In 2023, more than 700 advertisements have surfaced on the dark web, offering Distributed Denial of Service (DDoS) attacks via Internet of Things (IoT) devices. These services are available at different price points, dependent on factors such as DDoS protection and target verification. Prices range from $20 per day to $10,000 per month, with an …
Rise in 2023: 700+ Dark Web Offers for IoT-Driven DDoS Attacks Read More »
A hacker has been distributing a fabricated proof-of-concept (PoC) exploit for a recently patched WinRAR vulnerability on GitHub, with the aim of infecting individuals who download it with VenomRAT malware. This deceptive PoC exploit came to the attention of Palo Alto Networks’ Unit 42 research team, who identified that the attacker had uploaded this malicious …
Counterfeit WinRAR Vulnerability PoC Exploit Deploys VenomRAT Malware Read More »
A recent investigation by security researchers has shed light on a threat actor known as ShadowSyndicate, suspected of deploying seven distinct ransomware families in a series of attacks over the past year. Collaborating closely with Bridewell and independent researcher Michael Koczwara, Group-IB analysts have traced ShadowSyndicate’s potential use of the Quantum, Nokoyawa, BlackCat/ALPHV, Clop, Royal, …
Uncover ShadowSyndicate Hackers’ Ties to Multiple Ransomware Campaigns and 85 Servers Read More »
A highly covert and persistent threat group, known as Gelsemium, has come to light following an extensive cyber attack targeting a Southeast Asian government, spanning a six-month period from 2022 to 2023. Gelsemium, which has been active since 2014, specializes in cyber espionage and has historically focused its efforts on government entities, educational institutions, and …
Elusive Gelsemium Hackers Uncovered in Attack on Asian Government Read More »
Air Canada, the nation’s flag carrier and the largest airline in Canada, has recently disclosed a cybersecurity incident where unauthorized individuals briefly gained limited access to its internal systems. According to the airline, this incident led to the theft of a restricted amount of personal data belonging to select employees and specific records. Importantly, customer …
Air Canada Reveals Data Breach Impacting Employee and Specific Records Read More »
In a recent cyberespionage operation targeting a government agency in the Middle East, a highly sophisticated backdoor malware named ‘Deadglyph’ has surfaced, raising concerns among cybersecurity experts. The origins of the Deadglyph malware are traced back to the Stealth Falcon Advanced Persistent Threat (APT) group, also known as Project Raven or FruityArmor. This state-sponsored hacking …
Emergence of New and Advanced Deadglyph Malware in Government Cyber Attacks Read More »
Microsoft has issued a warning about a fresh phishing campaign orchestrated by an initial access broker, leveraging Teams messages as bait to infiltrate corporate networks. The tech giant’s Threat Intelligence team has identified this threat cluster as Storm-0324, which also goes by the aliases TA543 and Sagrid. Since July 2023, Storm-0324 has been observed using …
Microsoft Alerts Corporations to New Phishing Campaign via Teams Messages Read More »
Microsoft has uncovered a series of password spray attacks carried out by an Iranian-backed threat group targeting thousands of organizations worldwide, with a particular focus on the U.S. The attacks have been ongoing since February 2023 and have had severe implications for security, especially within the defense, satellite, and pharmaceutical sectors. The malicious actors behind …
Iranian Hackers Infiltrate Defense Organizations Through Password Spray Attacks Read More »
In a concerning development, a newly discovered malware duo, HTTPSnoop and PipeSnoop, has emerged as a significant threat to telecommunication service providers operating in the Middle East. These malicious tools enable threat actors to gain remote control over infected devices, potentially leading to significant security breaches. HTTPSnoop, one of the malware components, interacts with Windows …
New HTTPSnoop and PipeSnoop Malware Compromise Telecom Providers Read More »
A new strain of the Mirai botnet, dubbed “Pandora,” has emerged, targeting budget-friendly Android-based TV sets and TV boxes, leveraging them in distributed denial-of-service (DDoS) attacks. These breaches typically occur during either malicious firmware updates or when users install applications to access pirated video content. According to a recent analysis by a Russian cybersecurity firm, …
Mirai’ Botnet Variant ‘Pandora’ Takes Control of Android TVs for Cyberattacks Read More »
The ALPHV ransomware group, known for its adept social engineering tactics, has taken responsibility for the cyber incident that disrupted MGM Resorts, an international hotel chain. According to vx-underground, the ALPHV/BlackCat ransomware group revealed that it employed standard social engineering techniques, such as building trust with employees to gain insider information. The group attempted to …
Hackers Claim They Shutdown MGM Resorts in Just a 10-Minute Phone Call Read More »
A series of memory corruption vulnerabilities have come to light in the ncurses (short for “new curses”) programming library. These vulnerabilities pose a potential risk, as threat actors could leverage them to execute malicious code on susceptible Linux and macOS systems. These security flaws, collectively identified as CVE-2023-29491, carry a CVSS score of 7.8. As …
Microsoft Discovers Vulnerabilities in ncurses Library Impacting Linux and macOS Systems Read More »
A novel ransomware variant known as “3AM” has come to light following an unsuccessful LockBit ransomware attack on a target network. Researchers have disclosed that this malware is still relatively rare and has been used only sparingly. It emerged as a contingency plan for a ransomware affiliate when their attempt to deploy LockBit was thwarted …
New 3AM Ransomware Emerges as LockBit Attack Fallback Read More »
A newly identified cyber threat known as the “WiKI-Eve” attack has raised significant concerns by exploiting vulnerabilities in modern WiFi routers, allowing malicious actors to intercept smartphone transmissions and accurately deduce numerical keystrokes, with success rates reaching up to 90%. This security breach hinges on the exploitation of Beamforming Feedback Information (BFI), a feature introduced …
WiKI-Eve Attack: Stealing Numeric Passwords Over WiFi Reveals Alarming Vulnerabilities Read More »
In a concerning development, a significant phishing campaign has emerged on Facebook Messenger, posing a grave threat to approximately 100,000 business accounts each week. Malicious actors have strategically employed a vast network of fake and compromised Facebook profiles to disseminate millions of Messenger phishing messages, carrying password-stealing malware with devastating consequences. These cybercriminals employ cunning …
Facebook Messenger Phishing Wave Targets 100K Business Accounts Weekly Read More »
A fresh malvertising campaign has emerged, distributing an updated iteration of macOS stealer malware named Atomic Stealer (or AMOS). This development suggests active maintenance by the malware’s author. Atomic Stealer, a readily available Golang malware offered at a monthly rate of $1,000, first came to attention in April 2023. Subsequently, new variants, equipped with an …
Warning for Mac Users: Malvertising Campaign Distributes Atomic Stealer macOS Malware Read More »
Recent research has unveiled a cunning method that malicious actors could employ to circumvent endpoint security solutions by manipulating the Windows Container Isolation Framework. Deep Instinct security researcher Daniel Avinoam presented these findings at the DEF CON security conference, which took place earlier this month. Microsoft’s container architecture, including Windows Sandbox, utilizes a dynamically generated …
Hackers Exploit Windows Container Isolation Framework to Evade Endpoint Security Read More »
A recently disclosed high-severity security flaw in the WinRAR utility has been successfully addressed, reducing the risk of hackers gaining control of Windows systems through remote code execution. Identified as CVE-2023-40477, this vulnerability, carrying a CVSS score of 7.8, was the result of improper validation when processing recovery volumes. The Zero Day Initiative (ZDI) elaborated …
WinRAR Vulnerability Patched to Prevent Remote Code Execution Read More »
The banking and logistics industries are facing a renewed threat from a revamped version of the malware known as Chaes. This evolved variant has undergone significant changes, including a complete rewrite in Python to evade traditional defense systems and a comprehensive redesign with an improved communication protocol. Chaes, which initially surfaced in 2020, is notorious …
New Python Variant of Chaes Malware Targets Banking and Logistics Sectors Read More »
A fresh variant of the Mirai malware botnet has emerged, infecting low-cost Android TV set-top boxes commonly used for media streaming by millions of users. Dr. Web’s antivirus team has identified this trojan as a new iteration of the ‘Pandora’ backdoor, which initially surfaced in 2015. The primary focus of this campaign is on economical …
New Mirai Variant Targets Low-Cost Android TV Boxes for DDoS Attacks Read More »
Microsoft has confirmed that the Storm-0558 Chinese hacker group successfully obtained a signing key, which they later used to infiltrate government email accounts, by exploiting a Microsoft engineer’s corporate account. The compromised signing key led to unauthorized access to Exchange Online and Azure Active Directory (AD) accounts in approximately two dozen organizations, including prominent U.S. …
Hackers Steal Microsoft Signing Key from Windows Crash Dump Read More »
Sleep well, we got you covered.