News Archives - Arab Security Consultants

Malware Attack Targets World Uyghur Congress Leaders via Trojanized UyghurEdit++ Tool

Wednesday, 30 April 2025 by Ayman Hamam

In a new campaign detected in March 2025, senior members of the World Uyghur Congress (WUC) living in exile have been targeted by a Windows-based malware that’s capable of conducting surveillance. The spear-phishing campaign involved the use of a trojanized version of a legitimate open-source word processing and spell check tool called UyghurEdit++ developed to support the

Published in News

Tagged under: Arab Security Consultants, ASC, C++ spyware., Citizen Lab, cyber attacks, Cyber espionage, digital repression, malware campaign, spear-phishing, State-Sponsored Attacks, transnational repression, Uyghur surveillance, UyghurEdit++

Crypto Developers Targeted by Python Malware Disguised as Coding Challenges

Thursday, 17 April 2025 by Ayman Hamam

The North Korea-linked threat actor assessed to be behind the massive Bybit hack in February 2025 has been linked to a malicious campaign that targets developers to deliver new stealer malware under the guise of a coding assignment. The activity has been attributed by Palo Alto Networks Unit 42 to a hacking group it tracks as Slow Pisces,

Published in News

Tagged under: Arab Security Consultants, ASC, cryptocurrency hacking, Cyber espionage, developer-targeted attacks, Jade Sleet, LinkedIn malware campaigns, macOS Malware, North Korea cyber threats, RN Loader, RN Stealer, Slow Pisces

Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws

Wednesday, 09 April 2025 by Ayman Hamam

A likely lone wolf actor behind the EncryptHub persona was acknowledged by Microsoft for discovering and reporting two security flaws in Windows last month, painting a picture of a “conflicted” individual straddling a legitimate career in cybersecurity and pursuing cybercrime. In a new extensive analysis published by Outpost24 KrakenLabs, the Swedish security company unmasked the up-and-coming cybercriminal, who, about

Published in News

Tagged under: ASC, Cyber threat intelligence, Cybercrime, Cybersecurity Threats, EncryptHub, Fickle Stealer, lone wolf hacker, malware development, Microsoft Patch Tuesday, OpenAI misuse, Windows vulnerabilities

FIN7, FIN8, and Others Use Ragnar Loader for Persistent Access and Ransomware Operations

Tuesday, 11 March 2025 by Ayman Hamam

Threat hunters have shed light on a “sophisticated and evolving malware toolkit” called Ragnar Loader that’s used by various cybercrime and ransomware groups like Ragnar Locker (aka Monstrous Mantis), FIN7, FIN8, and Ruthless Mantis (ex-REvil). “Ragnar Loader plays a key role in keeping access to compromised systems, helping attackers stay in networks for long-term operations,” Swiss cybersecurity company PRODAFT

Published in News

Tagged under: ASC, Cyber Threats, cyberSecurity, ethical hacking, FIN7, FIN8, InfoSec, Malware, Ragnar Loader, Ragnar Locker, Ransomware, Threat Hunting, Threat Intelligence

Android’s New Feature Blocks Fraudsters from Sideloading Apps During Calls

Monday, 17 February 2025 by Ayman Hamam

Google is working on a new security feature for Android that blocks device owners from changing sensitive settings when a phone call is in progress. Specifically, the in-call anti-scammer protections include preventing users from turning on settings to install apps from unknown sources and granting accessibility access. The development was first reported by Android Authority. Users who

Published in News

Tagged under: accessibility restrictions, Android 16, Android security, anti-scam feature, ASC, cyberSecurity, fraud prevention, Google security update, malware prevention, sideloading protection, TOAD attack

U.S. and Dutch Authorities Dismantle 39 Domains Linked to BEC Fraud Network

Tuesday, 04 February 2025 by Ayman Hamam

U.S. and Dutch law enforcement agencies have announced that they have dismantled 39 domains and their associated servers as part of efforts to disrupt a network of online marketplaces originating from Pakistan. The action, which took place on January 29, 2025, has been codenamed Operation Heart Blocker. The vast array of sites in question peddled

Published in News

Tagged under: Arab Security Consultants, ASC, business email compromise, credential theft, cybercrime takedown, cybercriminal networks, HeartSender, law enforcement action, online fraud, Operation Heart Blocker, phishing marketplaces, Saim Raza

Do We Really Need The OWASP NHI Top 10?

Tuesday, 28 January 2025 by Ayman Hamam

The Open Web Application Security Project has recently introduced a new Top 10 project – the Non-Human Identity (NHI) Top 10. For years, OWASP has provided security professionals and developers with essential guidance and actionable frameworks through its Top 10 projects, including the widely used API and Web Application security lists. Non-human identity security represents

Published in News

Tagged under: API Key Risks, Arab Security Consultants, ASC, Cybersecurity Framework, IAM Roles, Machine Credentials, NHI Vulnerabilities, Non-Human Identity Security, OAuth Security, OWASP NHI Top 10, secrets management, Service Account Security

Python-Based Malware Powers RansomHub Ransomware to Exploit Network Flaws

Tuesday, 21 January 2025 by Ayman Hamam

Cybersecurity researchers have detailed an attack that involved a threat actor utilizing a Python-based backdoor to maintain persistent access to compromised endpoints and then leveraged this access to deploy the RansomHub ransomware throughout the target network. According to GuidePoint Security, initial access is said to have been facilitated by means of a JavaScript malware downloaded named SocGholish (aka FakeUpdates), which

Published in News

Tagged under: Arab Security Consultants, ASC, AWS S3 ransomware, Black Basta techniques, C2 tunnel, Codefinger threat actor, Cybersecurity Threats, EDRSilencer, endpoint detection bypass, Lateral Movement, network compromise, phishing campaigns, ransomware attacks, ransomware deployment, SocGholish malware, tags ChatGPT said: ChatGPT Python-based backdoor

PLAYFULGHOST Delivered via Phishing and SEO Poisoning in Trojanized VPN Apps

Monday, 06 January 2025 by Ayman Hamam

Cybersecurity researchers have flagged a new malware called PLAYFULGHOST that comes with a wide range of information-gathering features like keylogging, screen capture, audio capture, remote shell, and file transfer/execution. The backdoor, according to Google’s Managed Defense team, shares functional overlaps with a known remote administration tool referred to as Gh0st RAT, which had its source code publicly leaked

Published in News

Tagged under: advanced malware analysis, ASC, BYOVD attacks, cyber defense strategies., Cybersecurity Threats, DLL hijacking, Gh0st RAT, keylogging, malware infection methods, Phishing Attacks, PLAYFULGHOST malware, remote access trojans, SEO poisoning, Windows malware

When Good Extensions Go Bad: Takeaways from the Campaign Targeting Browser Extensions

Thursday, 02 January 2025 by Ayman Hamam

News has been making headlines over the weekend of the extensive attack campaign targeting browser extensions and injecting them with malicious code to steal user credentials. Currently, over 25 extensions, with an install base of over two million users, have been found to be compromised, and customers are now working to figure out their exposure (LayerX, one

Published in News

Tagged under: ASC, browser extension attacks, browser security, browser security threats, cyberattack prevention, cybersecurity news 2024, extension vulnerabilities, malicious browser extensions, malicious code injection, organizational cybersecurity, protecting user credentials

Category: News