The previous week, Google put out an emergency security fix for its browser, and today, the company rolled out another emergency security update to address a vulnerability that is being exploited in the wild.The update is now available for desktop versions of Google Chrome as well as the Android version of Chrome. Users are encouraged […]
The cyber espionage actor tracked as Blind Eagle has been linked to a new multi-stage attack chain that leads to the deployment of the NjRAT remote access trojan on compromised systems. “The group is known for using a variety of sophisticated attack techniques, including custom malware, social engineering tactics, and spear-phishing attacks,” ThreatMon said in […]
Google on Tuesday rolled out emergency fixes to address another actively exploited high-severity zero-day flaw in its Chrome web browser. The flaw, tracked as CVE-2023-2136, is described as a case of integer overflow in Skia, an open source 2D graphics library. Clément Lecigne of Google’s Threat Analysis Group (TAG) has been credited with discovering and […]
Google released the threat horizon report for April 2023, which showed multiple methods used by threat actors for evading security systems. Google’s Cybersecurity Action Team (GCAT) and Mandiant researched a list of techniques and methods used by threat actors over the period for penetrating the environments and other malicious activities. Cloud-Hosted Encrypted ZIP Files Evading […]
The Pakistan-based advanced persistent threat (APT) actor known as Transparent Tribe used a two-factor authentication (2FA) tool used by Indian government agencies as a ruse to deliver a new Linux backdoor called Poseidon. “Poseidon is a second-stage payload malware associated with Transparent Tribe,” Uptycs security researcher Tejaswini Sandapolla said in a technical report published this […]
Before you rush to buy new hardware, try these simple tricks to get your machine up to speed again – and keep it that way.
U.K. and U.S. cybersecurity and intelligence agencies have warned of Russian nation-state actors exploiting now-patched flaws in networking equipment from Cisco to conduct reconnaissance and deploy malware against select targets. The intrusions, per the authorities, took place in 2021 and targeted a small number of entities in Europe, U.S. government institutions, and about 250 Ukrainian […]
An Iranian government-backed actor known as Mint Sandstorm has been linked to attacks aimed at critical infrastructure in the U.S. between late 2021 to mid-2022. “This Mint Sandstorm subgroup is technically and operationally mature, capable of developing bespoke tooling and quickly weaponizing N-day vulnerabilities, and has demonstrated agility in its operational focus, which appears to […]
According to information provided by MalwareHunterTeam, the LockBit ransomware gang is purportedly working on a new kind of malware that is capable of encrypting data on Apple macOS. Since LockBit has traditionally concentrated on Linux and Windows devices, this would be the first time the malware would target Mac computers specifically. The ransomware firm is […]
WhatsApp, owned by Meta, has threatened to quit the United Kingdom in the event that the government adopts the Online Safety Bill, claiming that the bill would effectively remove its encryption mechanisms. The firm, along with its competitor company Signal and five other applications, said that, in the event that the bill is signed into […]
NCR, a major player in the US payments industry, admitted it was a target of a ransomware attack for which the BlackCat/Alphv group claimed responsibility. On April 12, NCR revealed that it was looking into an “issue” with its Aloha restaurant point-of-sale (PoS) system. The business announced an outage at a single data center had […]
Cybersecurity researchers have detailed the inner workings of a highly evasive loader named “in2al5d p3in4er” (read: invalid printer) that’s used to deliver the Aurora information stealer malware. “The in2al5d p3in4er loader is compiled with Embarcadero RAD Studio and targets endpoint workstations using advanced anti-VM (virtual machine) technique,” cybersecurity firm Morphisec said in a report shared […]
h A new Android malware strain named Goldoson has been detected in the official Google Play Store spanning more than 60 legitimate apps that collectively have over 100 million downloads. An additional eight million installations have been tracked through ONE store, a leading third-party app storefront in South Korea. The rogue component is part of […]
The Iranian threat actor known as MuddyWater is continuing its time-tested tradition of relying on legitimate remote administration tools to commandeer targeted systems. While the nation-state group has previously employed ScreenConnect, RemoteUtilities, and Syncro, a new analysis from Group-IB has revealed the adversary’s use of the SimpleHelp remote support software in June 2022. MuddyWater, active […]
Researchers from Google’s Threat Analysis Group (TAG) presented their findings in the company’s Threat Horizons Report. Their findings showed that the hacking group APT41 was misusing the GC2 red teaming tool in its attacks. GC2, also known as Google Command and Control, is an open-source project that was built specifically for red teaming operations. It […]
After being targeted by a spate of ransomware attacks, NCR’s Aloha point of sale platform is now unavailable due to the incident. The BlackCat/ALPHV gang has taken credit for the attack. NCR is an American software and technology consultancy firm that specializes in providing restaurants, enterprises, and retailers with solutions for digital banking, point-of-sale (POS) […]
A new QBot malware campaign is leveraging hijacked business correspondence to trick unsuspecting victims into installing the malware, new findings from Kaspersky reveal. The latest activity, which commenced on April 4, 2023, has primarily targeted users in Germany, Argentina, Italy, Algeria, Spain, the U.S., Russia, France, the U.K., and Morocco. QBot (aka Qakbot or Pinkslipbot) […]
A new strain of malware developed by threat actors likely affiliated with the FIN7 cybercrime group has been put to use by the members of the now-defunct Conti ransomware gang, indicating collaboration between the two crews. The malware, dubbed Domino, is primarily designed to facilitate follow-on exploitation on compromised systems, including delivering a lesser-known information […]
A Chinese nation-state group targeted an unnamed Taiwanese media organization to deliver an open source red teaming tool known as Google Command and Control (GC2) amid broader abuse of Google’s infrastructure for malicious ends. The tech giant’s Threat Analysis Group (TAG) attributed the campaign to a threat actor it tracks under the geological and geographical-themed […]
Threat actors associated with the Vice Society ransomware gang have been observed using a bespoke PowerShell-based tool to fly under the radar and automate the process of exfiltrating data from compromised networks. “Threat actors (TAs) using built-in data exfiltration methods like [living off the land binaries and scripts] negate the need to bring in external […]
A novel credential-stealing malware called Zaraza bot is being offered for sale on Telegram while also using the popular messaging service as a command-and-control (C2). “Zaraza bot targets a large number of web browsers and is being actively distributed on a Russian Telegram hacker channel popular with threat actors,” cybersecurity company Uptycs said in a […]