducted by the TA558 hacking group is concealing malicious code inside images using steganography to deliver various malware tools onto targeted systems.
DarkReading
Web3 Game Developers Targeted in Crypto Theft Scheme
A Russian-language campaign impersonates legitimate game operations to spread cross-platform infostealers.
Cyber Security News
StrelaStealer’s Malware Resurgence: What Security Leaders Need to Know in 2024
we’ll dissect a timely example of credential theft—StrelaStealer—to identify the malware’s characteristics and capabilities.
The Hacker News
Chinese-Linked LightSpy iOS Spyware Targets South Asian iPhone Users
A sophisticated cyber-espionage campaign has re-emerged, targeting South Asia with an iOS spyware implant called LightSpy.
Loading more articles....