News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently raised an alarm regarding a critical vulnerability within Adobe ColdFusion, known as CVE-2023-26360, being actively exploited by hackers to infiltrate government servers. This security loophole enabled threat actors to execute arbitrary code on servers running older versions of Adobe ColdFusion—specifically, ColdFusion 2018 Update 15 and earlier, …

Adobe ColdFusion Exploit Breaches U.S. Government Agencies Read More »

Security researchers recently unearthed a disturbing cybersecurity threat named Krasue, a remote access trojan (RAT) silently infiltrating Linux systems within telecommunications companies, maintaining undetected activity since 2021. Distinctive to Krasue is its binary structure housing seven variants of a rootkit adept at supporting various Linux kernel versions. Crafted from code borrowed from three open-source projects, …

Linux Malware Alert: Krasue RAT Embedded in Rootkits Read More »

Security researchers recently unveiled a concerning security loophole at the Black Hat Europe security conference. Dubbed the “AutoSpill” attack, this exploit targets Android’s password managers, allowing for the theft of account credentials during autofill processes. The vulnerability, presented by the researchers, sheds light on the inherent weaknesses within Android’s WebView controls, extensively used by apps …

Threat of AutoSpill Attack on Password Managers Vulnerable Read More »

FjordPhantom, a newly discovered Android malware, has set a disturbing precedent by employing virtualization techniques to execute malicious operations within a secluded container, effectively evading detection. This malware spreads through email, SMS, and messaging platforms, specifically targeting banking apps across Indonesia, Thailand, Vietnam, Singapore, and Malaysia. The deceptive tactic involves presenting seemingly authentic banking applications …

FjordPhantom Android Malware Uses Virtualization for Hidden Attacks Read More »

Zyxel has disclosed several security vulnerabilities, among them three critical ones that could potentially enable an unauthorized attacker to execute commands within the operating system of vulnerable NAS devices without authentication. NAS systems by Zyxel serve as centralized data storage solutions within networks, catering to various users such as small to medium-sized businesses seeking efficient …

Zyxel Raises Alarm on Critical Security Flaws in NAS Devices Read More »

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning concerning the exploitation of a critical Adobe ColdFusion vulnerability by unidentified cyber threat actors. These actors utilized the vulnerability, identified as CVE-2023-26360, to breach the security of a federal agency’s servers, gaining initial access between June and July 2023. The flaw, categorized as …

CISA Alerts on Breach Using ColdFusion Flaw to Access Federal Servers Read More »

Cactus ransomware has honed in on critical weaknesses within Qlik Sense, a data analytics solution, exploiting these vulnerabilities to breach corporate networks effectively. Qlik Sense, renowned for its capacity to interactively visualize data and generate custom reports from various data sources, has faced security challenges that Cactus ransomware has aggressively targeted. In a recent development, …

Cactus Ransomware Exploits Qlik Sense Vulnerabilities for Intrusion Read More »

Recent research has revealed six novel attacks, collectively termed ‘BLUFFS,’ capable of compromising the confidentiality of Bluetooth sessions. These exploits, discovered by Daniele Antonioli, target two previously unidentified vulnerabilities within the Bluetooth standard, fundamentally affecting the derivation of session keys for data decryption. Unlike specific hardware or software weaknesses, these architectural flaws pose a significant …

Bluetooth Vulnerabilities Exposed: Risk to Billions of Devices Read More »

In a recent collaborative investigation, it was uncovered that the Russia-linked ransomware syndicate, Black Basta, has amassed more than $100 million through extorting over 90 victims since its emergence in April 2022. The cybercrime outfit, employing a double extortion tactic, targets global entities, extracting sensitive data before deploying ransomware to encrypt their networks. The comprehensive …

Black Basta Ransomware Accumulates Over $100 Million in Extortion Earnings Read More »

A new iteration of the notorious DJVU ransomware, named Xaro, has emerged, showcasing a deceptive distribution tactic through cracked software. This variant, identified by American cybersecurity firm Cybereason, appends the .xaro extension to encrypted files while demanding ransom for a decryption key. According to the security researcher, this strain of DJVU, camouflaged within cracked software, …

DJVU Ransomware’s Stealthy Evolution Masquerading as Cracked Software Read More »

In the latest evolution of the LummaC2 malware, a notable enhancement emerges: a sophisticated anti-sandbox technique rooted in trigonometry principles. This advancement aims to dodge detection measures and efficiently extract valuable data from infected systems, evolving the threat landscape for cybersecurity. LummaC2, also known as Lumma Stealer, has introduced a novel evasion tactic. Aecurity researcher …

LummaC2 Malware Innovates with Data Exfiltration Read More »

Amidst a flurry of threat actors exploiting the critical Citrix NetScaler ADC and Gateway flaw, LockBit ransomware affiliates have aggressively capitalized on the recently exposed Citrix Bleed vulnerability. This loophole allows bypassing password requirements and multifactor authentication (MFA), enabling the hijacking of authentic user sessions, as highlighted by a collaborative warning from major cybersecurity entities. …

LockBit Ransomware Leverages Citrix Bleed Vulnerability for Intrusion Read More »

The infamous macOS data pilferer, Atomic Stealer, is adopting a new avenue for infiltration known as ClearFake, a scheme that masquerades as web browser updates. This strategic move signifies a shift from traditional Windows-based campaigns to a broader scope, encompassing both geolocation and operating system targets, as highlighted by Malwarebytes’ Jérôme Segura in a recent …

Expansion of ClearFake Scheme Targeting Mac Systems Read More »

A sophisticated malware campaign has set its sights on Android users, using cunning social engineering tactics to trick individuals into installing counterfeit applications designed to steal sensitive information. According to insights from Microsoft threat intelligence researchers Abhishek Pustakala, Harshita Tripathi, and Shivang Desai, the attackers are leveraging platforms like WhatsApp and Telegram to distribute messages …

Android Users Targeted by Deceptive Apps Mimicking Banks and Government Read More »

A complex malware named WailingCrab is making waves, arriving disguised within emails themed around shipping and delivery. Discovered initially by Proofpoint in August 2023, this malware, also known as WikiLoader, has been orchestrating attacks targeting various Italian organizations. Its ultimate aim is to unleash the Ursnif trojan, proving to be a creation of the threat …

WailingCrab Malware Spreads through Shipping-Themed Emails Read More »

Microsoft recently disclosed a significant supply chain breach involving Taiwanese multimedia software firm CyberLink, orchestrated by the North Korean cyberespionage group, Diamond Sleet (aka ZINC, Labyrinth Chollima, and Lazarus). The attack, utilizing a trojanized CyberLink installer, was identified as early as October 20, 2023, and has affected over 100 devices worldwide, including those in Japan, …

Microsoft Reports CyberLink Breach in Global Supply Chain Attack by Lazarus Hackers Read More »

A recently surfaced Mirai-based botnet, ‘InfectedSlurs,’ has raised alarms by leveraging two undisclosed zero-day vulnerabilities to infect both routers and video recorder (NVR) devices, turning them into participants in its profit-driven distributed denial-of-service (DDoS) operations. Akamai’s Security Intelligence Response Team (SIRT) discovered ‘InfectedSlurs’ in late October 2023, initially detecting unusual activity on rarely used TCP …

New ‘InfectedSlurs’ Botnet Exploits Zero-Day Vulnerabilities in Routers and NVRs Read More »

Following the takedown of the infamous Qakbot operation by the FBI, a new wave of sophisticated phishing campaigns has emerged, showcasing the DarkGate and Pikabot malware as successors to Qakbot’s legacy. These campaigns, detailed in a recent report by Cofense, mirror Qakbot’s tactics, raising concerns about the shift in threat actors utilizing newer, more advanced …

Rise of DarkGate and Pikabot Malware: Successors to Qakbot’s Legacy Read More »

The FBI and CISA have divulged insights into the elusive threat collective known as Scattered Spider, unveiling a network of diverse individuals collaborating with the ALPHV/BlackCat Russian ransomware syndicate. This loosely knit collective, identified under various aliases like 0ktapus, Starfraud, UNC3944, Scatter Swine, Octo Tempest, and Muddled Libra, exhibits a multifaceted approach in their cyber …

FBI and CISA Reveal Scattered Spider’s Tricky Moves with BlackCat Ransomware Read More »

Recent demonstrations of novel attack methods targeting Google Workspace and the Google Cloud Platform pose significant risks, enabling potential ransomware attacks, data breaches, and password recovery exploitation. In a detailed report, Bitdefender’s technical solutions director, outlined a series of attack pathways initiated from a single compromised machine. These exploits could allow threat actors to escalate …

Exploitable Vulnerabilities in Google Workspace and Cloud Platform Read More »

The FBI and CISA have sounded a stark alarm regarding the rising threat posed by the Rhysida ransomware syndicate, known for its opportunistic attacks targeting a broad spectrum of industries. Emerging onto the scene in May 2023, Rhysida quickly gained notoriety following breaches of the Chilean Army and subsequent data leaks. Recent alerts from the …

FBI and CISA Issue Warning on Growing Threat of Rhysida Ransomware Read More »

CISA (Cybersecurity and Infrastructure Security Agency) has sounded the alarm, urging immediate action to secure Juniper devices within federal networks due to active exploitation of four critical vulnerabilities forming a pre-auth exploit chain, potentially leading to remote code execution (RCE) attacks. The urgency of this directive stems from Juniper’s recent acknowledgment that these vulnerabilities (CVE-2023-36844, …

CISA’s Warning on Actively Exploited Juniper Vulnerabilities Read More »

The ALPHV/BlackCat ransomware syndicate has upped its game by taking an unprecedented step: lodging a formal complaint with the U.S. Securities and Exchange Commission (SEC) against an alleged victim for failing to adhere to the mandatory disclosure timeline following a cyberattack. The victim in question, was named in the threat actor’s data leak with an …

Ransomware Group Steps Up Extortion: Files SEC Complaint Over Hidden Data Breach Read More »

A joint advisory from the FBI and CISA has unmasked the extensive and lucrative exploits of the Royal ransomware syndicate, unveiling a global breach affecting over 350 organizations since September 2022. Their calculated onslaught has amassed ransom demands exceeding a staggering $275 million, a revelation that underscores the magnitude and financial impact of their cyber …

FBI and CISA Expose Royal Ransomware’s $275 Million Extortion Spree Across 350 Victims Read More »

In a recent surge of cyber threats, attackers have seized upon a recently patched and critically severe authentication bypass flaw in Atlassian Confluence to deploy Cerber ransomware, encrypting victims’ files. The vulnerability, identified by Atlassian as CVE-2023-22518, is categorized as an improper authorization vulnerability and holds a severity rating of 9.1/10. This flaw affects all …

Security Concerns Rise as Cerber Ransomware Exploits Atlassian Confluence Bug Read More »

Security and data analytics company Sumo Logic has revealed a security breach after its AWS account was compromised last week. The breach was detected on November, when evidence emerged that an attacker had utilized stolen credentials to access Sumo Logic’s AWS account. Fortunately, Sumo Logic asserts that its systems and networks were unaffected by the …

Sumo Logic Discloses AWS Account Breach, Urges Credential Resets for Security Read More »

A recent cybersecurity report reveals a concerning trend where compromised Facebook business accounts are utilized to disseminate fraudulent ads. These ads, featuring “revealing photos of young women” as bait, aim to deceive victims into downloading an updated version of the NodeStealer malware. Upon clicking on these deceptive ads, users inadvertently download an archive containing a …

NodeStealer Malware Exploits Compromised Facebook Business Accounts in Ad Campaigns Read More »

The functionality of Apple’s “Find My” location network, designed to aid users in locating lost Apple devices, has been found to be susceptible to abuse. Malicious actors can covertly transmit sensitive information captured by keyloggers installed in keyboards through this network. The “Find My” service utilizes GPS and Bluetooth data from millions of Apple devices …

Exploiting Apple’s “Find My” Network for Covert Transmission of Keylogged Passwords Read More »

A novel cybercrime operation named ‘SecuriDropper’ has surfaced, employing a technique to circumvent the ‘Restricted Settings’ feature in Android, enabling the installation of malware on devices and unauthorized access to Accessibility Services. ‘Restricted Settings,’ introduced with Android 13, aims to enhance security by preventing side-loaded applications (APK files) from accessing potent features like Accessibility settings …

‘SecuriDropper’ Exploits Android Security Vulnerability, Bypassing Restricted Settings to Install Malware Read More »

The latest cyber threat involves the TellYouThePass ransomware, which has now set its sights on Internet-exposed Apache ActiveMQ servers. These servers are under attack due to a critical remote code execution (RCE) vulnerability, previously exploited as a zero-day, identified as CVE-2023-46604. This flaw, with a maximum severity rating, allows unauthenticated attackers to execute arbitrary shell …

“TellYouThePass” Ransomware Exploits Apache ActiveMQ Vulnerability in Recent Surge Read More »

In a shocking revelation, there is advanced strain of malware that posed, successfully evading detection for more than five years and infecting over one million devices worldwide. This malware, codenamed StripedFly, is described as an intricate modular framework capable of targeting both Linux and Windows systems. This malware first identified samples of StripedFly back in …

StripedFly Malware Operated Stealthily for 5 Years, Infecting Over 1 Million Devices Read More »

Threat actors associated with Kinsing have been spotted making attempts to exploit the recently disclosed Linux privilege escalation vulnerability known as Looney Tunables in what has been described as a “new experimental campaign” aimed at compromising cloud environments. Notably, the attackers have extended their tactics by extracting credentials from the Cloud Service Provider (CSP), as …

Kinsing Actors Exploit Recent Linux Vulnerability to Infiltrate Cloud Environments Read More »

The notorious BlackCat (ALPHV) ransomware gang proudly announced that it successfully infiltrated the extensive network of the prominent healthcare corporation, Henry Schein. This cyberattack resulted in the theft of a substantial amount of data, encompassing sensitive information such as payroll records and shareholder data. Henry Schein, a healthcare solutions provider, and a member of the …

BlackCat Ransomware Group Alleges Breach of Healthcare Giant Read More »

The Mozi malware botnet, a notorious distributed denial of service (DDoS) threat that targeted IoT devices since its emergence in 2019, abruptly went dark in August, leaving cybersecurity experts and authorities puzzled. The unexpected halt in Mozi’s activities occurred after an enigmatic entity initiated a kill switch on September 27, 2023, effectively deactivating all the …

Mozi Malware Botnet Deactivated by Mysterious Kill-Switch, DDoS Threats Remain Read More »

In a recent cybersecurity revelation, experts have identified a novel wave of malicious packages infiltrating the NuGet package manager, exploiting an unconventional approach to distribute malware. This emerging threat, described as a coordinated campaign, has persisted since August 1, 2023. Researchers have linked this activity to a collection of rogue NuGet packages known for delivering …

Malicious NuGet Packages Distribute SeroXen RAT Malware, Signaling a Cybersecurity Concern Read More »

The Toronto Public Library (TPL), which serves as the largest public library system in Canada, connecting residents to an extensive collection of 12 million books distributed across 100 branch libraries in the city, is currently grappling with an extended period of technical disruptions. This unfortunate situation has been instigated by a ransomware attack attributed to …

Black Basta Ransomware Causes Prolonged Technical Outages for Public Library Read More »

A new cyber attack is impacting computer systems across Europe, with a ransomware strain known as “Bad Rabbit” causing disruption in Russia, Ukraine, Turkey, and Germany. Kaspersky Lab, which is actively monitoring the malware, has drawn comparisons to the WannaCry and Petya attacks that wreaked havoc earlier in the year. Most of the victims appear …

Fresh Ransomware Outbreak ‘Bad Rabbit’ Hits Computer Systems Read More »

The Lazarus hacking group has persistently breached a software vendor despite patches and warnings from the developer. These repeated breaches suggest that the hackers were intent on stealing valuable source code or manipulating the software supply chain. The breach was uncovered in July 2023, revealing that Lazarus employed a diverse infection chain and post-compromise toolset. …

Lazarus Hackers Repeatedly Breach Developer to Deploy SIGNBT Malware Read More »

A new ransomware-as-a-service group, known as Hunters International, has emerged, and it appears to be a rebranding of the Hive ransomware operation. This suspicion is based on a thorough analysis of their code, which reveals significant similarities between the two groups. Security researchers examining a sample of Hunters International’s malware found striking resemblances to the …

Potential Rebranding of Hive Ransomware as ‘Hunters International’ Unveiled Read More »

The prolific threat group known as Scattered Spider has expanded its tactics from SIM swaps to ransomware attacks, with a new strategy of impersonating recently hired employees within targeted organizations. Microsoft, which revealed the activities of this financially motivated hacking crew, labeled them as “one of the most dangerous financial criminal groups,” citing their operational …

Microsoft Issues Warning as Scattered Spider Transitions from SIM Swaps to Ransomware Read More »

The Iranian threat group identified as Tortoiseshell has been linked to a recent surge in watering hole attacks, with the intention of deploying a new malware strain named IMAPLoader. IMAPLoader is a .NET-based malware capable of profiling victim systems using native Windows tools. It serves as a downloader for subsequent payloads, and according to PwC …

Tortoiseshell Initiates Fresh Wave of IMAPLoader Malware Attacks Read More »

The widespread adoption of Brazil’s PIX instant payment system has attracted the attention of cybercriminals seeking to exploit it for financial gain through a newly discovered malware known as GoPIX. It appears that the attackers employ a tactic known as “malvertising,” where their malicious links are strategically placed in the advertising section of search engine …

Malicious Advertising Campaign Targets Payment System with GoPIX Malware Read More »

A deceptive Google Ads campaign has been identified, promoting a fraudulent KeePass download site through the use of Punycode to mimic the official domain of the KeePass password manager, ultimately distributing malware. Google has been grappling with persistent malvertising campaigns, enabling malicious actors to place sponsored ads that display above search results. Furthermore, Google Ads …

Deceptive Google Ads Campaign Exploits Punycode to Promote Malware via Fake KeePass Site Read More »

The BlackCat/ALPHV ransomware group has adopted a new weapon called ‘Munchkin,’ which leverages virtual machines to quietly deploy encryption on network devices. Munchkin empowers BlackCat to function on remote systems and encrypt remote Server Message Block (SMB) or Common Internet File (CIFS) network shares. The integration of Munchkin into BlackCat’s already extensive and sophisticated toolkit …

BlackCat Ransomware Utilizes Innovative ‘Munchkin’ Linux Virtual Machine in Covert Attacks Read More »

A highly advanced cyber threat known as ‘TetrisPhantom’ has been utilizing compromised secure USB drives to target government computer systems in the Asia-Pacific area. Secure USB drives are designed to securely store files in an encrypted section of the device and are used for the safe transfer of data between systems, even in air-gapped environments. …

TetrisPhantom Hackers Exploit Secure USB Drives to Steal Data from Government Systems Read More »

A revised edition of the MATA backdoor framework has been identified in a series of attacks that took place from August 2022 to May 2023, targeting companies in the oil and gas sector and the defense industry in Eastern Europe. These attacks leveraged spear-phishing emails to deceive their targets into downloading malicious executable files that …

MATA Malware Framework Exploits EDR in Campaigns Against Targeted Companies Read More »

Several state-backed threat actors, originating from Russia and China, have been identified exploiting a recent security flaw in the WinRAR archiver tool for Windows in the course of their operations. The specific vulnerability in question is CVE-2023-38831, with a CVSS score of 7.8, enabling attackers to execute arbitrary code when a user attempts to view …

Google TAG Uncovers State-Backed Threat Actors Exploiting WinRAR Vulnerability Read More »

The SpyNote Android malware, named ‘SpyNote,’ has been identified in attacks focused on Italy, where it exploits a counterfeit ‘IT-alert’ public warning system to infect users with a data-stealing malware. The ‘IT-alert’ service is a legitimate emergency notification service managed by the Italian government’s Department of Civil Protection. It is designed to provide crucial alerts …

Android SpyNote Malware Utilizes False Volcano Eruption Warnings for Distribution Read More »

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed additional information about the security flaws and misconfigurations that ransomware gangs exploit. The agency aims to assist critical infrastructure organizations in defending against these attacks. CISA shared this data as part of its Ransomware Vulnerability Warning Pilot (RVWP) program, initiated in January of this year. …

CISA Reveals Ransomware Gang Targeted Vulnerabilities and Misconfigurations Read More »

In September 2023, more than 17,000 WordPress websites fell victim to a malware called Balada Injector, marking a nearly twofold increase in detections compared to August. Out of these compromised sites, approximately 9,000 were breached using a recently disclosed security vulnerability found in the tagDiv Composer plugin (CVE-2023-3169, CVSS score: 6.1). This flaw could be …

Balada Injector Hits 17,000 WordPress Sites in September 2023, Double August’s Numbers Read More »

DarkGate malware, which is a malicious software, has been observed spreading through instant messaging platforms like Skype and Microsoft Teams. In these attacks, messaging apps are used to deliver a Visual Basic for Applications (VBA) loader script that pretends to be a PDF file. When opened, this fake PDF triggers the download and execution of …

Malicious DarkGate Malware Spreading Through Messaging Services by Disguising as PDF Documents Read More »

Ransomware attackers have now set their sights on internet-exposed WS_FTP servers lacking critical security updates, making them vulnerable to maximum severity vulnerabilities. Recent findings by Sophos X-Ops incident responders highlight that the self-proclaimed Reichsadler Cybercrime Group attempted to deploy ransomware payloads using a stolen LockBit 3.0 builder from September 2022. Their efforts were unsuccessful in …

Ransomware Threat Shifts Focus to Unpatched WS_FTP Servers Read More »

A botnet-driven DDoS malware, known as IZ1H9 and based on Mirai, has incorporated thirteen new exploits to target Linux-based routers and routers from manufacturers like D-Link, Zyxel, TP-Link, TOTOLINK, and others. Researchers have noted a surge in exploitation attempts, particularly during the first week of September, with tens of thousands of devices being targeted by …

Variation of Mirai DDoS Malware Broadens Target Scope with 13 Router Vulnerabilities Read More »

A recently uncovered operation known as “Stayin’ Alive” has been actively targeting government bodies and telecommunications providers in various Asian countries since 2021. This campaign employs a range of quickly replaceable malware tools to avoid detection. The majority of these attacks, observed by cybersecurity company Check Point, are concentrated in countries such as Kazakhstan, Uzbekistan, …

Cybercriminals Known as ToddyCat Utilize Replaceable Malware in Targeting Asian Telecommunications Read More »

Over the past six months, a progressively intricate malicious campaign has come to light, which has been surreptitiously placing info-stealing packages on open-source platforms, amassing approximately 75,000 downloads. Analysts from Checkmarx’s Supply Chain Security team have been closely monitoring this campaign since early April, uncovering a total of 272 packages designed to pilfer sensitive data …

Numerous Malicious Python Packages Discovered Engaging in Data Theft Read More »

The FBI has issued a public warning regarding a notable uptick in ‘phantom hacker’ scams targeting elderly individuals across the United States. Described as an evolution of standard tech support scams, the ‘Phantom Hacker’ scam involves impostors assuming the roles of tech support, financial institution representatives, and even government officials to gain the trust of …

FBI Alerts Public to Surge in ‘Phantom Hacker’ Scams Impacting Seniors Read More »

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have jointly released a report highlighting the ten most common cybersecurity misconfigurations discovered in the networks of large organizations. These findings shed light on the vulnerabilities that threat actors exploit to gain unauthorized access, move laterally, and target sensitive information or systems. …

NSA and CISA Unveil Top 10 Cybersecurity Misconfigurations Read More »

For over a year, a financially motivated campaign has been directing its web skimming efforts at online payment businesses in Asia Pacific, North America, and Latin America. The BlackBerry Research and Intelligence Team, tracking this campaign known as Silent Skimmer, attributes it to an actor proficient in the Chinese language. Prominent victims of this campaign …

Year-Long Web Skimming Campaign Called “Silent Skimmer” Targets Online Payment Businesses Read More »

Fortinet FortiGuard Labs has uncovered nearly 30 counterfeit npm packages within the npm package repository, all designed to illicitly obtain sensitive data from developers’ systems. Among these fraudulent packages are examples such as @expue/webpack, @expue/core, @expue/vue3-renderer, @fixedwidthtable/fixedwidthtable, and @virtualsearchtable/virtualsearchtable. These packages conceal an obscured JavaScript file capable of collecting valuable secrets. This data includes Kubernetes …

More Than 30 Malicious npm Packages Detected Targeting Developers for Data Theft Read More »

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently took action in response to two security vulnerabilities being actively exploited, while simultaneously removing five other vulnerabilities from its Known Exploited Vulnerabilities (KEV) list due to insufficient evidence. The newly added vulnerabilities are as follows: CVE-2023-42793 pertains to a critical authentication bypass vulnerability that allows for …

CISA Issues Warning Regarding Actively Exploited JetBrains and Windows Vulnerabilities Read More »

Malwarebytes has uncovered a concerning issue involving malicious advertisements within Microsoft Bing’s AI chatbot, which have been exploited to distribute malware when users search for popular software tools. These findings are related to Bing Chat, an interactive search feature introduced by Microsoft in February 2023, powered by the OpenAI language model GPT-4. Just a month …

Malicious Ads in Microsoft’s Bing Chatbot Pose Risk of Leading Users to Malware-Infested Websites Read More »

A flaw tied to the PKCS #1 v1.5 padding in SSL servers, originally identified back in 1998 and assumed to have been resolved, continues to affect various widely-used projects today. Collectively named the ‘Marvin Attack,’ these variations can effectively circumvent fixes and mitigations that have been put in place. This vulnerability allows potential decryption of …

Recent Marvin Attack Exploits a 25-Year-Old RSA Decryption Vulnerability Read More »

A Chinese cyber-espionage group known as Budworm has been detected in the act of targeting a telecommunications company in the Middle East and a governmental organization in Asia. They are employing a fresh variation of their custom-designed ‘SysUpdate’ backdoor malware. The SysUpdate malware is categorized as a remote access trojan (RAT) and has been associated …

Budworm Hackers Focus on Telecommunications and Government Entities with Custom Malware Read More »

In 2023, more than 700 advertisements have surfaced on the dark web, offering Distributed Denial of Service (DDoS) attacks via Internet of Things (IoT) devices. These services are available at different price points, dependent on factors such as DDoS protection and target verification. Prices range from $20 per day to $10,000 per month, with an …

Rise in 2023: 700+ Dark Web Offers for IoT-Driven DDoS Attacks Read More »

A hacker has been distributing a fabricated proof-of-concept (PoC) exploit for a recently patched WinRAR vulnerability on GitHub, with the aim of infecting individuals who download it with VenomRAT malware. This deceptive PoC exploit came to the attention of Palo Alto Networks’ Unit 42 research team, who identified that the attacker had uploaded this malicious …

Counterfeit WinRAR Vulnerability PoC Exploit Deploys VenomRAT Malware Read More »

A recent investigation by security researchers has shed light on a threat actor known as ShadowSyndicate, suspected of deploying seven distinct ransomware families in a series of attacks over the past year. Collaborating closely with Bridewell and independent researcher Michael Koczwara, Group-IB analysts have traced ShadowSyndicate’s potential use of the Quantum, Nokoyawa, BlackCat/ALPHV, Clop, Royal, …

Uncover ShadowSyndicate Hackers’ Ties to Multiple Ransomware Campaigns and 85 Servers Read More »

A highly covert and persistent threat group, known as Gelsemium, has come to light following an extensive cyber attack targeting a Southeast Asian government, spanning a six-month period from 2022 to 2023. Gelsemium, which has been active since 2014, specializes in cyber espionage and has historically focused its efforts on government entities, educational institutions, and …

Elusive Gelsemium Hackers Uncovered in Attack on Asian Government Read More »

Air Canada, the nation’s flag carrier and the largest airline in Canada, has recently disclosed a cybersecurity incident where unauthorized individuals briefly gained limited access to its internal systems. According to the airline, this incident led to the theft of a restricted amount of personal data belonging to select employees and specific records. Importantly, customer …

Air Canada Reveals Data Breach Impacting Employee and Specific Records Read More »

In a recent cyberespionage operation targeting a government agency in the Middle East, a highly sophisticated backdoor malware named ‘Deadglyph’ has surfaced, raising concerns among cybersecurity experts. The origins of the Deadglyph malware are traced back to the Stealth Falcon Advanced Persistent Threat (APT) group, also known as Project Raven or FruityArmor. This state-sponsored hacking …

Emergence of New and Advanced Deadglyph Malware in Government Cyber Attacks Read More »

Microsoft has issued a warning about a fresh phishing campaign orchestrated by an initial access broker, leveraging Teams messages as bait to infiltrate corporate networks. The tech giant’s Threat Intelligence team has identified this threat cluster as Storm-0324, which also goes by the aliases TA543 and Sagrid. Since July 2023, Storm-0324 has been observed using …

Microsoft Alerts Corporations to New Phishing Campaign via Teams Messages Read More »

Microsoft has uncovered a series of password spray attacks carried out by an Iranian-backed threat group targeting thousands of organizations worldwide, with a particular focus on the U.S. The attacks have been ongoing since February 2023 and have had severe implications for security, especially within the defense, satellite, and pharmaceutical sectors. The malicious actors behind …

Iranian Hackers Infiltrate Defense Organizations Through Password Spray Attacks Read More »

In a concerning development, a newly discovered malware duo, HTTPSnoop and PipeSnoop, has emerged as a significant threat to telecommunication service providers operating in the Middle East. These malicious tools enable threat actors to gain remote control over infected devices, potentially leading to significant security breaches. HTTPSnoop, one of the malware components, interacts with Windows …

New HTTPSnoop and PipeSnoop Malware Compromise Telecom Providers Read More »

A new strain of the Mirai botnet, dubbed “Pandora,” has emerged, targeting budget-friendly Android-based TV sets and TV boxes, leveraging them in distributed denial-of-service (DDoS) attacks. These breaches typically occur during either malicious firmware updates or when users install applications to access pirated video content. According to a recent analysis by a Russian cybersecurity firm, …

Mirai’ Botnet Variant ‘Pandora’ Takes Control of Android TVs for Cyberattacks Read More »

The ALPHV ransomware group, known for its adept social engineering tactics, has taken responsibility for the cyber incident that disrupted MGM Resorts, an international hotel chain. According to vx-underground, the ALPHV/BlackCat ransomware group revealed that it employed standard social engineering techniques, such as building trust with employees to gain insider information. The group attempted to …

Hackers Claim They Shutdown MGM Resorts in Just a 10-Minute Phone Call Read More »

A series of memory corruption vulnerabilities have come to light in the ncurses (short for “new curses”) programming library. These vulnerabilities pose a potential risk, as threat actors could leverage them to execute malicious code on susceptible Linux and macOS systems. These security flaws, collectively identified as CVE-2023-29491, carry a CVSS score of 7.8. As …

Microsoft Discovers Vulnerabilities in ncurses Library Impacting Linux and macOS Systems Read More »

A novel ransomware variant known as “3AM” has come to light following an unsuccessful LockBit ransomware attack on a target network. Researchers have disclosed that this malware is still relatively rare and has been used only sparingly. It emerged as a contingency plan for a ransomware affiliate when their attempt to deploy LockBit was thwarted …

New 3AM Ransomware Emerges as LockBit Attack Fallback Read More »

A newly identified cyber threat known as the “WiKI-Eve” attack has raised significant concerns by exploiting vulnerabilities in modern WiFi routers, allowing malicious actors to intercept smartphone transmissions and accurately deduce numerical keystrokes, with success rates reaching up to 90%. This security breach hinges on the exploitation of Beamforming Feedback Information (BFI), a feature introduced …

WiKI-Eve Attack: Stealing Numeric Passwords Over WiFi Reveals Alarming Vulnerabilities Read More »

In a concerning development, a significant phishing campaign has emerged on Facebook Messenger, posing a grave threat to approximately 100,000 business accounts each week. Malicious actors have strategically employed a vast network of fake and compromised Facebook profiles to disseminate millions of Messenger phishing messages, carrying password-stealing malware with devastating consequences. These cybercriminals employ cunning …

Facebook Messenger Phishing Wave Targets 100K Business Accounts Weekly Read More »

A fresh malvertising campaign has emerged, distributing an updated iteration of macOS stealer malware named Atomic Stealer (or AMOS). This development suggests active maintenance by the malware’s author. Atomic Stealer, a readily available Golang malware offered at a monthly rate of $1,000, first came to attention in April 2023. Subsequently, new variants, equipped with an …

Warning for Mac Users: Malvertising Campaign Distributes Atomic Stealer macOS Malware Read More »

Recent research has unveiled a cunning method that malicious actors could employ to circumvent endpoint security solutions by manipulating the Windows Container Isolation Framework. Deep Instinct security researcher Daniel Avinoam presented these findings at the DEF CON security conference, which took place earlier this month. Microsoft’s container architecture, including Windows Sandbox, utilizes a dynamically generated …

Hackers Exploit Windows Container Isolation Framework to Evade Endpoint Security Read More »

A recently disclosed high-severity security flaw in the WinRAR utility has been successfully addressed, reducing the risk of hackers gaining control of Windows systems through remote code execution. Identified as CVE-2023-40477, this vulnerability, carrying a CVSS score of 7.8, was the result of improper validation when processing recovery volumes. The Zero Day Initiative (ZDI) elaborated …

WinRAR Vulnerability Patched to Prevent Remote Code Execution Read More »

The banking and logistics industries are facing a renewed threat from a revamped version of the malware known as Chaes. This evolved variant has undergone significant changes, including a complete rewrite in Python to evade traditional defense systems and a comprehensive redesign with an improved communication protocol. Chaes, which initially surfaced in 2020, is notorious …

New Python Variant of Chaes Malware Targets Banking and Logistics Sectors Read More »

A fresh variant of the Mirai malware botnet has emerged, infecting low-cost Android TV set-top boxes commonly used for media streaming by millions of users. Dr. Web’s antivirus team has identified this trojan as a new iteration of the ‘Pandora’ backdoor, which initially surfaced in 2015. The primary focus of this campaign is on economical …

New Mirai Variant Targets Low-Cost Android TV Boxes for DDoS Attacks Read More »

Microsoft has confirmed that the Storm-0558 Chinese hacker group successfully obtained a signing key, which they later used to infiltrate government email accounts, by exploiting a Microsoft engineer’s corporate account. The compromised signing key led to unauthorized access to Exchange Online and Azure Active Directory (AD) accounts in approximately two dozen organizations, including prominent U.S. …

Hackers Steal Microsoft Signing Key from Windows Crash Dump Read More »

In a concerning development, threat actors have been observed targeting inadequately secured Microsoft SQL (MS SQL) servers to execute attacks involving the deployment of Cobalt Strike and a ransomware strain known as FreeWorld. The cybersecurity firm Securonix has labeled this campaign as DB#JAMMER, noting its distinctiveness in terms of the toolset and infrastructure employed. Security …

Cyber Threat Actors Exploiting Vulnerable Microsoft SQL Servers for FreeWorld Ransomware Attacks Read More »

The cyber threat landscape has been recently shaken by the emergence of SapphireStealer, an open-source .NET-based information-stealing malware. This insidious malware is becoming a tool of choice for various malicious entities looking to bolster their capabilities and create customized versions to suit their nefarious purposes. This type of malware specializes in pilfering sensitive information, including …

SapphireStealer Malware: Unveiling a Gateway to Espionage and Ransomware Operations Read More »

A group of researchers from the University of Wisconsin-Madison has recently uncovered a potential security risk within Google Chrome extensions. They have developed a proof-of-concept extension, available on the Chrome Web Store, capable of extracting plaintext passwords from a website’s source code. Upon scrutinizing the text input fields in web browsers, the researchers identified that …

Security Vulnerability in Chrome Extensions: Plain Text Passwords at Risk Read More »

A recently emerged iteration of the DreamBus botnet malware is capitalizing on a critical remote code execution vulnerability present in RocketMQ servers, thereby compromising various devices. This exploited vulnerability, identified as CVE-2023-33246, is characterized by a permission verification lapse that affects RocketMQ version 5.1.0 and earlier. The flaw permits attackers to execute remote commands under …

New DreamBus Malware Variant Exploits RocketMQ Vulnerability to Infect Servers Read More »

Sourcegraph, an AI-powered coding platform, has recently confirmed a breach of its website resulting from the unintended exposure of a site-admin access token. This security lapse occurred on July 14th, but its exploitation by an attacker took place on August 28th, ultimately leading to unauthorized access and the creation of a new site-admin account on …

Sourcegraph Website Breach Traced to Leaked Admin Access Token Read More »

The “Classiscam” fraud-as-a-service operation has significantly expanded its global reach, encompassing a broader range of brands, industries, and countries. This expansion has resulted in heightened financial losses compared to previous instances. In a manner reminiscent of ransomware-as-a-service endeavors, this operation, active on Telegram, collaborates with affiliates who utilize phishing kits to craft counterfeit advertisements and …

Expansion of “Classiscam” Fraud-as-a-Service: Banks and 251 Brands Targeted Read More »

The period during which ransomware threat actors remain undetected within compromised networks has shortened significantly, with the median dwell time dropping from nine days in 2022 to just five days in the first half of this year. According to data from cybersecurity firm Sophos, the overall median dwell time for all cyberattacks was eight days …

Ransomware Attackers Reduce Dwell Time to 5 Days, RDP Still Prevalent Read More »

Microsoft has uncovered a novel hacking group, dubbed Flax Typhoon, which appears to be targeting government agencies, education institutions, critical manufacturing facilities, and information technology organizations, presumably for espionage purposes. In a distinct approach, this threat actor relies minimally on malware to infiltrate and maintain control over victim networks. Instead, they harness existing components within …

Microsoft Identifies Flax Typhoon Hackers Leveraging LOLBins for Stealthy Operations Read More »

The Rhysida ransomware group has asserted its involvement in a significant cyberattack on Prospect Medical Holdings, purporting to have acquired 500,000 social security numbers, confidential corporate materials, and patient records. The attack, believed to have transpired on August 3rd, led to the emergence of ransom notes on employee screens, disclosing that their network had been …

Rhysida Claims Responsibility for Ransomware Attack on Prospect Medical and Threatens Data Sale Read More »

A significant security lapse has come to light involving thousands of Openfire servers, leaving them exposed to a takeover threat via CVE-2023-32315. This actively exploited path traversal vulnerability enables unauthorized users to establish new admin accounts, posing a severe risk. Openfire, a widely utilized Java-based open-source chat (XMPP) server boasting 9 million downloads, has become …

Vulnerable Openfire Servers: A Threat to Over 3,000 Instances Read More »

The operators behind the Smoke Loader botnet have unleashed a new strain of malware known as Whiffy Recon, leveraging WiFi scanning and Google’s geolocation API to pinpoint the whereabouts of infected devices. Google’s geolocation API is a service that processes HTTPS requests containing WiFi access point data, returning precise latitude and longitude coordinates even for …

Whiffy Recon Malware: Exploiting WiFi for Location Triangulation Read More »

The Federal Bureau of Investigation (FBI) has issued a warning regarding the ongoing vulnerability of Barracuda Email Security Gateway (ESG) appliances, even after patches were released to address a critical remote command injection flaw. The agency stated that the patches provided by Barracuda have proven to be ‘ineffective,’ as attackers continue to compromise patched appliances. …

FBI Alert: Barracuda ESG Appliances Remain Vulnerable Despite Patch Efforts Read More »

The Discord.io custom invite service has temporarily shut down after suffering a data breach exposing the information of 760,000 members. Discord.io is not an official Discord site but a third-party service allowing server owners to create custom invites to their channels. Most of the community was built around the service’s Discord server, with over 14,000 …

Discord.io Confirms Breach after Hacker Steals Data of 760K Users Read More »

The developers of Raccoon Stealer information-stealing malware have ended their 6-month hiatus from hacker forums to promote a new 2.3.0 version of the malware to cyber criminals. Raccoon is one of the most well-known and widely used information-stealing malware families, having been around since 2019, sold via a subscription model for $200/month to threat actors. …

Raccoon Stealer Malware Returns with New Stealthier Version Read More »

CISA is warning that a critical Citrix ShareFile secure file transfer vulnerability tracked as CVE-2023-24489 is being targeted by unknown actors and has added the flaw to its catalog of known security flaws exploited in the wild. Citrix ShareFile (also known as Citrix Content Collaboration) is a managed file transfer SaaS cloud storage solution that …

CISA Warns of Critical Citrix ShareFile Flaw Exploited in The Wild Read More »

The Clop ransomware gang has once again altered extortion tactics and is now using torrents to leak data stolen in MOVEit attacks. Starting on May 27th, the Clop ransomware gang launched a wave of data-theft attacks exploiting a zero-day vulnerability in the MOVEit Transfer secure file transfer platform. Exploiting this zero-day allowed the threat actors …

Clop Ransomware now Uses Torrents to Leak Data and Evade Takedowns Read More »