• in News

    INTERPOL Arrests 5,500 in Global Cybercrime Crackdown, Seizes Over $400 Million

    A global law enforcement operation has led to the arrest of more than 5,500 suspects involved in financial crimes and the seizure of more than $400 million in virtual assets and government-backed currencies. The coordinated exercise saw the participation of authorities from 40 countries, territories, and regions as part of the latest wave of Operat...
  • in News

    THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 18 – Nov 24)

    We hear terms like “state-sponsored attacks” and “critical vulnerabilities” all the time, but what’s really going on behind those words? This week’s cybersecurity news isn’t just about hackers and headlines—it’s about how digital risks shape our lives in ways we might not even realize. For instance, t...
  • in News

    PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs Released

    Palo Alto Networks has released new indicators of compromise (IoCs) a day after the network security vendor confirmed that a new zero-day vulnerability impacting its PAN-OS firewall management interface has been actively exploited in the wild. To that end, the company said it observed malicious activity originating from below IP addresses and targe...
  • in News

    Palo Alto Advises Securing PAN-OS Interface Amid Potential RCE Threat Concerns

    Palo Alto Networks on Friday issued an informational advisory urging customers to ensure that access to the PAN-OS management interface is secured because of a potential remote code execution vulnerability. “Palo Alto Networks is aware of a claim of a remote code execution vulnerability via the PAN-OS management interface,” the company ...
  • in News

    Stop LUCR-3 Attacks: Learn Key Identity Security Tactics in This Expert Webinar

    Did you know that advanced threat actors can infiltrate the identity systems of major organizations and extract sensitive data within days? It’s a chilling reality, becoming more common and concerning by the day. These attackers exploit vulnerabilities in SaaS and cloud environments, using compromised identities to move laterally within netwo...
  • in News

    Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel

    A new attack technique could be used to bypass Microsoft’s Driver Signature Enforcement (DSE) on fully patched Windows systems, leading to operating system (OS) downgrade attacks. “This bypass allows loading unsigned kernel drivers, enabling attackers to deploy custom rootkits that can neutralize security controls, hide processes and ne...
  • in News

    OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf

    The Iranian threat actor known as OilRig has been observed exploiting a now-patched privilege escalation flaw impacting the Windows Kernel as part of a cyber espionage campaign targeting the U.A.E. and the broader Gulf region. “The group utilizes sophisticated tactics that include deploying a backdoor that leverages Microsoft Exchange servers...
  • in News

    Cybercriminals Exploit CrowdStrike Update Mishap to Distribute Remcos RAT Malware

    Cybersecurity firm CrowdStrike, which is facing the heat for causing worldwide IT disruptions by pushing out a flawed update to Windows devices, is now warning that threat actors are exploiting the situation to distribute Remcos RAT to its customers in Latin America under the guise of a providing a hotfix. The attack chains involve distributing a Z...
  • in Uncategorized

    Singapore Banks to Phase Out OTPs for Online Logins Within 3 Months

    Retail banking institutions in Singapore have three months to phase out the use of one-time passwords (OTPs) for authentication purposes when signing into online accounts to mitigate the risk of phishing attacks. The decision was announced by the Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS) on July 9, 2024....
  • in News

    Webinar Alert: Learn How ITDR Solutions Stop Sophisticated Identity Attacks

    Identity theft isn’t just about stolen credit cards anymore. Today, cybercriminals use advanced tactics to infiltrate organizations and cause major damage with compromised credentials. The stakes are high: ransomware attacks, lateral movement, and devastating data breaches. Don’t be caught off guard. Join us for a groundbreaking webinar...
  • in News

    RedJuliett Cyber Espionage Campaign Hits 75 Taiwanese Organizations

    A likely China-linked state-sponsored threat actor has been linked to a cyber espionage campaign targeting government, academic, technology, and diplomatic organizations in Taiwan between November 2023 and April 2024. Recorded Future’s Insikt Group is tracking the activity under the name RedJuliett, describing it as a cluster that operates in...
  • in News
    Hugging Face logo with a lock symbol indicating a security breach on the Spaces platform

    AI Company Hugging Face Detects Unauthorized Access to Its Spaces Platform

    Artificial Intelligence (AI) company Hugging Face on Friday disclosed that it detected unauthorized access to its Spaces platform earlier this week. “We have suspicions that a subset of Spaces’ secrets could have been accessed without authorization,” it said in an advisory. Spaces offers a way for users to create, host, and share ...
  • in News

    Experts Find Flaw in Replicate AI Service Exposing Customers’ Models and Data

    Cybersecurity researchers have discovered a critical security flaw in artificial intelligence (AI)-)-as-a-service provider Replicate that could have allowed threat actors to gain access to proprietary AI models and sensitive information. “Exploitation of this vulnerability would have allowed unauthorized access to the AI prompts and results o...
  • in News

    Kinsing Hacker Group Exploits More Flaws to Expand Botnet for Cryptojacking

    The crypto-jacking group known as Kinsing has demonstrated an ability to continuously evolve and adapt, proving to be a persistent threat by swiftly integrating newly disclosed vulnerabilities into the exploit arsenal and expanding its botnet. The findings come from cloud security firm Aqua, which described the threat actor as actively orchestratin...
  • in News

    FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT

    The financially motivated threat actor known as FIN7 has been observed leveraging malicious Google ads spoofing legitimate brands as a means to deliver MSIX installers that culminate in the deployment of NetSupport RAT. “The threat actors used malicious websites to impersonate well-known brands, including AnyDesk, WinSCP, BlackRock, Asana, Co...
  • in News

    Vultur Android Banking Trojan Returns with Upgraded Remote Control Capabilities

    The Android banking trojan known as Vultur has resurfaced with a suite of new features and improved anti-analysis and detection evasion techniques, enabling its operators to remotely interact with a mobile device and harvest sensitive data. “Vultur has also started masquerading more of its malicious activity by encrypting its C2 communication...
  • in News

    Hackers Using Cracked Software on GitHub to Spread RisePro Info Stealer

    Cybersecurity researchers have found several GitHub repositories offering cracked software that is used to deliver an information stealer called RisePro. The campaign, codenamed gitgub, includes 17 repositories associated with 11 different accounts, according to G DATA. The repositories in question have since been taken down by the Microsoft-owned ...
  • in News

    Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets

    Microsoft on Friday revealed that the Kremlin-backed threat actor known as Midnight Blizzard (aka APT29 or Cozy Bear) managed to gain access to some of its source code repositories and internal systems following a hack that came to light in January 2024. “In recent weeks, we have seen evidence that Midnight Blizzard is using information initi...
  • in News

    U.S. Court Orders NSO Group to Hand Over Pegasus Spyware Code to WhatsApp

    A U.S. judge has ordered NSO Group to hand over its source code for Pegasus and other products to Meta as part of the social media giant’s ongoing litigation against the Israeli spyware vendor. The decision marks a major legal victory for Meta, which filed the lawsuit in October 2019 for using its infrastructure to distribute the spyware to a...
  • in News

    Microsoft Expands Free Logging Capabilities for all U.S. Federal Agencies

    Microsoft has expanded free logging capabilities to all U.S. federal agencies using Microsoft Purview Audit irrespective of the license tier, more than six months after a China-linked cyber espionage campaign targeting two dozen organizations came to light. “Microsoft will automatically enable the logs in customer accounts and increase the de...
  • in News

    FBI’s Most-Wanted Zeus and IcedID Malware Mastermind Pleads Guilty

    A Ukrainian national has pleaded guilty in the U.S. to his role in two different malware schemes, Zeus and IcedID, between May 2009 and February 2021. Vyacheslav Igorevich Penchukov (aka Vyacheslav Igoravich Andreev, father, and tank), 37, was arrested by Swiss authorities in October 2022 and extradited to the U.S. last year. He was added to the...
  • in News

    Raspberry Robin Malware Upgrades with Discord Spread and New Exploits

    The operators of Raspberry Robin are now using two new one-day exploits to achieve local privilege escalation, even as the malware continues to be refined and improved to make it stealthier than before. This means that “Raspberry Robin has access to an exploit seller or its authors develop the exploits themselves in a short period,” Che...
  • in News

    U.S. Sanctions 6 Iranian Officials for Critical Infrastructure Cyber Attacks

    The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions against six officials associated with the Iranian intelligence agency for attacking critical infrastructure entities in the U.S. and other countries. The officials include Hamid Reza Lashgarian, Mahdi Lashgarian, Hamid Homayunfal, Milad Mansuri, Mohamma...
  • in News

    AllaKore RAT Malware Targeting Mexican Firms with Financial Fraud Tricks

    Mexican financial institutions are under the radar of a new spear-phishing campaign that delivers a modified version of an open-source remote access trojan called AllaKore RAT. The BlackBerry Research and Intelligence Team attributed the activity to an unknown Latin American-based financially motivated threat actor. The campaign has been active sin...
  • in News

    Chinese Hackers Silently Weaponized VMware Zero-Day Flaw for 2 Years

    An advanced China-nexus cyber espionage group previously linked to the exploitation of security flaws in VMware and Fortinet appliances has been linked to the abuse of a critical vulnerability in VMware vCenter Server as a zero-day since late 2021. “UNC3886 has a track record of utilizing zero-day vulnerabilities to complete their mission wit...
  • in News

    29-Year-Old Ukrainian Cryptojacking Kingpin Arrested for Exploiting Cloud Services

    Introduction A 29-year-old Ukrainian national has been apprehended in Mykolaiv, Ukraine, in connection with a highly sophisticated cryptojacking operation. The suspect allegedly earned over $2 million (€1.8 million) in illicit profits through unauthorized use of computing resources for cryptocurrency mining. The arrest was made possible through a c...
  • in News

    Three Ways To Supercharge Your Software Supply Chain Security

    Section four of the “Executive Order on Improving the Nation’s Cybersecurity” introduced a lot of people in tech to the concept of a “Software Supply Chain” and securing it. If you make software and ever hope to sell it to one or more federal agencies, you have to pay attention to this. Even if you never plan...
  • in News

    Double-Extortion Play Ransomware Strikes 300 Organizations Worldwide

    According to a new joint cybersecurity advisory from Australia and the U.S., the threat actors behind the Play ransomware are estimated to have impacted approximately 300 entities as of October 2023. “Play ransomware actors employ a double-extortion model, encrypting systems after exfiltrating data and have impacted a wide range of businesses...
  • in News

    New Malvertising Campaign Distributing PikaBot Disguised as Popular Software

    The malware loader known as PikaBot is being distributed as part of a malvertising campaign targeting users searching for legitimate software like AnyDesk. “PikaBot was previously only distributed via malspam campaigns similarly to QakBot and emerged as one of the preferred payloads for a threat actor known as TA577,” Malwarebytes’...
  • in News

    Microsoft Warns of Storm-0539: The Rising Threat Behind Holiday Gift Card Frauds

    Microsoft is warning of an uptick in malicious activity from an emerging threat cluster it’s tracking as Storm-0539 for orchestrating gift card fraud and theft via highly sophisticated email and SMS phishing attacks against retail entities during the holiday shopping season. The goal of the attacks is to propagate booby-trapped links that dir...
  • in News

    SLAM Attack: New Spectre-based Vulnerability Impacts Intel, AMD, and Arm CPUs

    Researchers from the Vrije Universiteit Amsterdam have disclosed a new side-channel attack called SLAM that could be exploited to leak sensitive information from kernel memory on current and upcoming CPUs from Intel, AMD, and Arm. The attack is an end-to-end exploit for Spectre based on a new feature in Intel CPUs called Linear Address Masking (LAM...
  • in News

    Agent Racoon Backdoor Targets Organizations in Middle East, Africa, and U.S.

    In a recent analysis, Palo Alto Networks Unit 42 researcher Chema Garcia revealed a targeted cyber threat affecting organizations in the Middle East, Africa, and the United States. The unknown threat actor is distributing a sophisticated backdoor named Agent Racoon, developed using the .NET framework. The malware exploits the domain name service (D...
  • in News

    Cybercriminals Using Telekopye Telegram Bot to Craft Phishing Scams on a Grand Scale

    More details have emerged about a malicious Telegram bot called Telekopye that’s used by threat actors to pull off large-scale phishing scams. “Telekopye can craft phishing websites, emails, SMS messages, and more,” ESET security researcher Radek Jizba said in a new analysis. The threat actors behind the operation – codenamed Nean...
  • in News

    8 Base Group Deploying New Phobos Ransomware Variant via SmokeLoader

    A subgroup within the infamous Lazarus Group, recognized as Sapphire Sleet, has recently altered its modus operandi by employing a variant of the Phobos ransomware in its financially motivated cyberattacks. This strategic shift has been documented by cybersecurity researchers at Cisco Talos, who have observed an uptick in activities carried out by ...
  • in News

    Microsoft Warns of Fake Skills Assessment Portals Targeting IT Job Seekers

    The well-known Lazarus Group has evolved, with a faction now setting up deceptive platforms masquerading as skill assessment portals, part of their new social engineering tactics. Identified by Microsoft as Sapphire Sleet, this alteration marks a change in the group’s persistent methods. Sapphire Sleet, also recognized as APT38, BlueNoroff, C...
  • in News

    Google’s New “Independent Security Review” Badge: Enhancing App Safety in Play Store

    Introduction In an age where we rely heavily on mobile applications for various aspects of our daily lives, ensuring their security is paramount. Google is taking a significant step to bolster app safety in the Play Store by introducing the “Independent Security Review” badge. This badge is designed to provide users with more informatio...
  • in News

    Signal App Refutes Alleged Zero-Day Flaw Amidst Security Debates

    Signal, the renowned encrypted messaging app, has firmly pushed back against recent reports of an alleged zero-day vulnerability in its software. The company conducted a thorough investigation and stated that it found no concrete evidence to substantiate the claim. In a series of messages posted on social media platform X (formerly Twitter), Signal...
  • in News

    Persistent Cyber Campaign “Stayin’ Alive” Targets High-Profile Asian Government and Telecom Entities

    In a noteworthy development, a cyber campaign known as “Stayin’ Alive” has been actively targeting prominent government and telecom organizations across Asia since 2021. The campaign, discovered by cybersecurity firm Check Point, is characterized by its deployment of basic backdoors and loaders to deliver more advanced malware in ...
  • in News

    CERT-UA Reports: 11 Ukrainian Telecom Providers Hit by Cyberattacks

    Ukraine, a nation that has been no stranger to cyber threats, is again in the spotlight. The Ukrainian Computer Emergency Response Team (CERT-UA) has recently reported a series of cyberattacks targeting the country’s telecommunications providers. This alarming development raises concerns about critical infrastructure security and underscores ...
  • in News

    Microsoft Warns of Cyber Attacks Attempting to Breach Cloud via SQL Server Instance

    In a recent cybersecurity incident, Microsoft has shed light on a thwarted cyber attack, where hackers made an unsuccessful attempt to breach a cloud environment through an SQL Server instance. The assault kicked off with the exploitation of an SQL injection vulnerability present in a particular application. This initial breach granted unauthorized...
  • in News
    API-Security-Trends-2023–Have-Organizations-Improved-their-Security-Posture?

    API Security Trends 2023 | Have Organizations Improved their Security Posture?

    What are the APIs? known as application programming interfaces, are the backbone of modern software applications, enabling seamless communication and data exchange between different systems and platforms. They provide developers with an interface to interact with external services, allowing them to integrate various functionalities into their appli...
  • in News

    After an OPSEC blunder, North Korean nation-state actors were exposed in the JumpCloud hack

    North Korean nation-state actors linked to the Reconnaissance General Bureau (RGB) have been connected to the JumpCloud hack due to a security oversight that exposed their IP address. The threat intelligence firm Mandiant, owned by Google, attributes the activity to UNC4899, which has similarities with other groups known as Jade Sleet and TraderTra...
  • in News

    The new malware ‘Letscall’ uses voice traffic routing to send audio

    A warning has been issued regarding a sophisticated form of voice phishing (vishing) called “Letscall” that specifically targets individuals in South Korea. This advanced technique involves deceiving victims into downloading malicious apps from a fake Google Play Store website. Once installed, the malware redirects incoming calls to a c...
  • in News

    A Mexican hacker uses Android malware to attack global banks

    An e-crime actor, known as Neo_Net, has been identified as the perpetrator of an Android mobile malware campaign targeting global financial institutions, with a specific focus on Spanish and Chilean banks. The campaign, which occurred between June 2021 and April 2023, resulted in the theft of over 350,000 EUR and the compromise of Personally Identi...
  • in News

    Diicot expands tactics with Cayosin Botnet, from crypto-jacking to DDoS attacks

    Cybersecurity researchers have uncovered new information about the Romanian threat actor Diicot, revealing its potential for launching distributed denial-of-service (DDoS) attacks. Diicot, also known as Mexals, was initially discovered in July 2021 and was linked to a cryptojacking campaign. Recent analysis shows that Diicot is now using an off-the...
  • in News

    More than 1,000 fake cryptocurrency sites trap users in bogus reward schemes

    A large-scale cryptocurrency scam has been uncovered, involving over 1,000 fraudulent websites that have deceived users since January 2021. Trend Micro researchers have linked this scam to a Russian-speaking threat actor called “Impulse Team.” The scam operates through an advanced fee fraud scheme, where victims are tricked into believi...
  • in News

    Cryptocurrency is stolen through a new malware campaign using Satacom Downloader

    A recent malware campaign has been discovered that utilizes the Satacom downloader to distribute stealthy malware for cryptocurrency theft. The malware aims to steal BTC from victims’ accounts by injecting malicious code into targeted cryptocurrency websites. The campaign primarily targets users of popular cryptocurrency platforms such as Coi...
  • in News

    Millions of WordPress sites are affected by an urgent WordPress update that fixes a critical flaw in the Jetpack plugin

    WordPress Releases Automatic Update to Fix Critical Jetpack Plugin Vulnerability WordPress has taken immediate action to address a critical flaw in the widely used Jetpack plugin, which is installed on over five million websites. The automatic update was prompted by the discovery of a vulnerability during an internal security audit. The flaw stems ...
  • in News

    Stealthy Bandit Stealer: A New Malware Targeting Web Browsers and Cryptocurrency Wallets

    A sophisticated and stealthy information-stealing malware called Bandit Stealer has recently emerged, posing a significant threat to web browsers and cryptocurrency wallets. Trend Micro, a leading cybersecurity company, highlighted the malware’s capability to potentially expand to other platforms due to its development using the Go programmin...
  • in News

    Critical OAuth Vulnerability in Expo Framework Raises Account Hijacking Concerns

    A significant security vulnerability has been exposed in the Open Authorization (OAuth) implementation of Expo.io, a popular application development framework. Assigned the CVE identifier CVE-2023-28131, this vulnerability carries a high severity rating of 9.6 on the CVSS scoring system. API security firm Salt Labs has reported that the flaw leaves...
  • in News

    Advanced Reconnaissance Malware strikes again by North Korean Kimsuky Hackers

    Kimsuky, a North Korean advanced persistent threat (APT) group, has been using custom malware called RandomQuery as part of its reconnaissance and information exfiltration operation. The group’s ongoing targeted campaign, primarily geared towards information services and organizations supporting human rights activists and North Korean defecto...
  • in News

    The Python Package Index Repository is under attack: Registrations and uploads have been halted temporarily

    Python Package Index (PyPI), the official repository for third-party software in the Python programming language, has temporarily disabled user sign-ups and the ability to upload new packages until further notice. The PyPI administrators made this decision due to a recent surge in malicious users and projects on the platform, which has overwhelmed ...
  • in News

    There are 85% of ransom payments going to affiliates from Qilin Ransomware

    New findings from Group-IB shed light on the payment structure within the Qilin ransomware-as-a-service (RaaS) scheme, revealing that ransomware affiliates receive a significant share of each ransom payment, ranging from 80% to 85%. Group-IB managed to infiltrate the group in March 2023, leading to insights into the payment structure and inner work...
  • in News

    Cybercriminals can now generate convincing phishing pages using a new Phishing-as-a-Service platform

    A new phishing-as-a-service (PhaaS or PaaS) platform called Greatness has been utilized by cybercriminals to target business users of Microsoft 365 cloud service since mid-2022. This Phishing kit provides affiliates with a link and attachment builder to create convincing decoy and login pages that have features like pre-filled victim email addresse...
  • in News

    A zero-day bug has been fixed in Microsoft’s May Patch Tuesday

    Microsoft has released its Patch Tuesday updates for May 2023, which include fixes for 38 security vulnerabilities, including one zero-day flaw currently being actively exploited. The Zero Day Initiative (ZDI) from Trend Micro reports that this is the lowest number of security fixes released since August 2021, but warns that this number is likely t...
  • in News

    New Web-Inject Toolkit DrIBAN Targets Italian Corporate Banking Clients

    Italian corporate banking clients are under attack from an ongoing financial fraud campaign that uses a web-inject toolkit called drIBAN since at least 2019. According to Cleafy researchers Federico Valentini and Alessandro Strino, the main goal of drIBAN fraud operations is to infect Windows workstations in corporate environments and alter legitim...
  • in News

    North Korea’s ScarCruft uses LNK file infection chains to spread RokRAT malware

    North Korea’s ScarCruft, also known as APT37, InkySquid, Nickel Foxcroft, Reaper, RedEyes, and Ricochet Chollima, is a threat group that targets South Korean individuals and entities through spear-phishing attacks. The group’s malware of choice, RokRAT, is capable of credential theft, data exfiltration, system information gathering, com...
  • in News

    Critical Flaws in Illumina’s DNA Sequencing Instruments Warned by CISA

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an Industrial Control Systems (ICS) medical advisory warning of a critical flaw that affects Illumina medical devices. The Universal Copy Service (UCS) software in several DNA sequencing instruments, including the iSeq 100, MiSeq, NextSeq 550, and NovaSeq 6000, is impacted by t...
  • in News, Uncategorized

    PingPull Linux Variant Used in Targeted Cyberattacks by Chinese Hackers

    Alloy Taurus, a Chinese nation-state group notorious for attacking telecom companies since 2012, has been spotted using a Linux variation of the backdoor PingPull and a new unnamed tool called Sword2033. Palo Alto Networks Unit 42 discovered these malicious activities recently, targeting South Africa and Nepal. These attacks also include financial ...
  • in News

    Iranian Government-Sponsored Hackers Target US Energy and Transit Infrastructure

    A group backed by the Iranian government, dubbed Mint Sandstorm, has been connected to cyber-attacks targeting critical US infrastructure from late 2021 to mid-2022. Microsoft’s Threat Intelligence team stated that this subgroup is skilled and operationally mature, capable of swiftly developing custom tools and exploiting N-day vulnerabilitie...
  • in News

    Urgent Chrome update fixes actively exploited zero-day vulnerability

    Google has released an urgent update to fix a zero-day vulnerability in Chrome that is being actively exploited, making it the first such bug to be addressed this year. The vulnerability, tracked as CVE-2023-2033, is a high-severity type confusion issue in the V8 JavaScript engine. Google acknowledged that an exploit for the vulnerability exists in...
  • in News

    Cryptocurrency Stealer Malware Found in 13 Malicious NuGet Packages

    Experts in cybersecurity have uncovered the mechanics behind a cryptocurrency stealer malware distributed through 13 malignant NuGet packages. This supply chain attack targeted .NET developers and employed a sophisticated typosquatting campaign. Impersonating legitimate packages, the attackers executed PowerShell code to obtain a secondary binary f...
  • in News

    Attack on Taiwanese PC manufacturer MSI resulted in a ransomware attack

    MSI, the Taiwanese PC company, has officially confirmed that it was the victim of a cyber attack on its systems. The company promptly initiated incident response and recovery measures after detecting network anomalies and alerted law enforcement agencies. However, MSI did not disclose any specifics about the attack or whether any proprietary inform...
  • in News

    Arid Viper Hacking Group Utilizes Enhanced Rorschach Ransomware in Middle East Cyber Attacks

    cybersecurity experts have unveiled a previously unknown and highly sophisticated ransomware variant, Rorschach, which is both advanced and swift. Rorschach ransomware distinguishes itself from other strains with its exceptional customization and unique technical features not previously seen in ransomware, according to a report by Check Point Resea...
  • in News

    WordPress Elementor Pro Vulnerability Exploited by Hackers

    Actively exploited by unidentified cybercriminals, a recently patched security vulnerability is found within the WordPress Elementor Pro website builder plugin. Affecting versions 3.11.6 and earlier, this broken access control flaw was resolved by the plugin developers in the 3.11.7 version, released on March 22. In the release notes, the Tel Aviv-...
  • in News

    North Korean APT43 Cyber Group Targets Strategic Intelligence and Financial Gains

    A newly identified North Korean cyber group, APT43, has been linked to multiple campaigns aimed at gathering strategic intelligence in line with Pyongyang’s geopolitical interests since 2018. Tracked by Google-owned Mandiant, APT43’s objectives include both espionage and financial motives, employing methods such as credential harvesting...
  • in News

    Microsoft Shares Guidance on Detecting Outlook Vulnerability Exploited by Russian Hackers

    On Friday, Microsoft provided insights to assist users in identifying indicators of compromise (IoCs) linked to a recently patched Outlook vulnerability. Known as CVE-2023-23397 (CVSS score: 9.8), this critical vulnerability involves a privilege escalation issue that could be exploited to steal NT Lan Manager (NTLM) hashes and execute a relay attac...
  • in News

    Linux SSH Servers Targeted in ShellBot Malware Campaign

    A new campaign targeting poorly managed Linux SSH servers has been identified, deploying various strains of malware called ShellBot. The AhnLab Security Emergency Response Center (ASEC) reported that ShellBot, also known as PerlBot, is a DDoS bot malware developed in Perl, which typically uses the IRC protocol for communication with its C&C ser...
  • in News

    The Chinese hackers exploited a zero-day vulnerability in Fortinet to espionage

    Mandiant, the threat intelligence firm, has linked the zero-day exploitation of a medium-severity security flaw in the Fortinet FortiOS operating system to a suspected Chinese hacking group. The attack is part of a broader campaign to deploy backdoors onto Fortinet and VMware solutions and maintain persistent access to victim environments. Mandiant...
  • in News

    A 3-year-old vulnerability has been exploited by multiple hacker groups to breach U.S. government agencies

    Recently, a critical security flaw in Progress Telerik was exploited by multiple threat actors, including a nation-state group, to gain unauthorized access to an unnamed federal entity in the U.S. The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Cent...
  • in News

    Fake ChatGPT Chrome extensions hijack Facebook accounts to display malicious ads

    A malicious Chrome browser extension branded as ChatGPT has been discovered to hijack Facebook accounts and create rogue admin accounts. This highlights one of the different methods cyber criminals are using to distribute malware. Guardio Labs researcher Nati Tal warns that by hijacking high-profile Facebook business accounts, the threat actor crea...
  • in News

    The Lazarus Group exploits a zero-day vulnerability to hack a South Korean financial institution

    The Lazarus Group, believed to be linked to North Korea, has been observed exploiting undisclosed software vulnerabilities to breach a South Korean financial business entity twice within a year. The first attack in May 2022 involved the use of a vulnerable version of a widely-used certificate software, while the second attack in October 2022 exploi...
  • in News

    An attack on critical infrastructure firms using Facebook ads is known as SYS01stealer

    Cybersecurity experts have uncovered a new information stealer called SYS01stealer, which targets critical government infrastructure employees, manufacturing companies, and other sectors. Israeli cybersecurity firm Morphisec reports that the attack campaign aims to steal sensitive information, such as login data, cookies, and Facebook ad and busine...
  • in News

    Southeast Asian governments are being targeted by Sharp Panda’s new Soul Framework version

    Chinese threat actor Sharp Panda has been targeting high-profile government entities in Southeast Asia since late last year in a cyber espionage campaign. Israeli cybersecurity company Check Point has identified the use of a new version of the Soul modular framework as characterizing the intrusions, marking a departure from the group’s attack...
  • in News

    Mexican banks are being targeted by FiXS ATM malware

    A new ATM malware strain called FiXS has been detected attacking Mexican banks since the beginning of February 2023. Latin American cybersecurity firm Metabase Q reported that the ATM malware is concealed within another program that appears to be non-malicious. FiXS is not dependent on any specific vendor, is vendor-agnostic, and can infect any tel...
  • in News

    Hackers targeting European entities with MQsTTang backdoors

    The Mustang Panda actor, which is aligned with China, has been observed using a new custom backdoor named MQsTTang as part of an ongoing social engineering campaign that started in January 2023. ESET researcher Alexandre Côté Cyr reported that MQsTTang seems to be a standalone backdoor not based on existing malware families or publicly available...
  • in News

    A new variant of the SysUpdate malware attacks Linux and employs evasion tactics

    The threat group known as Lucky Mouse has released a Linux version of its SysUpdate malware toolkit, enabling it to target Linux devices. The updated artifact, which dates back to July 2022, has new features aimed at avoiding security software and resisting reverse engineering. Lucky Mouse, also known as APT27, Bronze Union, Emissary Panda, and...
  • in News

    Users are vulnerable to command injection attacks due to a critical flaw in Cisco IP Phone Series

    On March 1, 2023, Cisco released security updates for its IP Phone series 6800, 7800, 7900, and 8800 to address a critical command injection vulnerability (CVE-2023-20078) rated 9.8 on the CVSS scoring system. The flaw is caused by a web-based management interface, which lacks proper user-supplied input validation, allowing an unauthenticated, remo...
  • in News

    Trojanized macOS apps are used by hackers to distribute cryptocurrency mining malware

    Jamf Threat Labs has discovered that Trojanized versions of legitimate applications are being used to deploy evasive cryptocurrency mining malware on macOS systems. The malware, called XMRig coin miner, is executed by an unauthorized modification in Final Cut Pro, an Apple video editing software. The malware makes use of the Invisible Internet Proj...
  • in News

    Apple warns of three new vulnerabilities affecting iPhones, iPads, and Macs

    Apple has released revised security advisories to address three new vulnerabilities that could impact iOS, iPadOS, and macOS. One of the vulnerabilities is a race condition in the Crash Reporter component that could allow a malicious actor to read arbitrary files as root, while the other two vulnerabilities in the Foundation framework could be weap...
  • in News

    Norway confiscates $5.84 million worth of cryptocurrency stolen by Lazarus hackers

    The Norwegian police agency Økokrim has announced the seizure of $5.84 million worth of cryptocurrency, which was stolen by the Lazarus Group in March 2022 after the Axie Infinity Ronin Bridge hack. The Oslo-based crime-fighting unit stated that this case highlights its capacity to trace the money trail on the blockchain, even when criminals use...
  • in News

    Open Source Antivirus Software ClamAV Detected with Critical RCE Vulnerability

    Cisco has recently released security updates to address a severe vulnerability in the ClamAV open-source antivirus engine, which could result in remote code execution on susceptible devices. The vulnerability is tracked as CVE-2023-20032, with a CVSS score of 9.8, and it pertains to remote code execution in the HFS+ file parser component. Versions ...
  • in News

    New M2RAT malware from North Korea’s APT37 targets South Korea

    The notorious APT37, a North Korea-linked threat actor, has recently been spotted utilizing a new piece of malware called M2RAT in its ongoing attacks against its southern neighbor. These developments signify a further evolution of the group’s tools and tactics. APT37, also known as Reaper, RedEyes, Ricochet Chollima, and ScarCruft, is associ...
  • in News

    Thousands of WordPress sites have been infected by a massive AdSense fraud campaign

    The malicious black hat redirect malware campaign has now grown larger and more insidious, infecting over 10,800 websites with over 70 bogus domains, mimicking URL shorteners. The main objective of this malware is to artificially increase traffic to pages that contain Google Ads, generating revenue from AdSense ID, which is used for ad fraud. The...
  • in News

    Massive HTTP DDoS Attack Hits Record High of 71 Million Requests Per Second

    Cloudflare, the web infrastructure company, stopped an unprecedented DDoS attack on Monday with a record-breaking peak of over 71 million requests per second. This historic “hyper-volumetric” attack was the largest HTTP DDoS attack on record, surpassing the previous 46 million RPS attack that was mitigated by Google Cloud in June 2022. ...
  • in News

    A zero-day vulnerability has been discovered in Apple’s iOS, iPadOS, macOS, and Safari

    Apple has taken swift action to safeguard its users by releasing security updates for its various operating systems, including iOS, iPadOS, macOS, and Safari, to fix a critical zero-day vulnerability. The flaw, tracked as CVE-2023-23529, is a type of confusion bug in the WebKit browser engine that could allow malicious actors to execute arbitrary c...
  • in News

    CISA Warns of Active Attacks Exploiting TerraMaster NAS, Fortra MFT, and Intel Driver Flaws

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to the public, adding three newly discovered security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. This move is a result of evidence suggesting that these flaws are being actively abused in the wild. Among the three is CVE-2022-24990, a se...
  • in News

    A security breach at Reddit exposed internal documents and source code

    Reddit, the well-known social news aggregation platform, has fallen victim to a vicious and calculated phishing attack. On February 5th, 2023, the attackers targeted Reddit’s employees with plausible-sounding prompts that redirected them to a fake website that appeared to be Reddit’s intranet portal. The sole purpose of this deceitful a...
  • in News

    New OpenSSL updates fix multiple security flaws

    The OpenSSL Project has taken immediate action to safeguard its users by releasing critical fixes to address several severe security vulnerabilities in its open-source encryption toolkit. One such vulnerability, tracked as CVE-2023-0286, is a high-severity bug that could potentially put users at risk of malicious attacks. According to the advisory ...
  • in News

    The vulnerability of multiple document management systems has been exposed in an unprecedented manner

    Eight unpatched security vulnerabilities have been found in open-source and freemium document management systems (DMS) offered by four vendors, LogicalDOC, Mayan, ONLYOFFICE, and OpenKM.These flaws were revealed by cybersecurity firm Rapid7 and allow for a malicious actor to trick a user into saving a harmful document on the platform, and once inde...
  • in News

    Hackers in Russia use Graphiron malware to steal Ukrainian data

    A Russia-affiliated adversary has been caught utilizing new information-stealing malware in cyberattacks aimed at Ukraine. Named Graphiron by Symantec, a subsidiary of Broadcom, the malware is the work of an espionage group known as Nodaria, which is monitored by the Computer Emergency Response Team of Ukraine (CERT-UA) under the label UAC-0056. Ac...
  • in News

    Russian hacker pleads guilty to money laundering using Ryuk Ransomware attacks

    On February 7, 2023, a Russian national, Denis Mihaqlovic Dubnikov, admitted to money laundering and concealing the source of funds obtained through Ryuk ransomware attacks in a U.S. court. Dubnikov, who was arrested in Amsterdam in November 2021 and later extradited from the Netherlands in August 2022, will be sentenced on April 11, 2023. Accordin...
  • in News

    Ukrainian State Authorities are being alerted to Remcos software-driven cyberattacks

    The Ukrainian Computer Emergency Response Team (CERT-UA) has issued a warning about ongoing cyber attacks targeting state authorities in the country that use a legitimate remote access software named Remcos. The widespread phishing campaign has been traced back to a threat actor known as UAC-0050, and the agency has described the nature of the atta...
  • in News

    Joint law enforcement cracks encrypted messaging app used by criminal groups

    A collaborative law enforcement effort by Germany, the Netherlands, and Poland resulted in the dismantling of the encrypted messaging platform Exclu.Eurojust reported the arrests of 45 individuals in Belgium and the Netherlands, including users, administrators, and owners of the service. During raids in 79 locations, authorities seized €5.5 million...
  • in News

    Sliver C2 Framework is exploited by hackers through Sunlogin vulnerabilities

    Cybercriminals are exploiting known weaknesses in the Sunlogin software to deploy the Sliver Command-and-Control (C2) framework for post-exploitation activities. This was uncovered by the AhnLab Security Emergency Response Center (ASEC), which discovered that security flaws in the Chinese-developed remote desktop program, Sunlogin, are being taken ...
  • in News

    The GitHub Desktop and Atom Code-Signing Certificates were stolen by hackers

    GitHub, a subsidiary of Microsoft, announced that unknown attackers managed to extract encrypted code signing certificates related to some versions of GitHub Desktop for Mac and Atom applications. To ensure security, the company is revoking the affected certificates. As a result, certain versions of GitHub Desktop for Mac, including 3.0.2 to 3.1.2 ...
  • in News

    Russian and Iranian hackers target key industries according to British Cyber Agency

    The National Cyber Security Centre (NCSC) of the United Kingdom has issued a warning about spear-phishing attacks orchestrated by state-sponsored actors from Russia and Iran. The attacks are aimed at specific sectors, including academia, defense, government organizations, NGOs, and think tanks, as well as politicians, journalists, and activists, an...
  • in News

    Components and obfuscations of Gootkit malware continue to evolve

    The actors responsible for the Gootkit malware have made significant modifications to their toolset, incorporating new components and obfuscations into their infection methods. The Google-owned cybersecurity firm, Mandiant, is keeping a close eye on the cluster of activity known as UNC2565 and has determined that the usage of the Gootkit malware is...
  • in News

    New Golang-based ‘SwiftSlicer’ malware attacks Ukraine

    Ukraine has been the target of a recent cyber attack from Russia, utilizing a previously unseen data wiper called SwiftSlicer. The attack was attributed to Sandworm, a state-sponsored group linked to Military Unit 74455 of the GRU, the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation. ESET disclosed...
  • in News

    GoTo, the parent company of LastPass, suffers a data breach, and customers’ backups Compromised

    On Tuesday, GoTo (formerly LogMeIn), the parent company of LastPass, announced that an unknown party had successfully accessed encrypted backups of certain customers’ data, along with the encryption key for some of these backups, in a November 2022 incident. The company has identified that a third-party cloud storage service was targeted, whi...
  • in News

    The Samsung Galaxy Store app is susceptible to sneaky app installations and fraud

    Two security vulnerabilities have been identified in the Samsung Galaxy Store application for Android devices that could potentially be exploited by a local attacker to install arbitrary applications or redirect potential victims to fraudulent web pages. The vulnerabilities, designated as CVE-2023-21433 and CVE-2023-21434, were discovered by NCC Gr...
  • in News

    1,700 spoof apps targeted over 11 million devices in massive ad fraud scheme

    Researchers have successfully dismantled an extensive ad fraud scheme, known as VASTFLUX, that affected over 1,700 applications from 120 publishers and impacted around 11 million devices. According to fraud prevention firm HUMAN, VASTFLUX was a malvertising attack that injected malicious JavaScript code into digital ad creatives, allowing the fraud...
  • in News

    Cyberattacks launched against Ukraine by Gamaredon Group through Telegram

    According to a report by the BlackBerry Research and Intelligence Team, the Russian state-sponsored cyber espionage group known as Gamaredon has continued its digital attacks against Ukraine, utilizing the popular messaging app Telegram to target the country’s military and law enforcement sectors. The group, also known by various other names ...
  • in News

    Researchers discover 3 PyPI packages that spread malware to developer systems

    An individual going by the name of Lolip0p has uploaded three malicious packages to the Python Package Index (PyPI) repository, which are designed to install malware on developer systems that download them. The packages, named color slab (versions 4.6.11 and 4.6.12), httpslib (versions 4.6.9 and 4.6.11), and libhttps (version 4.6.12), were uploaded...
  • in News

    An attacker targeted a CircleCI engineer’s laptop, causing a recent security incident

    On Friday, DevOps platform CircleCI announced that it had experienced a data breach as a result of a “sophisticated attack” on December 16, 2022. The incident involved an employee’s laptop being compromised by unknown actors, who then used malware to steal the employee’s two-factor authentication-backed credentials to gain a...
  • in News

    The majority of Cacti servers fail to patch critical vulnerabilities, leaving them vulnerable to attack

    A significant portion of internet-exposed Cacti servers remain unpatched against a recently discovered critical security vulnerability that has been actively exploited in the wild, according to attack surface management platform Censys. Out of a total of 6,427 servers, only 26 were found to be running a patched version of Cacti (1.2.23 and 1.3.0). ...
  • in News

    Latest Gootkit malware attacks target Australian healthcare sector

    A recent surge in attacks utilizing the Gootkit malware loader has targeted the Australian healthcare sector, according to cybersecurity firm Trend Micro. The malware, also known as Gootloader, is known for using search engine optimization (SEO) poisoning tactics to gain initial access. It typically works by compromising legitimate infrastructure a...
  • in News

    Governments and military in APAC are targeted by a Dark Pink APT Group

    A previously unknown actor of an “advanced persistent threat” (APT) is targeting government and military organizations in the Asia-Pacific region, according to a report from Singapore-based cybersecurity firm Group-IB.The group, which is tracking the campaign under the name “Dark Pink,” has attributed seven successful attack...
  • in News

    Cybersecurity 2023: Are You Ready for the SaaS Threats Ahead?

    As of 2023, it is important for SaaS companies to be aware of the potential cybersecurity threats that may arise. In order to ensure the safety of your systems and data, it is crucial to focus on the following four key areas: web application weaknesses, misconfiguration mistakes, vulnerable software and patching, and weak internal security...
TOP