Trend Micro
Tracking the Progression of Earth Hundun's Cyberespionage Campaign in 2024
This report describes how Waterbear and Deuterbear — two of the tools in Earth Hundun's arsenal — operate, based on a campaign from 2024.
Cyber Security News
5 Common Phishing Vectors and Examples - 2024
Phishing attacks can be executed through various means, such as SMS and phone calls, but the most prevalent method involves sending victims emails containing malicious attachments.
.webp)
Cyber Security News
Turla APT Group Attacking European Ministry of Foreign Affairs
The well-known advanced persistent threat (APT) group Turla, which is based in Russia, is said to be going after the European Ministry.
The Cyber Express
SideCopy APT Campaign Found Targeting Indian Universities
Cyble Research and Intelligence Labs (CRIL) researchers have uncovered a new SideCopy campaign. The threat actor group has previously been
Infosecurity News
Russian Actors Weaponize Legitimate Services in Multi-Malware Attack
Recorded Future details a novel campaign that abuses legitimate internet services to deploy multiple malware variants for credential theft
The Hacker News
Ongoing Campaign Bombarded Enterprises with Spam Emails and Phone Calls
A new social engineering campaign is targeting enterprises with spam emails to gain initial access. The threat actor overwhelms users' email and calls
Security Affairs
Russia-linked APT28 targets government Polish institutions
CERT Polska warns of a large-scale malware campaign against Polish government institutions conducted by Russia-linked APT28.
Bleeping Computer
Poland says Russian military hackers target its govt networks
Poland says a state-backed threat group linked to Russia's military intelligence service (GRU) has been targeting Polish government institutions throughout the week.
The Hacker News
Kremlin-Backed APT28 Targets Polish Institutions in Large-Scale Malware Campaign
Russia-Linked APT28 Strikes Poland with Malware Campaign Polish government bodies were hit by a sophisticated malware attack orchestrated by the infam
Cyber Security News
HijackLoader Using Weaponized PNG Files To Deliver Multiple Malware
HijackLoader, a modular malware loader observed in 2023, is evolving with new evasion techniques, as it is a variant using a PNG image to
%20(1).webp)
Cyber Security News
SandStorm Hackers Added New Kapeka Tool to it’s Arsenal
Kapeka, also known as KnuckleTouch, is a sophisticated backdoor malware that has been making waves in the cybersecurity world.
The Hacker News
Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications
Nation-state hackers have a new trick - turning Microsoft's own cloud services into secret command centers to launch attacks undetected.
Bleeping Computer
New Latrodectus malware attacks use Microsoft, Cloudflare themes
Latrodectus malware is now being distributed in phishing campaigns using Microsoft Azure and Cloudflare lures to appear legitimate while making it harder for email security platforms to detect the emails as malicious.
Cyber Security News
HookChain - A New Sophisticated Technique Evades EDR Detection
In the rapidly evolving, complex threat landscape EDR companies constantly race against new vectors.As recently Helvio Benedito Dias de
Cyber Security News
Hackers Took Just 29-Days From IcedID Infection to Dagon Locker Ransomware
In a sophisticated cyberattack that unfolded over 29 days, cybersecurity analysts have meticulously traced the steps of threat actors from the initial infection with IcedID malware to the eventual deployment of Dagon Locker ransomware. The detailed account of this cyber intrusion provides a chilling example of how quickly and stealthily cybercriminals can compromise an organization’s […]
The DFIR Report
From IcedID to Dagon Locker Ransomware in 29 Days - The DFIR Report
Key Takeaways In August 2023, we observed an intrusion that started with a phishing campaign using PrometheusTDS to distribute IcedID. IcedID dropped and executed a Cobalt Strike beacon, which was … Read More
Security Affairs
Targeted operation against Ukraine exploited 7-year-old MS Office bug
A hacking campaign targeted Ukraine exploiting a seven-year-old vulnerability in Microsoft Office to deliver Cobalt Strike.
The Hacker News
Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw
Cybersecurity researchers have uncovered a targeted cyber attack against Ukraine that leveraged a 7-year-old Microsoft Office flaw to deploy Cobalt St
DarkReading
Military Tank Manual, 2017 Zero-Day Anchor Latest Ukraine Cyberattack
The targeted operation utilized CVE-2017-8570 as the initial vector and employed a notable custom loader for Cobalt Strike, yet attribution to any known threat actor remains elusive.
SecurityWeek
Self-Spreading PlugX USB Drive Malware Plagues Over 90k IP Addresses
More than 90,000 unique IPs are still infected with a PlugX worm variant that spreads via infected flash drives.
Cyber Security News
Hackers Exploit Google Ads to Spread IP Scanner with Concealed Backdoor
Malicious actors are distributing a new backdoor, MadMxShell, through a Google Ads campaign that impersonates an IP scanner.
The Hacker News
North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures
North Korean hackers used fake job offers to deliver a new Trojan called Kaolin RAT. It can change file timestamps and load malware.
Cyber Security News
Hackers Employ Black Hat SEO Techniques To Deliver Malware
Black hat SEO methods are used by hackers to manipulate search engine rankings and make malicious or fraudulent websites more visible.
SecurityWeek
North Korean Hackers Hijack Antivirus Updates for Malware Delivery
A North Korea-linked threat actor hijacked the update mechanism of eScan antivirus to deploy backdoors and cryptocurrency miners.
Security Affairs
Hackers hijacked the eScan Antivirus update mechanism in malware campaign
A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners.
The Hacker News
eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners
A sophisticated malware called GuptiMiner has been leveraging a flaw in eScan antivirus updates to spread backdoors and crypto miners across corporate
Ars Technica
Hackers infect users of antivirus service that delivered updates over HTTP
eScan AV updates were delivered over HTTP for five years.
Bleeping Computer
Hackers hijack antivirus updates to drop GuptiMiner malware
North Korean hackers have been exploiting the updating mechanism of the eScan antivirus to plant backdoors on big corporate networks and deliver cryptocurrency miners through GuptiMiner malware.
DarkReading
Russia's Fancy Bear Pummels Windows Print Spooler Bug
The infamous Russian threat actor has created a custom tool called GooseEgg to exploit CVE-2022-38028 in cyberespionage attacks against targets in Ukraine, Western Europe, and North America.
SecurityWeek
Russian Cyberspies Deliver 'GooseEgg' Malware to Government Organizations
Russia-linked APT28 deploys the GooseEgg post-exploitation tool against numerous US and European organizations.
Cyber Security News
Russian Hackers Exploiting Windows Print Spooler Using GooseEgg Tool
Hackers abuse Windows Print Spooler vulnerabilities because it runs with elevated SYSTEM privileges which allows privilege escalation.
The Hacker News
Russia's APT28 Exploited Windows Print Spooler Flaw to Deploy 'GooseEgg' Malware
Hackers linked to Russia have been exploiting a Windows bug for YEARS to deploy GooseEgg malware for escalating attack access.
Security Affairs
Russia-linked APT28 used tool GooseEgg for to exploit Win bug
Russia-linked APT28 group used a previously unknown tool, dubbed GooseEgg, to exploit Windows Print Spooler service flaw.
Ars Technica
Kremlin-backed hackers exploit critical Windows vulnerability reported by the NSA
Microsoft didn't disclose the in-the-wild exploits by Kremlin-backed group until now.
Bleeping Computer
Microsoft: APT28 hackers exploit Windows flaw reported by NSA
Microsoft warns that the Russian APT28 threat group exploits a Windows Print Spooler vulnerability to escalate privileges and steal credentials and data using a previously unknown hacking tool called GooseEgg.
Bleeping Computer
Microsoft: APT28 hackers exploit Windows flaw reported by NSA
Microsoft warns that the Russian APT28 threat group exploits a Windows Print Spooler vulnerability to escalate privileges and steal credentials and data using a previously unknown hacking tool called GooseEgg.
Cyber Security News
Meet the New Flexible Kapeka Backdoor With Destructive Attacking Capabilities
A new backdoor named "Kapeka" has been identified to be attacking victims in Eastern Europe since mid-2022.
HACKRead
Malvertising: Fake Popular Software Ads Deliver New MadMxShell Backdoor
Cybersecurity researchers at Zscaler ThreatLabz believe that the primary target of the MadMxShell backdoor seems to be IT professionals.
The Hacker News
Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage
North Korea's state-linked hackers are enhancing their operations with advanced artificial intelligence tools.
Security Affairs
DuneQuixote campaign targets Middle East with a complex backdoor
Threat actors target government entities in the Middle East with a new backdoor dubbed CR4T as part of an operation tracked as DuneQuixote.
The Hacker News
BlackTech Targets Tech, Research, and Gov Sectors New 'Deuterbear' Tool
China-linked hacking group Earth Hundun is targeting Asia-Pacific tech, research, and government sectors with advanced malware, including "Waterbear"
The Hacker News
Hackers Target Middle East Governments with Evasive "CR4T" Backdoor
A new threat, 'DuneQuixote', targets Middle East governments with sophisticated evasion tactics.
Bleeping Computer
Fake cheat lures gamers into spreading infostealer malware
A new info-stealing malware linked to Redline poses as a game cheat called 'Cheat Lab,' promising downloaders a free copy if they convince their friends to install it too.
Infosecurity News
New Cyber-Threat MadMxShell Exploits Typosquatting and Google Ads
Zscaler also confirmed MadMxShell uses DLL sideloading and DNS tunneling for C2 communication
Cyber Security News
New Redline Stealer Variant Leverages Lua Bytecode For Stealthiness
Redline Stealer is a powerful information-stealing malware and hackers often exploit this stealthy stealer to gain unauthorized access to a
Security Affairs
Previously unknown Kapeka backdoor linked to Sandworm APT
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since 2022.
.webp)
Cyber Security News
Poisoned Google Ads Targeting Infra Teams with Weaponized IP Scanners
Security researchers uncovered a sophisticated malvertising campaign targeting IT professionals, particularly those in security.
The Hacker News
Malicious Google Ads Pushing Fake IP Scanner Software with Hidden Backdoor
Hackers are using fake domains of popular IP scanners like Advanced IP Scanner & ManageEngine in a Google Ads malvertising scheme to spread malware.
SC Magazine
‘MadMxShell’ leverages Google Ads to deploy malware via Windows backdoor
Security pros say using Windows backdoor in a malvertising campaign could expose companies to other malware attacks.
Bleeping Computer
FIN7 targets American automaker’s IT staff in phishing attacks
The financially motivated threat actor FIN7 targeted a large U.S. car maker with spear-phishing emails for employees in the IT department to infect systems with the Anunak backdoor.
SecurityWeek
Kapeka: A New Backdoor in Sandworm’s Arsenal of Aggression
Kapeka is a new backdoor that may be a new addition to Russia-link Sandworm’s malware arsenal and possibly a successor to GreyEnergy.
The Hacker News
Russian APT Deploys New 'Kapeka' Backdoor in Eastern European Attacks
A new stealthy backdoor malware called Kapeka, likely created by Russia's APT group Sandworm, has been targeting Eastern Europe.
Infosecurity News
Russian Sandworm Group Using Novel Backdoor to Target Ukraine
WithSecure researchers said it is likely Russian state group Sandworm has added a novel backdoor dubbed ‘Kapeka’ to its arsenal
Cyber Security News
StrelaStealer’s Malware Resurgence: What Security Leaders Need to Know in 2024
we’ll dissect a timely example of credential theft—StrelaStealer—to identify the malware’s characteristics and capabilities.
Cyber Security News
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories)
The weekly cybersecurity news wrap-up provides readers with the latest information on emerging risks, vulnerabilities, ways to reduce them, and harmful schemes to help make defensive measures proactive.
The Cyber Express
FatalRAT Targets Cryptocurrency Users With DLL Side-loading Techniques
Researchers have discovered a sophisticated phishing campaign meticulously crafted to target cryptocurrency users. This elaborate scheme, equipped with the notorious
The Hacker News
Iranian MuddyWater Hackers Adopt New C2 Tool 'DarkBeatC2' in Latest Campaign
MuddyWater, linked to Iran's MOIS, strikes again with DarkBeatC2. Our latest blog unpacks the latest tactics in cyber warfare.
DarkReading
DPRK Exploits 2 New MITRE Techniques: Phantom DLL Hijacking, TCC Abuse
North Korean hackers break ground with new exploitation techniques for Windows and macOS.
DarkReading
DPRK Exploits 2 MITRE Sub-Techniques: Phantom DLL Hijacking, TCC Abuse
North Korean hackers break ground with new exploitation techniques for Windows and macOS.
Trend Micro
Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear
Our blog entry provides an in-depth analysis of Earth Hundun's Waterbear and Deuterbear malware.
The Hacker News
Raspberry Robin Returns: New Malware Campaign Spreading Through WSF Files
Researchers uncover a fresh wave of the Raspberry Robin campaign spreading malware through malicious Windows Script Files (WSFs) since March 2024.
.webp)
Cyber Security News
Hackers Attacking Infra Teams With Fake PuTTY & FileZilla Ads
By displaying sponsored search results for utilities like PuTTY and FileZilla, the attackers can lure in their victims.
Infosecurity News
Byakugan Infostealer Capabilities Revealed
Fortinet said the malware functions identified include screen monitoring, screen capturing, cryptomining and more
The Hacker News
Watch Out for 'Latrodectus' - This Malware Could Be In Your Inbox
'Latrodectus' strikes via phishing emails. This powerful downloader can execute commands, evade detection, and pave the way for further attacks.
Cyber Security News
Meet The New Qakbot DLL That Abuses Windows Process For persistence
Law enforcement dismantled the Qakbot botnet's servers in 2023's Operation Duck Hunt, but researchers identified its reemergence with a
Cyber Security News
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories)
Welcome to the Cyber Security News Weekly Round-Up. Each week, we will explore the latest cyber threats, vulnerabilities, and notable stories that have shaped the cybersecurity landscape.
Cyber Security News
Hackers Hijacked Notepad++ Plugin To Inject Malicious Code
Hackers have manipulated a popular Notepad++ plugin, injecting malicious code that compromises users' systems upon execution.
Cyber Security News
Hackers Use Weaponized PDF Files to Deliver Byakugan Malware on Windows
PDF files weaponized by hackers are commonly used as an attack vector since PDFs are highly trusted and shared documents.
HACKRead
Beware the Blur: Phishing Scam Drops Byakugan Malware via Fake PDF
Cybersecurity firm Fortinet alerts users of a phishing scam campaign distributing the Byakugan malware which targets Windows users.
The Hacker News
From PDFs to Payload: Bogus Adobe Acrobat Reader Installers Distribute Byakugan Malware
Watch out for FAKE Adobe Acrobat Reader installers. They carry a nasty malware called Byakugan that steals your data.
Bleeping Computer
New Latrodectus malware replaces IcedID in network breaches
A relatively new malware called Latrodectus is believed to be an evolution of the IcedID loader, seen in malicious email campaigns since November 2023.
The Hacker News
Mispadu Trojan Targets Europe, Thousands of Credentials Compromised
Banking trojan Mispadu expands from Latin America, now targets users in Italy, Poland & Sweden. Finance, automotive, legal & commercial entities at ri
DarkReading
China-Linked Threat Actor Hides Via 'Peculiar' Malware
UNAPIMON works by meticulously disabling hooks in Windows APIs for detecting malicious processes.
Bleeping Computer
Winnti's new UNAPIMON tool hides malware from security software
The Chinese 'Winnti' hacking group was found using a previously undocumented malware called UNAPIMON to let malicous processes run without being detected.
The Hacker News
China-linked Hackers Deploy New 'UNAPIMON' Malware for Stealthy Operations
Notorious threat group Earth Freybug uses new malware UNAPIMON to evade detection. This China-linked group is known for espionage and financial attack
Trend Micro
Earth Freybug Uses UNAPIMON for Unhooking Critical APIs
This article provides an in-depth look into two techniques used by Earth Freybug actors: dynamic-link library (DLL) hijacking and application programming interface (API) unhooking to prevent child processes from being monitored via a new malware we’ve discovered and dubbed UNAPIMON.
The Hacker News
Detecting Windows-based Malware Through Better Visibility
Traditional defense tactics don't always apply to cyber warfare. With EventSentry, bolster your network's defense with prevention, detection, and ongo
The DFIR Report
From OneNote to RansomNote: An Ice Cold Intrusion - The DFIR Report
Key Takeaways We provide a range of services, one of which is our Threat Feed, specializing in monitoring Command and Control frameworks like Cobalt Strike, Metasploit, Sliver, Viper, Mythic, Havoc, … Read More
.png)
Cyber Security News
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories)
This weekly cybersecurity news recap keeps you informed about the latest threats, exposures, mitigation techniques, and emerging malicious tactics that could compromise systems.
.webp)
Cyber Security News
Hackers Using Weaponized Virtual Hard Disk Files to Deliver Remcos RAT
Hackers have been found leveraging weaponized virtual hard disk (VHD) files to deploy the notorious Remote Control Software (RAT), Remcos.
The Cyber Express
The Comeback of WarzoneRAT: Analyzing the Latest Multi-Stage Attacks
WarzoneRAT, the notorious Remote Administration Tool (RAT) malware, made a comeback despite the FBI's efforts to dismantle its operations earlier
SecurityWeek
Chinese Cyberspies Targeting ASEAN Entities
Two Chinese cyberespionage groups have been targeting entities and member countries affiliated with ASEAN.
%20(1).webp)
Cyber Security News
Hackers Using Weaponized PDF Files to Deliver Mispadu Banking Malware
Mispadu, a banking trojan targeting Latin America, attacks Europe, stealing credentials through phishing emails and malicious URLs.
The Hacker News
Two Chinese APT Groups Ramp Up Cyber Espionage Against ASEAN Countries
Latest Cybersecurity reports unveil two China-linked APT groups targeting ASEAN nations in cyberespionage campaign over the past 3 months.
The Hacker News
Malicious NuGet Package Linked to Industrial Espionage Targets Developers
Suspicious NuGet package 'SqzrFramework480' discovered, potentially targeting devs using Chinese industrial tech. Package may be linked to industrial
SecurityWeek
Suspicious NuGet Package Harvesting Information From Industrial Systems
Suspicious NuGet package targets developers working with technology from Chinese firm Bozhon in possible industrial espionage campaign.
DarkReading
Dubious NuGet Package May Portend Chinese Industrial Espionage
A .NET package available for download right now is either a stealthy industrial systems backdoor or nothing at all.
SecurityWeek
Over 100 Organizations Targeted in Recent 'StrelaStealer' Attacks
More than 100 organizations in the US and EU have been targeted in recent StrelaStealer infostealer campaigns.
Security Affairs
StrelaStealer targeted 100+ organizations across the EU and US
Researchers reported that over 100 organizations in Europe and US were targeted by a wave of large-scale StrelaStealer campaigns
SC Magazine
StrelaStealer malware hits more than 100 EU and US organizations
Security pros say StrelaStealer uses control flow obfuscation — a technique that lets the threat actor better evade detection and reverse engineering.
Bleeping Computer
Over 100 US and EU orgs targeted in StrelaStealer malware attacks
A new large-scale StrelaStealer malware campaign has impacted over a hundred organizations across the United States and Europe, attempting to steal email account credentials.
.png)
Cyber Security News
Cyber Security News Weekly Round-Up : Cyber Attacks, Vulnerabilities, Threats & New Cyber Stories
cybersecurity news will keep you posted on the latest developments, exposures, advances, occurrences, threats, and narratives in this field.
Security Affairs
Russia-linked APT29 targeted German political parties with WINELOADER backdoor
Russia-linked threat actors employ the WINELOADER backdoor in recent attacks targeting German political parties.
The Hacker News
Russian Hackers Use 'WINELOADER' Malware to Target German Political Parties
ybersecurity firm Mandiant links recent cyber attacks on diplomatic entities to Midnight Blizzard, a group with ties to Russia's SVR.
Bleeping Computer
Russian hackers target German political parties with WineLoader malware
Researchers are warning that a notorious hacking group linked to Russia's Foreign Intelligence Service (SVR) is targeting political parties in Germany for the first time, shifting their focus away from the typical targeting of diplomatic missions.
The Hacker News
New StrelaStealer Phishing Attacks Hit Over 100 Organizations in E.U. and U.S.
Researchers at Palo Alto Networks Unit 42 uncover a new wave of phishing attacks delivering StrelaStealer malware, impacting over 100 organizations in
The Hacker News
New BunnyLoader Malware Variant Surfaces with Modular Attack Features
New threat: BunnyLoader 3.0 malware variant emerges with advanced modules for data theft, keylogging, and evasion tactics.
Cyber Security News
Hackers Advertising GlorySprout Stealer On Popular Hacking Forums
Hackers use stealers to gather sensitive information for example login credentials, financial data or personal details from victims’ devices.
The Hacker News
New DEEP#GOSU Malware Campaign Targets Windows Users with Advanced Tactics
New cyberattack campaign, DEEP#GOSU, uses PowerShell & VBScript to target Windows systems.
Latest Hacking News
Microsoft Addressed ~60 Vulnerabilities With March Patch Tuesday
The Patch Tuesday update bundle for March 2024 carries some important security fixes for various Microsoft products. Nonetheless, no specific zero days were reported for this month’s fix. Microsoft March 2024 Patch Tuesday Overview With March updates,
Loading more articles....